We prove the existence of a flaw which we individuated in the design of the object-independent authorization protocol (OIAP), which represents one of the building blocks of the trusted platform module (TPM), the core of the trusted computing platforms (TPs) as devised by the trusted computing group (TCG) standards. In particular, we prove, also with the support of a model checker, that the protocol is exposed to replay attacks, which could be used for compromising the correct behavior of a TP We also propose a countermeasure to undertake in order to avoid such an attack as well as any replay attacks to the aforementioned protocol
Replay attack in TCG specification and solution / D. Bruschi, L. Cavallaro, A. Lanzi, M. Monga - In: Proceedings [of the] 21st Annual Computer Security Applications Conference : 5-9 December, 2005, Tucson, ArizonaLos Alamitos : IEEE Computer Society, 2005. - ISBN 0769524613. - pp. 127-137 (( Intervento presentato al 21. convegno Annual Computer Security Applications Conference tenutosi a Tucson, AZ, USA nel 2005 [10.1109/CSAC.2005.47].
Replay attack in TCG specification and solution
D. BruschiPrimo
;L. CavallaroSecondo
;A. LanziPenultimo
;M. MongaUltimo
2005
Abstract
We prove the existence of a flaw which we individuated in the design of the object-independent authorization protocol (OIAP), which represents one of the building blocks of the trusted platform module (TPM), the core of the trusted computing platforms (TPs) as devised by the trusted computing group (TCG) standards. In particular, we prove, also with the support of a model checker, that the protocol is exposed to replay attacks, which could be used for compromising the correct behavior of a TP We also propose a countermeasure to undertake in order to avoid such an attack as well as any replay attacks to the aforementioned protocol
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
