Catching the Cuckoo: Verifying TPM Proximity Using a Quote Timing Side-Channel
Loading...
Author/Creator ORCID
Date
2011-06-22
Type of Work
Department
Program
Citation of Original Publication
Fink R.A., Sherman A.T., Mitchell A.O., Challener D.C. (2011) Catching the Cuckoo: Verifying TPM Proximity Using a Quote Timing Side-Channel. In: McCune J.M., Balacheff B., Perrig A., Sadeghi AR., Sasse A., Beres Y. (eds) Trust and Trustworthy Computing. Trust 2011. Lecture Notes in Computer Science, vol 6740. Springer, Berlin, Heidelberg
Rights
This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.
Abstract
We present a Trusted Platform Module (TPM) application
protocol that detects a certain man in the middle attack where an adversary
captures and replaces a legitimate computing platform with an
imposter that forwards platform authentication challenges to the captive
over a high speed data link. This revised Cuckoo attack allows the
imposter to satisfy a user's query of platform integrity, tricking the user
into divulging sensitive information to the imposter. Our protocol uses an
ordinary smart card to verify the platform boot integrity through TPM
quote requests, and to verify TPM proximity by measuring TPM tickstamp
times required to answer the quotes. Quotes not answered in an
expected amount of time may indicate the presence of an imposter's data
link, revealing the Cuckoo attack. We describe a timing model for the
Cuckoo attack, and summarize experimental results that demonstrate
the feasibility of using timing to detect the Cuckoo attack over practical
levels of adversary link speeds.