How Trusted Platform Module (TPM) Is Used Today

TPM technology has been around since 2003. Within those 14 years a lot has changed for the demand of this security chip. In today’s security conscious world, there are trending factors for the increased interest in TPM thus its growing popularity. TPM’s coming of age is motivated by the following: Microsoft Windows; Mobile device security; trending cyber attacks; cost effective, these factors contribute to the demand and the growing need for it in today’s technical world.

Microsoft

Windows 8 and Window Server 2012 have embedded TPM software within its system to include a multiple layer security approach in order to make it tamper resistant with regard to physical and software security threats. According to Microsoft, key advantages for TPM integration are the ability to generate, store and control the use of cryptographic keys, TPM devices are assigned a RSA key which strengthens authentication, and it helps with integrity recording and storing security roles (Microsoft 2012). These functions occur during the boot process of the system. Initial boot codes communicate between the hardware and operating system.

There are several enhancements applied to Windows 8 and Server 2012 that assist with management of TPM, making it user friendly and easy to deploy. Convenient management settings have been added for configuration of TPM by accessing Group Policy. New TPM settings include Active Directory based backup for owner authentication. Another beneficial feature for Windows is the TPM-based Virtual Smart Card. The card is applied to the user client computer instead of the employees toting around physical smart cards, as a result it cuts organizational cost of investment of smart card deployment.

Mobile Device Security

Windows-based mobile devices have a TPM chip installed on the motherboard to provide hardware-based authentication, tamper tracking, and key encryption storage. When TPM is enabled on a mobile device the resident OS works together with the device to encrypt most or all of the hard drive. Since most TPM protection use 256-bit AES encryption, the strength of encryption is strong and currently uncrackable. Powering on the mobile device must be authenticated otherwise there is no way to gain access. However, once authorized access is permitted by TPM, the mobile device will require other security measures. For example, if the mobile device is lost and is powered on and logged in, TPM protections no longer exist. TPM is not limited to Microsoft; it is supported by various computer vendors such as Dell, Intel, IBM and Cisco. TPM technology is embedded on many smart devices, Connected Standby is Microsoft TPM technology supported by governmental agencies. The decision to support Connected Standby needs to be established at the design phase of a device because it governs the engineering of the software and hardware of the product (Microsoft). 

Popular Cyber Attacks

Bootkit is a malware that attacks the Master Boot Record (MBR) by allowing malicious code to be executed before the OS boots. When the Basic Input Output System (BIOS) starts the boot process the bootkit residing in the MBR begins execution of the malicious code. Once the Bootkit is deployed throughout the OS, it prepares to begin the quest to read and decrypt various files. The main craft of Bootkit is it cannot be found by scanning the OS with typical virus scanners because the key components can not be found on standard logs or registries. TPM hardware can detect bootkit virus during the boot process and this approach is a strong defense especially for smart mobile devices. Effective TPM hardware should address resource efficiency and continuous integrity measurements (Bickford, 2010).

TPM Applications: Virtual Machine Applications

As mentioned earlier, TPM was created with the purpose to ensure that a systems operating system, hardware, and available applications are in a validated/authorized state. As technology expands and attacks become more prevalent, research has been completed to highlight other methods available to expand TPM protection. One of the methods discussed to alter the security of TPM is the use of virtualization as a security tool. 

Developed more than 30 years ago to address computing problems virtual machine monitors (VMM) have come back to light due their ability to offer better solutions to some of the current challenges in administration, reliability and most importantly security (Rosenblum & Garfinkel. T, 2005). VMs incorporate the monitor to provide complete access to and from between a host and a guest VM. Furthermore, VMMs are noted as a Type one, which run as an application on an underlying operating system, or Type two, which run directly on its own hardware (Tupakula & Varadhaajan, 2011). VMM have access to all of the VM activities including communications, it can be used as an additional security reference that develops security tools that can leverage virtualization technologies and TPM attestation techniques. Studies conducted regarding this matter propose that the TPM-VMM’s will provide a better and more efficient defense against unauthorized users/traffic. Below we will be discussing three possible TPM-VMM models: Trusted Virtual Domain Security (TVDS) and Peer-to-Peer (P2P) VMM.

