Sehlopha sa bafuputsi ba Worcester Polytechnic Institute, Univesithi ea Lübeck le Univesithi ea California e San Diego Mokhoa oa tlhaselo oa kanale o o lumellang ho khutlisa boleng ba linotlolo tsa poraefete tse bolokiloeng ho TPM (Trusted Platform Module). Tlhaselo e ile ea fumana lebitso la khoutu mme e ama fTPM ( e ipapisitse le firmware e sebetsang ho microprocessor e arohaneng kahare ho CPU) ho tsoa ho Intel (CVE-2019-11090) le lisebelisoa tsa TPM ho li-chips tsa STMicroelectronics. (CVE-2019-16863).
Bafuputsi prototype attack toolkit le ho bonts'a bokhoni ba ho khutlisa senotlolo sa poraefete sa 256-bit se sebelisetsoang ho hlahisa li-signature tsa dijithale ho sebelisoa li-algorithms tsa elliptic curve ECDSA le EC-Schnorr. Ho ipapisitse le litokelo tsa phihlello, nako eohle ea tlhaselo ea lits'ebetso tsa Intel fTPM ke metsotso ea 4-20 mme e hloka tlhahlobo ea ts'ebetso ea 1-15 sekete. Ho nka metsotso e ka bang 33 ho hlasela lits'ebetso ka chip ea ST80 le ho sekaseka ts'ebetso e ka bang likete tse 40 ho hlahisa tekeno ea dijithale.
Bafuputsi ba ile ba boela ba bontša monyetla oa ho etsa tlhaselo e hōle ka marang-rang a lebelo le phahameng, e leng se ileng sa etsa hore ho khonehe ho fumana senotlolo sa poraefete sebakeng sa marang-rang se nang le bandwidth ea 1GB maemong a laboratori ka lihora tse hlano, ka mor'a ho lekanya nako ea karabo bakeng sa 45 likete tsa netefatso ka seva ea VPN e thehiloeng ho software e matla eaSwan, e bolokang linotlolo tsa eona ho TPM e tlokotsing.
Mokhoa oa tlhaselo o ipapisitse le ho sekaseka phapang nakong ea ts'ebetso ea ts'ebetso nakong ea ho hlahisa signature ea dijithale. Khakanyo ea latency ea computation e u lumella ho tseba tlhahisoleseling mabapi le likotoana tsa motho ka mong nakong ea katiso ea scalar ts'ebetsong ea elliptic curve. Bakeng sa ECDSA, ho tseba le likotoana tse 'maloa tse nang le tlhaiso-leseling mabapi le vector ea ho qala (nonce) ho lekane ho etsa tlhaselo ho khutlisa senotlolo sa poraefete ka tatellano. Ho etsa tlhaselo ka katleho, hoa hlokahala ho sekaseka nako ea moloko oa li-signature tse likete tse 'maloa tsa dijithale tse entsoeng holim'a data e tsejoang ke mohlaseli.
Ho ba tlokotsing ka STMicroelectronics khatisong e ncha ea lichifi moo ho kengoa ts'ebetsong ha algorithm ea ECDSA ho ileng ha lokolloa likamanong le nako ea ts'ebetso. Ho khahlisang, li-chips tsa STMicroelectronics tse amehileng le tsona li sebelisoa lisebelisoa tse kopanang le boemo ba ts'ireletso ba CommonCriteria (CC) EAL 4+. Bafuputsi ba boetse ba lekile li-chips tsa TPM ho tsoa ho Infineon le Nuvoton, empa ha lia ka tsa lutla ho latela liphetoho tsa nako ea komporo.
Ho li-processor tsa Intel, bothata bo hlaha ho tloha lelapeng la Haswell le lokollotsoeng ka 2013. Hoa hlokomeleha hore bothata bo ama mefuta e mengata ea lilaptop, li-PC le li-server tse hlahisoang ke bahlahisi ba fapaneng, ho kenyeletsoa Dell, Lenovo le HP.
Intel e kenyellelitse ho lokisa ntlafatso ea firmware, eo ho eona, ntle le bothata bo ntseng bo nahanoa, bofokoli bo bong 24, tseo tse robong li abeloang boemo bo phahameng ba kotsi, 'me e' ngoe e bohlokoa. Mathata ana, ho fanoe ka tlhahisoleseding e akaretsang feela, mohlala, ho boleloa hore ts'oaetso ea bohlokoa (CVE-2019-0169) e bakoa ke bokhoni ba ho baka qubu e ngata ka lehlakoreng la Intel CSME (Converged Security and Management Engine). ) le tikoloho ea Intel TXE (Trusted Execution Engine), e lumellang mohlaseli ho eketsa litokelo tsa bona le ho fumana boitsebiso ba lekunutu.
U ka boela ua hlokomela liphetho tsa tlhahlobo ea li-SDK tse fapaneng bakeng sa ho nts'etsapele lits'ebetso tse sebelisanang le khoutu e entsoeng ka lehlakoreng la li-enclave tse ka thoko. Bakeng sa ho tseba mesebetsi e nang le mathata e ka sebelisoang ho etsa litlhaselo, ho ile ha ithutoa li-SDK tse robeli: , , , ,
и bakeng sa Intel SGX, bakeng sa RISC-V le bakeng sa Sancus TEE. Nakong ea tlhahlobo e ne e 35, ho ipapisitsoe le maemo a 'maloa a tlhaselo a ntlafalitsoeng a u lumellang ho ntša linotlolo tsa AES ho enclave kapa ho hlophisa ts'ebetso ea khoutu ea hau ka ho theha maemo a ho senya litaba tsa mohopolo.
Source: opennet.ru