Danbury/TXT TPM interface
Andy, my sincere apologies if you are already aware of this information.
>>>
Computer Scientists at Princeton University have shown some very easy and creative methods to hack cryptographic key material with physical access to an encrypted machine. Watch the video embedded below to find out how existing technology is really vulnerable against Cold Boot Attacks on Encryption Keys.
All you need is a Duster spray can, if that, to cool the DRAM and extract the keys. The paper published along with the video clearly outlines techniques for finding keys residing in memory.The really cool part is that this technique doesn't really hack into the encryption directly. Rather, it depends on scanning the encryption keys by accessing the contents of the RAM and then extracting the data either by directly tampering with the RAM or by simply booting the computer from a USB drive. You can also read the industry response and more details on these findings in the news.com article.
It is not all bad news ... Intel is planning on releasing a technology code named “Danbury” which drastically reduces exposure to the Cold boot attacks. Danbury uses dedicated platform hardware to provide full disk encryption and the actual data encryption keys are not kept in the DRAM. Although, Intermediate, or ‘wrapping’, keys used to unlock data encryption keys are stored in DRAM temporarily, when the user is physically present or while remote IT operation has control of the platform. These keys are subsequently deleted once no longer needed, thus reducing the exposure significantly.
I am also very happy to announce that Danbury SDK that can leveraged by software vendors to enhance encryption software will be made on the manageability developer community later this year. If you are interested to find out more about this technology or are interested in developing encryption software using this technology then feel free to leave a comment on this post.
<<<
http://softwareblogs.intel.com/2008/02/28/use-duster-spray-can-to-hack-the-disk-encryption-keys/
I presently believe that the Danbury SDK will sit on top of the TXT Safer Mode Extensions (SMX) which is a low-level interface to the TPM.
<<<
1. Overview
Intel’s technology for safer computing, Intel® Trusted Execution Technology (Intel® TXT), defines platform-level enhancements that provide the building blocks for creating trusted platforms.
Whenever the word trust is used, there must be a definition of who is doing the trusting and what is being trusted. This enhanced platform helps to provide the authenticity of the controlling environment such that those wishing to rely on the platform can make an appropriate trust decision. The enhanced platform determines the identity of the controlling environment by accurately measuring the controlling software (see Section 1.1).
Another aspect of the trust decision is the ability of the platform to resist attempts to change the controlling environment. The enhanced platform will resist attempts by software processes to change the controlling environment or bypass the bounds set by
the controlling environment.
What is the controlling environment for this enhanced platform? The platform is a set of extensions designed to provide a measured and controlled launch of system software that will then establish a protected environment for itself and any additional
software that it may execute.
These extensions enhance two areas:
• The launching of the Measured Launched Environment (MLE)
• The protection of the MLE from potential corruption
The enhanced platform provides these launch and control interfaces using Safer Mode Extensions (SMX).
----
1.8 TPM Usage
Intel® TXT makes extensive use of the Trusted Platform Module (TPM) defined by the Trusted Computing Group (TCG) in the TCG TPM Specification, Version 1.2. The TPM provides a repository for measurements and the mechanisms to make use of the measurements. The system makes use of the measurements to both report the current platform configuration and to provide long-term protection of sensitive information.
The TPM stores measurements in Platform Configuration Registers (PCRs). PCRs provide a storage area that allows an unlimited number of measurements in a fixed amount of space. They provide this feature by an inherent property of cryptographic hashes. Outside entities never write directly to a PCR register, they “extend” PCR contents. The extend operation takes the current value of the PCR, appends the new value, performs a cryptographic hash on the combined value, and the hash result is the new PCR value. One of the properties of cryptographic hashes is that they are order dependent. This means hashing A then B produces a different result from hashing B then A. This ordering property allows the PCR contents to indicate the order of measurements.
Sending measurement values from the measuring agent to the TPM is a critical platform task. The Dynamic Root of Trust for Measurement (DRTM) requires specific messages to flow from the DRTM to the TPM. The Intel® TXT DRTM is the GETSEC[SENTER] instruction and the system ensures GETSEC[SENTER] has special messages to communicate to the TPM. These special messages take advantage of TPM localities 3 and 4 to protect the messages and inform the TPM that GETSEC[SENTER] is sending the messages.
<<<
http://download.intel.com/technology/security/downloads/31516804.pdf
etc.
Regards
SL
| 