Re: Hard disk Encryption

On Thu, 19 Apr 2007, Ali, Saqib wrote:
a TPM identifies a machine

TPM has a goal not only to identify a machine, but also to
identify software that is currently executed by the machine. An
attacker cannot unseal data if they do not have access to the
TPM that sealed it; but if an attacker has the TPM and hardware
tools, they can lie to TPM about the current state of the CPU
and unseal the data.

For a reasonably secure system you need both user
identification and machine identification.

Remember that we are discussing "hard disk encryption". How
often an attacker gets a disk but does not get the only computer
that can decrypt it? It is not the case for laptops, and even
for portable storage it would be quite odd. That is in my
opinion "machine identification" is almost useless for hard disk

I think we should close this discussion for right now, until
an attack can be demonstrated on the TPM itself, rather then
improper implementations of the technology.

The attack I described does not need to break "the TPM itself,"
it feeds TPM with false information (supposedly coming from the
CPU) and asks it to unseal data.


Relevant Pages

  • Re: Hard disk Encryption
    ... the key (used to decrypt the data) has to be ... transmitted outside of the TPM. ... But this question is actually irrelevant, because an attacker ... hardware attacks: ...
  • Re: Hard disk Encryption
    ... extracted by an attacker with hardware tools for bus access. ... that in a properly implemented system, the "TPM wrapped and bound ... Since TPM does not have enough processing power to decrypt the ... CPU does not have any secrets (at least immediately after ...
  • Re: Hard disk Encryption
    ... raw data, the key has to be ... transmitted outside of the TPM. ... attacker so that external entities cannot distinguish it from ... emulation the attacker may have exactly the same secret key. ...