Offline dictionary attack on TCG TPM weak authorisation data, and solution

Abstract

The Trusted Platform Module (TPM) is a hardware chip designed to enable PCs achieve greater security. Proof of possession of values known as authData is required by user processes in order to use TPM keys. We show that in certain circumstances dictionary attacks can be performed offline on authdata. In this way an attacker can circumvent some crucial operations of the TPM, and impersonate the TPM owner to the TPM, or the TPM to its owner. For example, he can unbind data or migrate keys without possessing the required authorisation data, or fake the creation of TPM keys. This means that any application that relies on the TPM may be vulnerable to attack. We propose a new solution and some modifications to the TPM specification to prevent the offline attacks, and we also provide the way to integrate these modifications into the TPM command architecture with minimal change. With our solution, the user can use a password-type of weak secret as their authData, and the TPM system will be still safe. © 2009 Vieweg+Teubner Verlag | GWV Fachverlage GmbH, Wiesbaden.