a replay attack in the tcg specification and a solution
play

A Replay Attack in the TCG Specification and a Solution Danilo - PowerPoint PPT Presentation

May 16, 2023 •187 likes •579 views

Trusted Computing Platforms Replay Attack Model Checking Proposed Solution Conclusion and Future Works A Replay Attack in the TCG Specification and a Solution Danilo Bruschi Lorenzo Cavallaro Andrea Lanzi Mattia Monga Universit` a degli

  1. Trusted Computing Platforms Replay Attack Model Checking Proposed Solution Conclusion and Future Works A Replay Attack in the TCG Specification and a Solution Danilo Bruschi Lorenzo Cavallaro Andrea Lanzi Mattia Monga Universit` a degli Studi di Milano Dipartimento di Informatica e Comunicazione { bruschi, sullivan, andrew, monga } @security.dico.unimi.it Annual Computer Security Applications Conference 2005 D. Bruschi, L. Cavallaro, A. Lanzi and M. Monga A Replay Attack in the TCG Specification and a Solution

  2. Trusted Computing Platforms Replay Attack Model Checking Proposed Solution Conclusion and Future Works Table of Contents 1 Trusted Computing Platforms Authorization Protocols 2 Replay Attack Attack Schema 3 Model Checking 4 Proposed Solution 5 Conclusion and Future Works D. Bruschi, L. Cavallaro, A. Lanzi and M. Monga A Replay Attack in the TCG Specification and a Solution

  3. Trusted Computing Platforms Replay Attack Model Checking Authorization Protocols Proposed Solution Conclusion and Future Works Trusted Computing Platforms What are they? According to the Trusted Computing Group (TCG) Specification, a Trusted Computing Platform (TP) is a Computing Platforms with built-in trusted hardware components endorsed by trusted third parties These components, called Roots of Trust , provide secure services such as secure boot software integrity checking digital signatures . . . D. Bruschi, L. Cavallaro, A. Lanzi and M. Monga A Replay Attack in the TCG Specification and a Solution

  4. Trusted Computing Platforms Replay Attack Model Checking Authorization Protocols Proposed Solution Conclusion and Future Works TCG-based Trusted Computing Platforms Roots of Trust Components A TP is composed by two main trusted hardware components Core Root of Trust for Measurement (CRTM) It starts the initial integrity check of every hardware and software components Trusted Platform Module (TPM) It provides cryptographic and protected storage facilities D. Bruschi, L. Cavallaro, A. Lanzi and M. Monga A Replay Attack in the TCG Specification and a Solution

  5. Trusted Computing Platforms Replay Attack Model Checking Authorization Protocols Proposed Solution Conclusion and Future Works TCG-based Trusted Computing Platforms Main Functionalities Identity : any TP has an identity that cannot be forged Measurement : a TP can compute a complete integrity check of its software and hardware components Protected Storage : a TP can provide protection to sensitive data (i.e., passwords, cryptographic keys, passphrases, . . . ) D. Bruschi, L. Cavallaro, A. Lanzi and M. Monga A Replay Attack in the TCG Specification and a Solution

  6. Trusted Computing Platforms Replay Attack Model Checking Authorization Protocols Proposed Solution Conclusion and Future Works Authorization Protocols General Concepts Every time Alice wants to use a TPM-protected resource, she needs to use an Authorization Protocol . Thus, she must know the secret bound to the resource provide a proof of this knowledge to the TPM, during an existing authorization session ⇒ Authorization Protocols manage authorization sessions and verify subject’s clearances for this purpose D. Bruschi, L. Cavallaro, A. Lanzi and M. Monga A Replay Attack in the TCG Specification and a Solution

  7. Trusted Computing Platforms Replay Attack Model Checking Authorization Protocols Proposed Solution Conclusion and Future Works Authorization Protocols Existing Authorization Protocols The TCG Specification defines two main Authorization Protocols Object-Independent Authorization Protocol (OIAP) A command can potentially be issued several times, in a single authorization session, acting on different protected resources Object-Specific Authorization Protocol (OSAP) Different commands can potentially be issued several times, in a single authorization session, acting on the same protected resource D. Bruschi, L. Cavallaro, A. Lanzi and M. Monga A Replay Attack in the TCG Specification and a Solution

