1. TPM-Fail: TPM meets Timing and Lattice Attacks 2020 Hardware Lattices SideChannels Signatures Usenix
    Daniel Moghimi, Berk Sunar, Thomas Eisenbarth, and Nadia Heninger
    [View PDF on tpm.fail]
    [Show BibTex Citation]

    @article{moghimi2019tpm,
    title={Tpm-fail: TPM meets timing and lattice attacks},
    author={Moghimi, Daniel and Sunar, Berk and Eisenbarth, Thomas and Heninger, Nadia},
    journal={arXiv preprint arXiv:1911.05673},
    year={2019}
    }

Trusted Platform Module (TPM) serves as a hardware-based root of trust that protects cryptographic keys from privileged system and physical adversaries. In this work, we per-form a black-box timing analysis of TPM 2.0 devices deployed on commodity computers. Our analysis reveals thatsome of these devices feature secret-dependent execution times during signature generation based on elliptic curves. In particular, we discovered timing leakage on an Intel firmware-based TPM as well as a hardware TPM. We show how this information allows an attacker to apply lattice techniques torecover 256-bit private keys for ECDSA and EC Schnorr signatures. On Intel fTPM, our key recovery succeeds after about1,300 observations and in less than two minutes. Similarly, weextract the private ECDSA key from a hardware TPM manufactured by STMicroelectronics, which is certified at Common Criteria (CC) EAL 4+, after fewer than 40,000 observations.We further highlight the impact of these vulnerabilities by demonstrating a remote attack against a StrongSwan IPsecVPN that uses a TPM to generate the digital signatures for authentication. In this attack, the remote client recovers the server’s private authentication key by timing only 45,000authentication handshakes via a network connection.The vulnerabilities we have uncovered emphasize the difficulty of correctly implementing known constant-time techniques, and show the importance of evolutionary testing and transparent evaluation of cryptographic implementations.Even certified devices that claim resistance against attacks require additional scrutiny by the community and industry, as we learn more about these attacks.

  1.