A Trusted Virtual Domain (TVD) is defined as a single network domain that includes related virtual machines that are managed by a common security policy. The VMs discussed in their research is running on one or more detached machines that support one or more VMMs and are connected over a virtual local area network (VLAN) connection, Ethernet encapsulation, and Virtual Private Networks (VPNs) (Tupakula & Varadharajan, 2011a). While this configuration is known to provide resilient protection at the TVD, a TVDS usually fails to provide any protection against intra-TVD attacks. Specifically, TVDs are susceptible to attacks when a hacker compromises a virtual machine located inside the TVD in order to deploy attacks on other systems located within the TVD.

A potential solution to the previously mentioned vulnerability includes the development of a security overlay to the TVD architecture such that all inter-VM communications are executed via a TVD proxy. Given the policies defined, prior to joining a TVD a physical server is validated by the TVD to ensure that the requesting server has the capabilities to enforce the TVD security requirements before connecting (Tupakula & Varadharajan, 2011a). With that in mind, administrators should be aware that this solution is considered an additional security layer to TPM security, not a replacement.

One of the known vulnerabilities that come with this application is that TPM was not created to deliver core root of assurances for the state of any given virtual machine. In order to address this concern, the researchers believe that you should implement 4 new components. The components include: dom_sec, trans_ctrl, trans_str, and sec_pol. The dom_sec will ensure that security polices are executed domain wide for all virtual machines. Trans_ctrl will contain the information necessary to combine all virtual machines participating in the TVD. Trans_str will ensure that there is a log of the virtual machine transactions provided by sec_pol and sec_pol will ensure that protected operations are enforced for the TVD (Tupakula & Varadharajan, 2011a).

Peer-to-Peer computing is known to have several security issues specifically as a result of their architecture. In a peer-to-peer grid, client nodes are what control the resources, which enable increased capabilities such as computing power and financial implications. One of the main challenges with peer-to-peer computing is the inability to provide a trusted environment without the exploitation of sensitive and confidential data (Zou, Zheng, Long, Jin, & Chen, 2010). In their research, Zou, et al. (2010) proposes a virtual machine monitor on a backend embedded with TPM in order to ensure the veracity of the launched virtual machines.

In addition to the above-mentioned research, Berger, Caceres, Goldman, Perez, Sailer, & van Doorn (2006) designed a virtual TPM that ensures a trusted environment on virtual machines running on single platforms. The hardware trust embedded in the VMM guarantee the integrity of the image and that the authorized user is accessing the resources available. Nonetheless, performance competence and overhead tradeoffs with security are some of the greatest challenges with secure VMMs (Berger, et al., 2006). Moreover, security challenges must be maintained throughout all physical and logical layers of the VMM hierarchy. With that being said, research displayed above highlights how the hardware based element of the TPM combined with the VMM based software ensures data integrity and an environment that can be trusted and reliable (Zou, et al., 2010

TPM Vulnerabilities

Trusted Platform Module has very few security vulnerabilities despite how long they have been available in laptop and other mobile computing devise. The main reason a hacker would attempt to hack a TPM device is to obtain the keys to an encrypted hard drive in a mobile device or a laptop. These keys can be used to unlock or unencrypt a hard drive using Microsoft encryption software called bitlocker.

There has been a report of a potential vulnerability when using the Trusted Platform Module on a Dell D820 laptop. It has been observed that the TPM chip in the laptop has made DNS queries. The request is for the website of the chip manufacture. The TPM device was trying to resolve the manufactures web site www.wave.com for updates. The updates are for the ETS software which are trying to updates are automatically. The reason this is considered vulnerability or a potential security exploit is the TPM device was automatically allowed to access the internet looking for software updates. If a hacker were to redirect the network DNS record or redirect the laptop request to a malicious web site the TPM chip can potentially down load malicious code that can ftp the encryption keys to the laptop encrypted hard drive to the attacker. Once the keys are stolen for the compromised laptop the attacker has the ability to unencrypt the local hard drive. The greatest challenge to this type of exploit is the attacker has to take physical control of the laptop to execute the TPM vulnerability. Although Microsoft played down the TPM risk using a Microsoft encryption software called bitlocker it is still a very serious risk.