  8. Trusted Computing Platforms Replay Attack Model Checking Authorization Protocols Proposed Solution Conclusion and Future Works Authorization Protocols Protocol Threats and Countermeasures According to the TCG Specification, Authorization Protocols have been designed in order to prevent the following threats Replay Attack ⇒ use of pseudo-random numbers, nonces , to provide a freshness property Packet Mangling Attack ⇒ use of HMAC to provide authentication and integrity D. Bruschi, L. Cavallaro, A. Lanzi and M. Monga A Replay Attack in the TCG Specification and a Solution

  9. Trusted Computing Platforms Replay Attack Model Checking Authorization Protocols Proposed Solution Conclusion and Future Works Object-Independent Authorization Protocol A Simple Protocol Sketch Alice� TPM� TPM_OIAP()� ACK(SessionHandle1, NonceEven1)� CMD(SessionHandle1, NonceEven1, NonceOdd1)� ANS(SessionHandle1, NonceEven2, NonceOdd1)� D. Bruschi, L. Cavallaro, A. Lanzi and M. Monga A Replay Attack in the TCG Specification and a Solution

  10. Trusted Computing Platforms Replay Attack Model Checking Authorization Protocols Proposed Solution Conclusion and Future Works Object-Independent Authorization Protocol A Simple Protocol Sketch Alice� TPM� TPM_OIAP()� SH_1� ACK(SessionHandle1, NonceEven1)� CMD(SessionHandle1, NonceEven1, NonceOdd1)� ANS(SessionHandle1, NonceEven2, NonceOdd1)� D. Bruschi, L. Cavallaro, A. Lanzi and M. Monga A Replay Attack in the TCG Specification and a Solution

  11. Trusted Computing Platforms Replay Attack Model Checking Authorization Protocols Proposed Solution Conclusion and Future Works Object-Independent Authorization Protocol A Simple Protocol Sketch Alice� TPM� TPM_OIAP()� SH_1� ACK(SessionHandle1, NonceEven1)� SH_1� CMD(SessionHandle1, NonceEven1, NonceOdd1)� ANS(SessionHandle1, NonceEven2, NonceOdd1)� D. Bruschi, L. Cavallaro, A. Lanzi and M. Monga A Replay Attack in the TCG Specification and a Solution

  12. Trusted Computing Platforms Replay Attack Model Checking Authorization Protocols Proposed Solution Conclusion and Future Works Object-Independent Authorization Protocol A Simple Protocol Sketch Alice� TPM� TPM_OIAP()� SH_1� ACK(SessionHandle1, NonceEven1)� SH_1� CMD(SessionHandle1, NonceEven1, NonceOdd1)� ANS(SessionHandle1, NonceEven2, NonceOdd1)� D. Bruschi, L. Cavallaro, A. Lanzi and M. Monga A Replay Attack in the TCG Specification and a Solution

  13. Trusted Computing Platforms Replay Attack Model Checking Authorization Protocols Proposed Solution Conclusion and Future Works Object-Independent Authorization Protocol A Simple Protocol Sketch Alice� TPM� TPM_OIAP()� SH_1� ACK(SessionHandle1, NonceEven1)� SH_1� CMD(SessionHandle1, NonceEven1, NonceOdd1)� ANS(SessionHandle1, NonceEven2, NonceOdd1)� D. Bruschi, L. Cavallaro, A. Lanzi and M. Monga A Replay Attack in the TCG Specification and a Solution

  14. Trusted Computing Platforms Replay Attack Model Checking Attack Schema Proposed Solution Conclusion and Future Works Replay Attack OIAP Feature Leveraged by the Attack According to the TCG Specification, an authorization session is kept open indefinitely by a TPM, unless an erroneous message is received on an existing authorization session, i.e., wrong command arguments or invalid HMAC. D. Bruschi, L. Cavallaro, A. Lanzi and M. Monga A Replay Attack in the TCG Specification and a Solution

  15. Trusted Computing Platforms Replay Attack Model Checking Attack Schema Proposed Solution Conclusion and Future Works Message Storing Phase Alice� Mallory� TPM� TPM_OIAP()� TPM_OIAP()� ACK(SessionHandle1, NonceEven1)� ACK(SessionHandle1, NonceEven1)� CMD(SessionHandle1, NonceEven1, NonceOdd1)� ANS(SessionHandle1, NonceEven2, NonceOdd1, "reset")� D. Bruschi, L. Cavallaro, A. Lanzi and M. Monga A Replay Attack in the TCG Specification and a Solution

