Microsoft downplayed the risk of using Trusted Platform Module chips after Black Hat researchers demonstrated a hack of them last week. TPM, the bases of Windows hard drive encryption features like BitLocker, is not to be feared because the hack requires physical ownership of the box, special equipment and advanced IC knowledge, says Paul Cooke on the Windows Security Blog.
He wrote: “Since that presentation, I have had plenty of questions from customers wanting to know how this might affect Windows. The answer? We believe that using a TPM is still an effective means to help protect sensitive information and accordingly take advantage of a TPM (if available) with our BitLocker Drive Encryption feature in Windows 7. The attack shown requires physical possession of the PC and requires someone with specialized equipment, intimate knowledge of semiconductor design, and advanced skills. While this attack is certainly interesting, these methods are difficult to duplicate, and as such, pose a very low risk in practice. Furthermore, it is possible to configure BitLocker in a way that mitigates this unlikely attack.”
The Black Hat researcher who hacked TPM said of it, “The TPM 1.2 chip is not as secure as the vendor tries to tell you it is,” Tarnovsky said. “I can recover all your secrets inside this chip. Your keys to the Xbox 360, the licensing chip,” plus the RSA cryptoengine, if it's used. “There's nothing in this device I can't see.”
TPM, was developed as an industry specification for hardware-based computer security by the Trusted Computing Group, a consortium that originally included AMD, Intel, Hewlett-Packard, IBM, and Microsoft. It has been implemented in hardware by Infineon and other manufacturers, but Microsoft is best known for using it, not just in its BitLocker feature for Windows, but in other products including Xbox 360.
Cooke insists that when Microsoft designed BitLocker for Windows 7, it took into account TPM's vulnerabilities. The company should have known them as this isn't the first time TPM was hacked. In 2007, Black Hat researchers caused a stir when they promised to demonstrate how to compromise TPM. That live demonstration never occurred. It mysteriously vanished from the program with the researchers refusing to comment to the press about it. Then in late 2009 it was TPM-hack mania all over again, when German researchers released a paper documenting a hack. Microsoft downplayed the threat then, too.
Microsoft has added an optional feature to BitLocker to thwart a vulnerable TPM, says Cooke: “The engineering team changed the cryptographic structure for BitLocker when configured to use enhanced pin technology, discussed in the BitLocker Drive Encryption in Windows 7: Frequently Asked Questions. As a result, an attacker must not only be able to retrieve the appropriate secret from the TPM, they must also find the user-configured PIN. If the PIN is sufficiently complex, this poses a hard, if not infeasible, problem to solve in order to obtain the required key to unlock the BitLocker protected disk volume.”