There is another type of security risk that is present and can be exploited because the users or owners of the TPM chip do not know how to patch or mitigate the risk. This type of attack simply used the strong encryption in the TPM to hide malicious malware. This type of hacking is called cloaking malware. So the malware is hidden inside of a security device. This type of attack is when a hacker or malware writher will use the TPM chip to cloak malicious computations. This technique along with selecting and using an approved protocol make it very difficult for a security analysis to detect the malicious code. This cloaking of the code is not a new technique but it is very effective in the TPM. Because the TPM is not easily accessible it makes scanning and checking for viruses and other malware very difficult. This type of attack is very close to the root kit attacks they are found in the boot sector of computer hard drives. There are three very common type of cloaking malware attacks the first is called Worm command and control. This attack is considered a manipulation of the Conflicker B code attack. The second common cloaking attack is Selective data exfiltration. This attack focuses on the theft of financial data or corporate research and development data. The third attack is very common is Distributed denial of service time bomb. This attack is very similar to other DDOS attacks the only difference is this attack is set to execute at a certain time. This time is preset in the code when it is deployed. There are not many malware detection programs that can scan a bios chip or FIRM ware like the TPM device. This makes it very difficult to detect and remove malicious malware once it gets in the TPM chip.

Conclusion

After a brief introduction of TPM, how it works, its components and its use this survey describes some of the pricier uses of TPM in Microsoft, mobile device security and popular attacks. In addition, we also surveyed and discussed virtual machine applications that have been used in conjunction with TPM such as P2P Vmm and TVDS to see the impact that these applications have on the security tools and protection techniques used in a TPM. Additionally, the survey describes the vulnerabilities in the TPM implementation and attacks.

As data continues to expand within the Internet and resources continue to be readily available throughout the network systems, they will continue to be seen as easy targets. In order for TPM to effective it is imperative that the TPM technology continues to grow with the demands of the security requirements. 

References:

1. Anderson, R. J. (2008). Security Engineering. Indiana: Wiley.

2. Arthur, W., Goldman, K. and Challener, D. (2015). A Practical Guide to TPM 2.0: Using the New Trusted Platform Module in the New Age of Security, Apress

3. Cohen, J. C., & Acharya, S. (2014). Towards a trusted HDFS storage platform: Mitigating threats to Hadoop infrastructures using hardware-accelerated encryption with TPM-rooted key protection. Journal of Information Security and Applications, 19(3), 224–244. https://doi.org/10.1016/j.jisa.2014.03.003

4. El?i, A., Pieprzyk, J. Chefranov, A. Orgun, M., Wang, H. and Shankaran, R. (2013) Theory and Practice of Cryptography Solutions for Secure Information Systems, IGI Global

 5. Gilder, G. (2013). The Scandal of Computer Security. Discovery Institute. Retrieved from https://www.discovery.org/a/21561

 6. Microsoft (2012) Trusted Platform Module https://technet.microsoft.com/en-us/library/Cc749022(v=WS.10).aspx

 7. Rouse, M. (2014, September). Trusted Platform Module (TPM). Retrieved from TechTarget: https://whatis.techtarget.com/definition/trusted-platform-module-TPM

 8. Rosenblum, M., & Garfinkel, T. (2005, May 16). Virtual machine monitors: Current technology        and future trends. Retrieved July 27, 2015, from            https://ieeexplore.ieee.org/xpl/articleDetails.jsp?tp=&arnumber=1430630&url=https://ieeexpl           ore.ieee.org/xpls/abs_all.jsp?arnumber=1430630

 9. TCG. (2008). Trusted Platform Module (TPM) Summary. Retrieved July 26, 2015, from Trusted Computing Group: https://www.trustedcomputinggroup.org/resources/trusted_platform_module_tpm_summary