  16. Trusted Computing Platforms Replay Attack Model Checking Attack Schema Proposed Solution Conclusion and Future Works Message Storing Phase Alice� Mallory� TPM� TPM_OIAP()� TPM_OIAP()� SH_1� ACK(SessionHandle1, NonceEven1)� ACK(SessionHandle1, NonceEven1)� CMD(SessionHandle1, NonceEven1, NonceOdd1)� ANS(SessionHandle1, NonceEven2, NonceOdd1, "reset")� D. Bruschi, L. Cavallaro, A. Lanzi and M. Monga A Replay Attack in the TCG Specification and a Solution

  17. Trusted Computing Platforms Replay Attack Model Checking Attack Schema Proposed Solution Conclusion and Future Works Message Storing Phase Alice� Mallory� TPM� TPM_OIAP()� TPM_OIAP()� SH_1� ACK(SessionHandle1, NonceEven1)� ACK(SessionHandle1, NonceEven1)� SH_1� CMD(SessionHandle1, NonceEven1, NonceOdd1)� ANS(SessionHandle1, NonceEven2, NonceOdd1, "reset")� D. Bruschi, L. Cavallaro, A. Lanzi and M. Monga A Replay Attack in the TCG Specification and a Solution

  18. Trusted Computing Platforms Replay Attack Model Checking Attack Schema Proposed Solution Conclusion and Future Works Message Storing Phase Alice� Mallory� TPM� TPM_OIAP()� TPM_OIAP()� SH_1� ACK(SessionHandle1, NonceEven1)� ACK(SessionHandle1, NonceEven1)� SH_1� CMD(SessionHandle1, NonceEven1, NonceOdd1)� ANS(SessionHandle1, NonceEven2, NonceOdd1, "reset")� D. Bruschi, L. Cavallaro, A. Lanzi and M. Monga A Replay Attack in the TCG Specification and a Solution

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

NFC Payments: The Art of Relay & Replay Attacks Who are we? Troopers 2018? NFC

NFC Payments: The Art of Relay & Replay Attacks Who are we? Troopers 2018? NFC

NFC Payments: The Art of Relay & Replay Attacks Who are we? Troopers 2018? NFC Replay/Relay @Netxing @L_AGalloway Content Terminology Replay Attack Intro to NFC Relay Attack EMV Flow Process Extracting

1.09k views • 65 slides
The Replay-Mobile Face Presentation-Attack Database Conference Paper September 2016 DOI:

The Replay-Mobile Face Presentation-Attack Database Conference Paper September 2016 DOI:

See discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/308795497 The Replay-Mobile Face Presentation-Attack Database Conference Paper September 2016 DOI: 10.1109/BIOSIG.2016.7736936

328 views • 8 slides
Do you have to reproduce the bug on the first replay attempt? PRES: Probabilistic Replay with

Do you have to reproduce the bug on the first replay attempt? PRES: Probabilistic Replay with

Do you have to reproduce the bug on the first replay attempt? PRES: Probabilistic Replay with Execution Sketching on Multiprocessors Soyeon Park , Yuanyuan Zhou University of California, San Diego Weiwei Xiong, Zuoning Yin, Rini Kaushik, Kyu H.

749 views • 29 slides
February 7, 2020 Commonwealth Credit Review Replay Information Please note that a replay of the

February 7, 2020 Commonwealth Credit Review Replay Information Please note that a replay of the

The Commonwealth of Massachusetts Bond Financing Programs February 7, 2020 Commonwealth Credit Review Replay Information Please note that a replay of the investor broadcast associated with the following slides is available. The replay can be

854 views • 34 slides
November 13, 2020 Commonwealth Credit Review Replay Information Please note that a replay of the

November 13, 2020 Commonwealth Credit Review Replay Information Please note that a replay of the

The Commonwealth of Massachusetts Bond Financing Programs November 13, 2020 Commonwealth Credit Review Replay Information Please note that a replay of the investor broadcast associated with the following slides is available. The replay can be

436 views • 28 slides
June 5, 2020 Commonwealth Credit Review Replay Information Please note that a replay of the

June 5, 2020 Commonwealth Credit Review Replay Information Please note that a replay of the

The Commonwealth of Massachusetts Bond Financing Programs June 5, 2020 Commonwealth Credit Review Replay Information Please note that a replay of the investor broadcast associated with the following slides is available. The replay can be

