Don't trust the Trusted Platform Module – it may leak your VPN server's private key (depending on your configuration) Trusted Platform Modules, specialized processors or firmware that protect the cryptographic keys used to secure operating systems, are not entirely trustworthy. Boffins from the Worcester Polytechnic Institute and University of California, San Diego, in the US, and the University of Lübeck in Germany, have found that TPMs …
You're multiplying entities needlessly. It's difficult to do constant-time big-number arithmetic correctly, and the dangers of timing side attacks for ECC were not well-documented until relatively recently. Thus it's probable that most or all of these attacks are accidental.
While well-resourced actors are likely capable of subverting the TPM development process at various OEMs, and certainly wouldn't have any qualms about doing so, these are odd backdoors to choose. They'd be better off backdooring the CPRNG, which is undetectable if done correctly. (Or putting in backdoored ECC curves, except there are users who know to insist on using standard ones.)
And as long as those actors know existing implementations are flawed, there's no reason for them to intervene and risk discovery.
"Boffins from the Worcester Polytechnic Institute and University of California, San Diego, in the US, and the University of Lübeck in Germany". These men and women are doing valuable, difficult, extremely boring work and they deserve respect. This must be weeks and months of grinding away at work that is difficult in terms of the maths and physics and mind-boggling in terms of the amount of trial and error that must be involved. I'm glad that these people exist and that someone pays their tiny academic salary.
Hey - the folks from Whoopie Tech get to work in beautiful Worcester, Massachusetts. (Municipal motto: "Somewhat nicer than Lowell!")
In all seriousness, I agree that it's always good to see people doing the work. (This sort of thing is pretty fun work, in my book, but that doesn't make it less important.) But I don't know that salaries at Worcester Polytechnicl are "tiny", exactly; online sources differ, but it looks like professors average around $110K, which suggests full professors in particular earn a comfortable salary. Cost of housing around Worcester isn't great but isn't as bad as Boston.
Of course graduate students are basically on subsistence pay, even with assistantships and fellowships, but that's true for all US universities.
After all the Trusted Computing Initiative was not about protecting user data but about protecting business models. If it was about making computers safer they would lobby for the elimination of scripting languages in browsers, and the elimination of "Service Mode" features and "security enclaves".
Since they bothered with both naming this vulnerability and designing a logo for people to use in their security presentations, couldn't they have come up with a more creative and marketable name for this vulnerability to put on their CV?
Perhaps naming it by including something spooky like Vaultghost or a backronym like TROVE (TPM recovery of VPN ECDSA)? They both seem more natural sounding and far more marketable than "TPM-FAIL".
Are you sure you're not mistaking Trusted Platform Module for Trusted Execution Enviroment which is part of pretty much every modern processor?
Most modern browser-based DRM schemes are based around using the hidden Trusted Execution Enviroment registers for key exchange/decryption etc. rather than the observable regular CPU registers.
TPMs are still pretty rare in the average user's computer and would probably not make sense to use TPMs for DRM unless companies started shipping TPMs by default with the motherboard even though they can be used for such.
"TPMs are still pretty rare in the average user's computer "
I believe this depends on how old the computer is. I'm not certain, but my understanding is that most new machines include a TPM chip on the motherboard. Interestingly, the documentation and salesfolks with at least one manufacturer (Dell) asserts that they don't -- but they do. If you care one way or another, it's probably best to ignore what the companies say and test for its presence yourself.
This post has been deleted by its author
Was that a hardware TPM, a firmware TPM bundled with the CPU and chipset, or a software emulated TPM? Windows, for example, may claim a "TPM" is present when it's just a software emulation.
In short, it may not be Dell that's doing this, and when they say a model doesn't include a TPM, they may mean it doesn't include a true hardware TPM. That's the only sort of TPM I'd bother using for my own purposes (and, yes, they're useful), so the distinction is relevant.
It's possible, although I seem to recall both RIAA and MPAA both pushing for a TPM in every computer.
Part of it was that they were also pushing for end to end encryption of full 1080P video streams from storage to display back when computers barely had enough video horsepower to handle an unencrypted stream.
I could be mis-remembering, though- I've slept since them.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
