Wave Systems’ Response to the Presentation at the Black Hat Conference Concerning TPMs
Earlier this week, an engineer presented findings at the Black Hat Conference purportedly showing how a Trusted Platform Module (TPM) could be physically compromised and the unencrypted code inside accessed. This work is interesting in concept, and actually validates the intended functionality and security model of the TPM. The TPM was designed as a low-cost cryptographic chip for mass market devices to provide protection against software attacks and many hardware attacks. The project presented at Black Hat validates that it would take a skilled researcher many months using expensive equipment to physically hack a single TPM. This would be exceedingly difficult to replicate in a real-world environment.
Turning on and using the TPM chip is one of the single most cost-effective steps for ensuring robust security in the PC. The TPM enables trusted online computing and prevents software-based attacks—the predominant security threat impacting the security industry. At the same time, the TPM also provides a tamper-resistant means to physical security of the PC itself, and has always been billed as such. The Trusted Computing Group has never claimed that a physical attack—given enough time, specialized equipment, know-how and money—was impossible. No form of security can ever be held to that standard. However, as a tamper-resistant, general purpose encryption device for mass manufacturing, TPMs do protect against software and most hardware attacks even when a physical PC is lost or stolen, particularly when a layered security approach is deployed as with industry best practices.
This attack, unlike a software attack, requires the physical possession of the PC. Few individuals in a real-world setting could replicate this hack. In contrast, stealing keys in the operating system should a PC not have a TPM in place, is as easy as downloading readily-available shareware capable of capturing the keys or certificates. The TPM, as designed, offers a robust defense against shareware, as well as more complex software-based attacks. In addition, breaking a single TPM in this manner grants access to one machine — a one-time hack that would need to be physically replicated for every machine, offering no further advantage in accessing the rest of the 300 million TPM chips on PCs around the world. These findings have little bearing on the level of security that customers who are utilizing their TPM chips should expect.