716 views • 33 slides
2019 NFHS FOOTBALL RULES CHANGES POSTSEASON INSTANT REPLAY RULES 1-3-7 NOTE (NEW), TABLE 1-7

2019 NFHS FOOTBALL RULES CHANGES POSTSEASON INSTANT REPLAY RULES 1-3-7 NOTE (NEW), TABLE 1-7

2019 NFHS FOOTBALL RULES CHANGES POSTSEASON INSTANT REPLAY RULES 1-3-7 NOTE (NEW), TABLE 1-7 1-3-7 NOTE (NEW) By adoption, state associations may create instant replay procedures that permit game or replay officials to use a replay

716 views • 40 slides
A solution for the DNS amplification attack problem July 4 th , 2013 Context Spamhaus was

A solution for the DNS amplification attack problem July 4 th , 2013 Context Spamhaus was

Ralph Dolmans A solution for the DNS amplification attack problem July 4 th , 2013 Context Spamhaus was attacked with 300Gbps Every day attacks are getting bigger Sites can be held hostage, banks cannot talk Global problem, the end

409 views • 23 slides
Capture-Replay Tests in J2ME Testy capture-replay w rodowisku J2ME Marcin Zduniak Bartosz

Capture-Replay Tests in J2ME Testy capture-replay w rodowisku J2ME Marcin Zduniak Bartosz

Capture-Replay Tests in J2ME Testy capture-replay w rodowisku J2ME Marcin Zduniak Bartosz Walter Dawid Weiss Institute of Computing Science Poznan University of Technology 2007 Participants Motivation RobotME Summary Who is who

806 views • 53 slides
Searching Often we are not given an algorithm to solve a problem, but only a specification of

Searching Often we are not given an algorithm to solve a problem, but only a specification of

Searching Often we are not given an algorithm to solve a problem, but only a specification of what is a solution we have to search for a solution. Search is a way to implement dont know nondeterminism. So far we have seen how

222 views • 8 slides
Earnings Presentation Year ended December 2019 Replay Replay passcode 6 March 2020 0207 136

Earnings Presentation Year ended December 2019 Replay Replay passcode 6 March 2020 0207 136

Earnings Presentation Year ended December 2019 Replay Replay passcode 6 March 2020 0207 136 9233 96348337# 0800 032 9687 10:30 GMT Confidential Disclaimer This presentation has been prepared by NewDay Cards Limited on behalf of NewDay

303 views • 27 slides
Earnings Presentation Quarter ended March 2020 Replay Replay passcode 7 May 2020 0207 136 9233

Earnings Presentation Quarter ended March 2020 Replay Replay passcode 7 May 2020 0207 136 9233

Earnings Presentation Quarter ended March 2020 Replay Replay passcode 7 May 2020 0207 136 9233 70133577# 0800 032 9687 15:30 GMT Confidential Disclaimer This presentation has been prepared by NewDay Cards Limited on behalf of NewDay Group

524 views • 24 slides
Attack on Traffic Systems These attack examples have happened in the past. We will take an

Attack on Traffic Systems These attack examples have happened in the past. We will take an

From start to finish how a cyber attack would be performed on traffic system, we will go over first day >> exploitation of the device >> the real-world aftermath. Mission Secure, Inc. Attack on Traffic Systems These attack examples

556 views • 18 slides
Earnings Presentation Half year ended June 2020 Replay Replay passcode 5 August 2020 0207 136

Earnings Presentation Half year ended June 2020 Replay Replay passcode 5 August 2020 0207 136

Earnings Presentation Half year ended June 2020 Replay Replay passcode 5 August 2020 0207 136 9233 82715475# 0800 032 9687 10:30 GMT Confidential Disclaimer This presentation has been prepared by NewDay Cards Limited on behalf of NewDay

377 views • 25 slides
A Flight Data Recorder for Enabling Full-system Multiprocessor Deterministic Replay M. Xu

A Flight Data Recorder for Enabling Full-system Multiprocessor Deterministic Replay M. Xu

A Flight Data Recorder for Enabling Full-system Multiprocessor Deterministic Replay M. Xu et al., ISCA 03 Slides by Bin Xin for CS590F Spring 2007 Overview Faithful replay of execution essential for debugging Non-determinism

343 views • 23 slides
Solution to ensure TPM resistance to offline dictionary attack Liqun Chen Mark D. Ryan HP Labs,

