Don't trust the Trusted Platform Module – it may leak your VPN server's private key (depending on your configuration)

You know what they say: Timing is... everything

Trusted Platform Modules, specialized processors or firmware that protect the cryptographic keys used to secure operating systems, are not entirely trustworthy.

Boffins from the Worcester Polytechnic Institute and University of California, San Diego, in the US, and the University of Lübeck in Germany, have found that TPMs leak timing information that allows the recovery of the private keys used for cryptographic signatures.

In a paper [PDF] published on Tuesday, "TPM-FAIL: TPM meets Timing and Lattice Attacks," researchers Daniel Moghimi, Berk Sunar, Thomas Eisenbarth, and Nadia Heninger describes how they successfully conducted black-box timing analysis of TPM 2.0 devices to recover 256-bit private keys for ECDSA (Elliptic Curve Digital Signature Algorithm) and ECSchnorr signatures that are supposed to remain unobserved within the TPM.

Timing measurements represent a side channel attack that can be used to infer the inner workings of cryptographic systems.

"Our analysis reveals that elliptic curve signature operations on TPMs from various manufacturers are vulnerable to timing leakage that leads to recovery of the private signing key," the paper states. "We show that this leakage is significant enough to be exploited remotely by a network adversary."

Key recovery

The researchers found that a local attacker can recover the ECDSA key from Intel fTPM in 4-20 minutes, depending upon the available level of access. The technique can also be conducted remotely to obtain the authentication key from a VPN server in five hours or so.

In an email to The Register, Moghimi said the remote attack scenario assumes there's a VPN configured to use the TPM for authentication and is publicly available on a network.

"A client who is supposed to use the VPN as a service acts as an adversary and steals the VPN server's private key," said Moghimi. "As a result, she can impersonate the VPN's server and compromise the secure communication of other users with the VPN server."

Moghimi said the attacker would need to conduct multiple authentication handshakes in order to measure the time each takes and then use that time measurement as a side-channel to discern information about the VPN server's secrets inside the TPM. Such handshakes, he said, look like normal network traffic and wouldn't be obviously malicious.

"The remote attack takes much longer due to the network's noise on the timing channel," said Moghimi. "The faster a network is, the remote attack can be performed better since there will be less timing noise. We tested on a simple 1GB local network which is common in many organizations and companies. I can imagine the remote attack would be faster/easier on a 10GB network or a fiber network."

Zombies photo via Shutterstock

True to its name, Intel CPU flaw ZombieLoad comes shuffling back with new variant


The researchers identified flaws in Intel's fTPM, a firmware-based TPM on computers running Intel's management engine on PCs and laptops from vendors like Asus, Lenovo, Dell, and HP, and in computers with dedicated TPM hardware made by STMicroelectronics (ST33TPHF2ESPI). These vulnerabilities exist in devices certified FIPS 140-2 Level 2 and Common Criteria (CC) EAL 4+, certifications bestowed on hardware believed to be resistant to side-channel attacks.

The boffins also tested TPMs by Infineon and Nuvoton. The Infineno hardware (SLB 9670) exhibited non-constant time behavior but did not appear to have an exploitable vulnerability. The Nuvoton unit (rls NPCT) showed constant-time behavior for ECDSA, meaning it's not vulnerable.

The security flaws have been designated CVE-2019-11090 for Intel fTPM vulnerabilities and CVE-2019-16863 for STMicroelectronics TPM chip. The researchers responsibly disclosed their findings to the two companies, and the publication of their work – to be presented at the Real World Crypto 2020 conference in January – coincides with patches from Intel and STMicroelectronics.

Intel addresses the flaws in the INTEL-SA-00241 patch, which covers multiple CVEs. STMicroelectronics did not immediately respond to a request for comment, but the researchers say the biz has issued a new chip that fixes the flaws.

Intel disclosed its patch in a new security blog, noting that it found 22 of 24 flaws related to its management engine.

The now-obligatory vulnerability website,, provides further details. ®

Similar topics

Other stories you might like

  • Prisons transcribe private phone calls with inmates using speech-to-text AI

    Plus: A drug designed by machine learning algorithms to treat liver disease reaches human clinical trials and more

    In brief Prisons around the US are installing AI speech-to-text models to automatically transcribe conversations with inmates during their phone calls.

    A series of contracts and emails from eight different states revealed how Verus, an AI application developed by LEO Technologies and based on a speech-to-text system offered by Amazon, was used to eavesdrop on prisoners’ phone calls.

    In a sales pitch, LEO’s CEO James Sexton told officials working for a jail in Cook County, Illinois, that one of its customers in Calhoun County, Alabama, uses the software to protect prisons from getting sued, according to an investigation by the Thomson Reuters Foundation.

    Continue reading
  • Battlefield 2042: Please don't be the death knell of the franchise, please don't be the death knell of the franchise

    Another terrible launch, but DICE is already working on improvements

    The RPG Greetings, traveller, and welcome back to The Register Plays Games, our monthly gaming column. Since the last edition on New World, we hit level cap and the "endgame". Around this time, item duping exploits became rife and every attempt Amazon Games made to fix it just broke something else. The post-level 60 "watermark" system for gear drops is also infuriating and tedious, but not something we were able to address in the column. So bear these things in mind if you were ever tempted. On that note, it's time to look at another newly released shit show – Battlefield 2042.

    I wanted to love Battlefield 2042, I really did. After the bum note of the first-person shooter (FPS) franchise's return to Second World War theatres with Battlefield V (2018), I stupidly assumed the next entry from EA-owned Swedish developer DICE would be a return to form. I was wrong.

    The multiplayer military FPS market is dominated by two forces: Activision's Call of Duty (COD) series and EA's Battlefield. Fans of each franchise are loyal to the point of zealotry with little crossover between player bases. Here's where I stand: COD jumped the shark with Modern Warfare 2 in 2009. It's flip-flopped from WW2 to present-day combat and back again, tried sci-fi, and even the Battle Royale trend with the free-to-play Call of Duty: Warzone (2020), which has been thoroughly ruined by hackers and developer inaction.

    Continue reading
  • American diplomats' iPhones reportedly compromised by NSO Group intrusion software

    Reuters claims nine State Department employees outside the US had their devices hacked

    The Apple iPhones of at least nine US State Department officials were compromised by an unidentified entity using NSO Group's Pegasus spyware, according to a report published Friday by Reuters.

    NSO Group in an email to The Register said it has blocked an unnamed customers' access to its system upon receiving an inquiry about the incident but has yet to confirm whether its software was involved.

    "Once the inquiry was received, and before any investigation under our compliance policy, we have decided to immediately terminate relevant customers’ access to the system, due to the severity of the allegations," an NSO spokesperson told The Register in an email. "To this point, we haven’t received any information nor the phone numbers, nor any indication that NSO’s tools were used in this case."

    Continue reading

Biting the hand that feeds IT © 1998–2021