Ithimba labacwaningi abavela eWorcester Polytechnic Institute, University of Lübeck kanye naseNyuvesi yaseCalifornia, eSan Diego Indlela yokuhlasela yesiteshi eseceleni evumela ukutholwa kokhiye abayimfihlo abagcinwe ku-TPM (Trusted Platform Module). Ukuhlasela kwaqanjwa ngekhodi futhi ithinta i-fTPM ( i-firmware-based, esebenza ku-microprocessor ehlukile ngaphakathi kwe-CPU) evela ku-Intel (CVE-2019-11090) ne-hardware TPM kuma-chips e-STMicroelectronics (CVE-2019-16863).
Abacwaningi Ikhithi yamathuluzi yokuhlasela ye-prototype yathuthukiswa kanye nekhono lokubuyisela ukhiye oyimfihlo ongu-256-bit osetshenziselwa ukukhiqiza amasiginesha edijithali kusetshenziswa i-ECDSA kanye ne-EC-Schnorr elliptic curve algorithms kwaboniswa. Kuye ngamalungelo okufinyelela, isikhathi esiphelele sokuhlasela kuzinhlelo ze-Intel fTPM sisukela kumaminithi angu-4 kuye kwangama-20 futhi sidinga ukuhlaziya imisebenzi eyi-1 kuye kweziyi-15. Ukuhlaselwa kwamasistimu ane-chip ye-ST33 kudinga cishe imizuzu engama-80 kanye nokuhlaziywa cishe kwemisebenzi yokukhiqiza isiginesha yedijithali engu-40.
Abacwaningi baphinde babonisa amandla okuhlasela okukude kumanethiwekhi anesivinini esikhulu, okubavumela ukuthi bathole ukhiye wangasese emahoreni amahlanu kunethiwekhi yendawo engu-1GB ngaphansi kwezimo zaselabhorethri, ngemva kokulinganisa isikhathi sokuphendula sezikhathi zokuqinisekisa ezingu-45 ngeseva ye-VPN eqinile esekelwe eSwan egcina okhiye bayo ku-TPM esengozini.
Indlela yokuhlasela isuselwe ekuhlaziyeni umehluko ezikhathini zokwenziwa kwemisebenzi phakathi nokukhiqizwa kwesiginesha yedijithali. Ukulinganisa ukubambezeleka kwekhompyutha kuvumela umuntu ukuthi anqume ulwazi mayelana nezingcezu ngazinye ngesikhathi sokuphindaphinda kwe-scalar ekusebenzeni kwejika eliyi-elliptic. Ku-ECDSA, ukunquma ngisho nezingcezu ezimbalwa zolwazi mayelana nevektha yokuqalisa (nonce) kwanele ukwenza ukuhlasela ukuze kutholwe wonke ukhiye oyimfihlo ngokulandelana kwawo. Ukuhlasela okuyimpumelelo kudinga ukuhlaziya izikhathi zokukhiqiza zamasiginesha edijithali ayizinkulungwane ezimbalwa adalwe ngedatha eyaziwa umhlaseli.
Ukuba sengozini I-STMicroelectronics ithole inguqulo entsha yama-chips ayo, lapho ukuqaliswa kwe-algorithm ye-ECDSA kwakhululwa ekuhlobaneni nezikhathi zokubulawa. Kuyathakazelisa ukuthi ama-STMicroelectronics chips athintekayo nawo asetshenziswa kumishini ehlangabezana neleveli yokuphepha ye-Common Criteria (CC) EAL 4+. Abacwaningi baphinde bahlola ama-TPM chips avela ku-Infineon naseNuvoton, kodwa bathola ukuthi abazange babonise ukuvuza okusekelwe ekuhlukeni kwesikhathi sokubala.
Inkinga ibilokhu ithinta ama-Intel processors kusukela emndenini wakwa-Haswell, okhishwe ngo-2013. Kubikwa ukuthi inkinga ithinta izinhlobonhlobo zama-laptops, ama-PC, namaseva avela kubakhiqizi abahlukahlukene, kuhlanganise no-Dell, i-Lenovo, ne-HP.
I-Intel ifake phakathi ukulungiswa isibuyekezo se-firmware, okuthi, ngaphezu kwenkinga ecatshangelwayo, Okunye ukukhubazeka okungu-24, okuyisishiyagalolunye kukho okukalwe njengokuqina okuphezulu kanye nokukodwa okubucayi. Ulwazi olujwayelekile kuphela olunikezwa lezi zinkinga, isibonelo, kushiwo ukuthi ukuba sengozini okubalulekile (CVE-2019-0169) kuhilela amandla okubangela ukuchichima kwenqwaba endaweni ye-Intel CSME (Converged Security and Management Engine) kanye ne-Intel TXE (Trusted Execution Engine), okuvumela umhlaseli ukuthi akhuphule amalungelo abo edatha abucayi.
Ungakwazi futhi ukuqaphela Imiphumela yokuhlolwa kwama-SDK ahlukahlukene wokuthuthukisa izinhlelo zokusebenza ezisebenzisana nekhodi esebenza ngaphakathi kwezigcawu ezihlukene iye yahlaziywa. Ama-SDK ayisishiyagalombili ahlaziywa ukuze kutholakale imisebenzi eyinkinga engase isetshenziselwe ukuhlasela: , , , ,
и ye-Intel SGX, ye-RISC-V kanye okweSancus TEE. Ngesikhathi sokucwaningwa kwamabhuku, 35, okusekelwe lapho izimo ezimbalwa zokuhlasela zakhiwe khona, okuvumela umuntu ukuthi akhiphe okhiye be-AES ku-enclave noma ahlele ukwenziwa kwekhodi yomuntu ngokudala izimo zokonakala kwenkumbulo.
Source: opennet.ru