Solution to ensure TPM resistance to offline dictionary attack Liqun Chen Mark D. Ryan HP Labs,

Solution to ensure TPM resistance to offline dictionary attack Liqun Chen Mark D. Ryan HP Labs, Bristol HP Labs, Bristol University of Birmingham Future of Trust 2008 June 2008 The Trusted Platform Module A hardware chip currently

473 views • 19 slides
Integrated Eligibility & Enrollment Cory Gustafson, Commissioner, DVHA Cass Madison , Deputy

Integrated Eligibility & Enrollment Cory Gustafson, Commissioner, DVHA Cass Madison , Deputy

Integrated Eligibility & Enrollment Cory Gustafson, Commissioner, DVHA Cass Madison , Deputy Commissioner, DVHA Sean Brown, Deputy Commissioner, ESD DCF Marcia Schels, ADS Adaline Strumolo, DVHA Policy CMS asked really great questions.

989 views • 74 slides
Integration as Code Mifan Mifan Careem Careem VP - Solutions Architecture, WSO2 VP - Solutions

Integration as Code Mifan Mifan Careem Careem VP - Solutions Architecture, WSO2 VP - Solutions

Integration as Code Mifan Mifan Careem Careem VP - Solutions Architecture, WSO2 VP - Solutions Architecture, WSO2 Mifan Careem, Vice President of Solution Architecture @ WSO2 Oversees Solution Architecture and customer facing

210 views • 18 slides
Kentucky Transportation Cabinet Division of Highway Design Jeremy Gould What is ProjectWise?

Kentucky Transportation Cabinet Division of Highway Design Jeremy Gould What is ProjectWise?

Kentucky Transportation Cabinet Division of Highway Design Jeremy Gould What is ProjectWise? What are the benefits of ProjectWise? How can Utilities benefit from ProjectWise? Future endeavors Live Presentation Document

475 views • 16 slides
webMethods EntireX for ESB: Leveraging Platform and Application Flexibility While Optimizing

webMethods EntireX for ESB: Leveraging Platform and Application Flexibility While Optimizing

December 2008 webMethods EntireX for ESB: Leveraging Platform and Application Flexibility While Optimizing Service Reuse By Chris Pot t inger, S r. Manager Product Development , and Juergen Lind, S r. Product Manager, S oft ware AG With

195 views • 6 slides
UPGRAID Usage-based striPe replicatinG RAID Joseph Naps, Ellen Wagner August 10, 2007 Project

UPGRAID Usage-based striPe replicatinG RAID Joseph Naps, Ellen Wagner August 10, 2007 Project

UPGRAID Joseph Naps, Ellen Wagner UPGRAID Usage-based striPe replicatinG RAID Joseph Naps, Ellen Wagner August 10, 2007 Project Overview UPGRAID Joseph Naps, UPGRAID Partition Ellen Wagner RAID

1.25k views • 109 slides
Model-based approaches for the design of secure e-ID card applications Hans Vangheluwe Mohamed

Model-based approaches for the design of secure e-ID card applications Hans Vangheluwe Mohamed

AdapID workshop 26 September 2006 KU Leuven Model-based approaches for the design of secure e-ID card applications Hans Vangheluwe Mohamed Layouni, Ximeng Sun, Miriam Zia Modelling, Simulation and Design Lab McGill University Stefan

683 views • 29 slides
Setting the Scene Study 1 PI/ Study 2 Study 3- II PIII CRO Integrated Study 2

Setting the Scene Study 1 PI/ Study 2 Study 3- II PIII CRO Integrated Study 2

ICON CD04 - Ensuring Compliant and Consistent Data Mappings for SDTM-based Studies an ICON Approach Jennie Mc Guirk 11 th October 2011 Setting the Scene Study 1 PI/ Study 2 Study 3- II PIII CRO Integrated Study 2 Custom

854 views • 17 slides
Is this the maturation Phase of Vapor Intrusion Investigations? Presenter: Will Elcoate June 27

Is this the maturation Phase of Vapor Intrusion Investigations? Presenter: Will Elcoate June 27

6/27/2012 Is this the maturation Phase of Vapor Intrusion Investigations? Presenter: Will Elcoate June 27 th , 2012 EPA Moves forward with Vapor Intrusion EPA plans to tear down three city businesses Columbus Telegram COLUMBUS The

291 views • 17 slides

More recommend