Trusted Platform Module is a cryptographic coprocessor, which implements a predefined set of cryptographic operations, secure key storage, and a set of Platform Configuration Registers (PCRs). In addition, we release a tool which extracts the BitLocker key from the sniffed SPI traffic. In this post, we research a sniffing attack against an SPI interface of Trusted Platform Module (TPM) by using publicly available tools at a reasonable cost. In addition, various attacks based on TPM interface sniffing or DMA have been used to gain access to an encryption key.Įven though the game is typically over if the attacker has unrestricted physical access to a target computer, and I entirely agree with this, how many companies take these types of attacks into account in their threat models? In addition, I think there are still different nuances in how difficult it should be to carry out the required attack – attackers also have a budget. Over time there have been many different physical attacks against full disk encryption, such as Cold Boot attacks that we have previously researched. If this protection method could be compromised without significant effort, it would break the fundamental idea of endpoint protection. It is not only an effective method to protect sensitive data against physical theft, but it also protects data integrity against tampering attacks. Full disk encryption is one of the cornerstones of modern endpoint protection.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |