CCIS Seminar - Tuesday 12 May 2009 - Amphi CTL
14:00:00 - Salle de Amphi CTL

Mark Ryan, School of Computer Science University ofBirmingham

Attacks on the Trusted Platform Module, and solutions

Abstract: The Trusted Platform Module (TPM) is a hardware chip designed to enable computers achieve greater security. Proof of possession of values known as authData is required by user processes in order to use TPM keys. We demonstrate two attacks relating to the way authData is handled, and explain their consequences. By using the attacks, an attacker can circumvent some crucial operations of the TPM, and impersonate a TPM user to the TPM, or impersonate the TPM to its user. We describe modifications to the TPM protocols that avoid these attacks, and use protocol verification techniques to prove their security.

Home page CCIS Seminars
How to come to Amphi CTL -