TPM-Fail: Keys from TPM chips can be extracted


A team of cryptographers has succeeded in signing off key Extract TPM chips with a side channel attack, Small but measurable timing differences in the signature operations have allowed the attacker to learn information about the private key. The chips come from the company STMicroelectronics and from Intel. The Intel chips are included in modern processors.

Job market

  1. about duerenhoff GmbH, Hamburg
  2. Stadtwerke M√ľnchen GmbH, Munich

TPM chips are present in all modern PCs and partly controversial, since they can also be used to implement protection mechanisms against the will of the user. Despite their spread, the chips are rarely used for critical applications, the effects of the gap should be limited.

Key should be kept safe in the hardware

The chips can be used to generate cryptographic keys that should not be easily extracted from the hardware. But that does not work well, as the attack presented now shows. An attacker who can execute code on the appropriate system can extract such a key within a few minutes using the ECDSA algorithm.

The affected chips had different security certifications. The chips from STMicroelectronics have been tested according to Common Criteria Level EAL4 +. Both chips also meet the FIPS 140-2 exam. Actually, such weaknesses in these certifications should be noticed, but once again this mechanism has failed.

Just recently there was a similar attack on smartcards called Minerva. Also these chips had appropriate certifications.

Please activate Javascript.

Or use that Golem-pur offer

and read

  • without advertisement
  • without tracking
  • with disabled Javascript