Sniffing requires the TPM be unlocked first.
> What is there to gain "cracking" the TPM itself, if you can get the keys fine by sniffing? I suggest changing the title to "Sniffing Bitlocker Keys from a TPM". It means you would be possible to completely decrypt the entire harddrive (if no additional key is used) given a random computer without preconditions, and everyone would have an idea about how secure these chips actually are. If you have broken it, it would be the breaking news in the infosec community. Even obtaining these microcontrollers are difficult, usually even the basic datasheet is beind multiple NDAs, and their availability is usually highly restricted, they don't sell these microcontroller cores to ordinary people. The internal is mostly a secret, and there is little public information about its internal construction, public audits on their actual resistance against various forms of attacks is almost non-existent. TPMv2-like security chips are usually implemented by a secure microcontroller core. If you can "extract keys from a TPM", it means you must have found a way to tamper the chip using a piece of semiconductor test equipment and to obtain it from the circuity via a microprobe (or somehow injecting a spurious signal externally), bypassing any verification and self-protections of the chip.
Sniffing keys on the bus and extracting keys from a TPM are very different scenarios. I was so excited to see the title, and so disappointed after reading it. I find the title is misleading, it did not "extract" Bitlocker keys from the inside of a TPM at all, but merely sniffed the key material on the bus.
0 kommentar(er)
