Chikwata chevaongorori kubva kuWorcester Polytechnic Institute, University of LΓΌbeck uye University of California kuSan Diego. Iyo yedivi-chiteshi kurwisa nzira inobvumidza iwe kudzoreredza kukosha kwemakiyi akavanzika akachengetwa muTPM (Trusted Platform Module). Kurwiswa kwakagamuchira zita rekodhi uye inokanganisa fTPM ( zvichibva pane firmware inomhanya pane yakaparadzana microprocessor mukati meCPU) kubva kuIntel (CVE-2019-11090) uye hardware TPM pane STMicroelectronics chips. (CVE-2019-16863).
Vatsvakurudzi prototype attack toolkit uye yakaratidza kugona kudzoreredza 256-bit yakavanzika kiyi inoshandiswa kugadzira siginecha yedhijitari uchishandisa elliptic curve algorithms ECDSA uye EC-Schnorr. Zvichienderana nekodzero dzekuwana, nguva yekurwisa yeIntel fTPM masisitimu ndeye 4-20 maminetsi uye inoda kuongororwa kwe1-15 zviuru zvekushanda. Zvinotora anenge maminetsi makumi masere kurwisa masisitimu neiyo ST33 chip uye kuongorora zvingangoita zviuru makumi mana zvekushanda kugadzira siginecha yedhijitari.
Vatsvakurudzi vakaratidzawo mukana wekuita kurwisa kure mu-high-speed network, izvo zvakaita kuti zvikwanisike kudzoreredza kiyi yakavanzika munharaunda yemunharaunda ine bandwidth ye1GB mumamiriro e laboratory mumaawa mashanu, mushure mekuyera nguva yekupindura ye45. zviuru zvekusimbisa zvikamu neVPN sevha yakavakirwa pane yakasimbaSwan software, iyo inochengeta makiyi ayo mune inotambura TPM.
Iyo nzira yekurwisa yakavakirwa pakuongorora misiyano munguva yekuitwa kwekushanda mukuita kwekugadzira siginecha yedhijitari. Kufungidzira computation latency inokutendera kuti uone ruzivo nezve mabhiti ega panguva yekuwedzeredza kwe scalar mu elliptic curve mashandiro. Kune ECDSA, kusarudza kunyange mashoma mabheti ane ruzivo nezve yekutanga vector (nonce) inokwana kuita kurwisa kudzoreredza iyo yese yakavanzika kiyi. Kuti ubudirire kuita kurwiswa, zvinodikanwa kuongorora nguva yechizvarwa chezviuru zvakati wandei masiginecha akagadzirwa pamusoro pe data inozivikanwa kune anorwisa.
Kunetseka neSTMicroelectronics mune imwe shanduro itsva yemachipi umo kushandiswa kweECDSA algorithm kwakasunungurwa kubva mukuwirirana nenguva yekuuraya yekushanda. Sezvineiwo, iyo yakakanganiswa STMicroelectronics machipisi anoshandiswawo mumidziyo inosangana neCommonCriteria (CC) EAL 4+ chengetedzo level. Vatsvagiri vakaedzawo TPM machipi kubva kuInfineon neNuvoton, asi havana kudonha zvichibva pane shanduko yenguva yekuverengera.
MuIntel processors, dambudziko rinoratidzika kutanga kubva kumhuri yeHaswell yakaburitswa muna 2013. Zvinocherechedzwa kuti dambudziko rinokanganisa akasiyana malaptops, maPC uye maseva anogadzirwa nevagadziri vakasiyana, kusanganisira Dell, Lenovo uye HP.
Intel yakabatanidza kugadzirisa mukati firmware update, umo, kuwedzera kune dambudziko riri kutariswa, imwe 24 vulnerabilities, iyo mipfumbamwe inogoverwa yakakwirira yengozi, uye imwe inokosha. Pamatambudziko aya, ruzivo rwese rwunopihwa chete, semuenzaniso, kunotaurwa kuti iyo yakakosha vulnerability (CVE-2019-0169) imhaka yekugona kukonzera murwi kufashukira padivi peIntel CSME (Converged Security uye Management Injini. ) uye Intel TXE (Trusted Execution Engine) nharaunda, iyo inobvumira anorwisa kuwedzera maropafadzo avo uye kuwana ruzivo rwezvakavanzika.
Unogonawo kucherechedza odhita mhedzisiro yeakasiyana maSDK ekugadzira maapplication anopindirana nekodhi yakaitwa padivi peakavharirwa enclaves. Kuti uone mabasa anonetsa anogona kushandiswa kuita kurwisa, masere SDKs akadzidzwa: , , , ,
ΠΈ yeIntel SGX, yeRISC-V uye yeSancus TEE. Panguva yekuongorora zvaive 35 kusasimba, zvichibva pane akati wandei kurwisa kwakagadziridzwa izvo zvinokutendera kuti ubvise makiyi eAES kubva kune enclave kana kuronga kuitiswa kwekodhi yako nekugadzira mamiriro ekukuvadza zviri mukati mendangariro.
Source: opennet.ru