Trusted Computing Group

Earlier this week, an engineer presented findings at the Black Hat Conference purportedly showing how a Trusted Platform Module (TPM) could be physically compromised to access unencrypted data inside. This work would be exceedingly difficult to replicate in a real-world environment.

Turning on and using the TPM chip is one of the single most cost-effective steps for ensuring robust security in the PC. The TPM was designed to enable trusted online computing and prevent software-based attacks-the predominant security threat impacting the IT equipment. At the same time, the TPM also provides a tamper-resistant means to physical security of the PC itself, and has always been billed as such. The Trusted Computing Group has never claimed that a physical attack-given enough time, specialized equipment, know-how and money-was impossible. No form of security can ever be held to that standard. However, as a tamper-resistant, general purpose encryption device for mass manufacturing, TPMs do protect against most hardware attacks even when a physical PC is lost or stolen, particularly when a layered security approach is deployed as with industry best practices. In order to ensure it is difficult and costly to perform such attacks, TCG offers a Certification Program to validate that TPMs meet TCG specifications and are certified to at least an augmented EAL 4 (Evaluation Assurance Level) against the international Common Criteria certification standards.

This attack, unlike a software attack, requires the physical possession of the PC. It was conducted by someone with extensive skills in reverse engineering, intricate knowledge of semiconductors and access to specialized equipment. Few individuals in a real-world setting could replicate this attack. In contrast, stealing keys in the operating system on a PC without a TPM in place is as easy as downloading readily-available software. The TPM, as designed, offers a robust defense against complex software-based attacks. In addition, breaking a single TPM in this manner grants access to one machine - a one-time hack that would need to be physically replicated for every machine, offering no further advantage in accessing the rest of the 300 million TPM chips on PCs around the world.

In addition, breaking a single TPM in this manner grants access only to the secrets of a single system.