New Trusted HW Standard For Windows 8 To Support Chinese Crypto

An anonymous reader writes "A new version of the Trusted Platform Module, called TPM2 or TPM 2.0 by Microsoft, has apparently been designed specifically for the release of Windows 8 this week. The details of this new standard have been kept secret. But a major update to the original TPM standard, which came out 10 years ago, seems to have been very quietly released on the Trusted Computing web site (FAQ) earlier this month. Following in the footsteps of the original, this version is quite a challenging read (security through incomprehensibility?). But this new version also seems to support some controversial crypto algorithms that were made public by the 'State Encryption Management Bureau' of China for the first time about 2 years ago. This is roughly the time that Microsoft seems to have begun working in earnest on TPM2, Windows 8, and probably even Surface. But that's probably just a coincidence. This crypto is controversial because of serious EU concerns with domestic restrictions on the implementation, use, and importation of cryptography in China."

secret standards?

[parodyca]

How does that work

Re:secret standards?

[CanHasDIY]

The same way secret interpretations of law work, I suppose.

Good crypto is born secret, even in the US

[fustakrakich]

If it has publicly released, its usefulness is questionable.

Re:Good crypto is born secret, even in the US

The algorithm is intentionally obscure to waste processing time as to make brute forcing it impractical.

The private key (the input to the algorithm) is obscure. The algorithm is typically public. The most widely used ones (like AES) are quite public.

You don't know what you're talking about.

Re:Good crypto is born secret, even in the US

[arglebargle_xiv]

How about NSA's Type I ciphers? They are classified TOP SECRET. Would you say they are "weak" or "badly designed?" Do you think NSA keeps them secret because they believe in security through obscurity?

Surely they keep them secret because they don't want other people/countries using them. Or do they provide a closed implementation for everyone to use?

They keep them secret because (a) they don't want to reveal their design principles to others and (b) because then instead of attackers being able to immediately start with attacking the algorithm they first have to spend quite a bit of effort just finding out what the algorithm is before they can start attacking it (look at all the crap crypto used in things like RFID transponders that took ages to break because the details weren't readily available). NSA also has special algorithms designed for high-risk situations where there's a chance the design details will be compromised, if one's needed then something not related to anything else in use will be pulled off the shelf and used. Skipjack was an example of a high-risk algorithm, and it did indeed end up being revealed, and it doesn't tell us anything about other NSA designs.

It's actually the opposite

[e065c8515d206cb0e190]

AES, used by NSA after beeing deemed sufficient for classified information: http://en.wikipedia.org/wiki/Advanced_Encryption_Standard#Security

The NSA/CIA may have quite a few (a lot of) bright minds, but they certainly can't compete with the best worldwide cryptographers.

But don't let the facts get in the way of your conspiracy theories.

Re:It's actually the opposite

[viperidaenz]

may very well know AES is breakable by the NSA

To encrypt top secret documents with algorithms known to be breakable is negligent. If its breakable by the NSA by brute force, NSA doesn't have the worlds fastest computers, so they are not the only ones capable. If its a flaw in the algorithm, its a public algorithm, so the NSA are not the only ones analysing it.

Re:It's actually the opposite

[wonkey_monkey]

NSA doesn't have the worlds fastest computers

[citation classified]

Re:It's actually the opposite

Wrong. NSA has been doing crypto decades before the academic world got interested in it. They have a huge head start. For instance, they knew about differential cryptanalysis in the 70's, while the academic world didn't discover it until the early 90's. They knew about public key crypto several years before Diffie independently discovered it. These are only two examples, there are many more.

Second, the number of PhD mathematicians they have specializing in crypto is greater than the rest of the world's top experts combined. This means they have their own (huge) body of scientific literature on the subject that no one outside of the Agency gets to see. At the same time, they get to see all the public literature. As former NSA cryptologist Brian Snow says, "We get to cheat. We read your journals, but you can't read ours."

As an analogy, imagine that there was a secret agency doing physics in 1900. One of the physicists working for them was Max Planck. This agency discovered the quantum theory and begins unlocking the secrets of the atom. By the 1940's they have the bomb. Now imagine that the public world starts getting interested in physics and discovers quantum theory in the 1930's. It isn't until the 1970's that they get the bomb. This is about the way it is with NSA and crypto -- they have a huge head-start. A lot of the work the academic community has done has been discovered independently (and certainly much later) than NSA.

Third, AES is only approved for classified information in NSA approved systems! This means, the hardware and software implementation has to be vetted by them first (likely to prevent side-channel attacks, of which AES is notoriously susceptible). And AES is not used in any really sensitive systems. For that NSA is going to use their classified Type I ciphers.

Re:TPM Of Evil

[fuzzyfuzzyfungus]

Well guys, I don't know about you, but I have only one question: Is it a separate chip on the motherboard? Because if it is, I'm hosting SMC desoldering classes the day this thing hits the market. Who'd have thought the day would come when we'd have to modchip our own damn computers...

Depends on the implementation. Some TPMs are not exactly hard to remove(that riser card on the LPC headers is sold as an option for that particular motherboard, so they made it easy to add or remove.

Some, like the chip on which that Asus module is based, or a bunch of the Infineon and Atmel ones, are reasonably civilized TSSOPs. Not hard to remove, allegedly packaged to be hard to tamper with at a chip level; but it's your problem if the firmware/BIOS/whatever flips out and refuses to do anything until the TPM is restored(and each one has a unique, and kept secret from you, RSA key burned in, so you have fun cloning/impersonating it to a hostile chipset...)

If, on the other hand, you have a system with something like the Intel GM45 chipset, you'd better have your microscope and ion beam ready because the TPM is on the same silicon as the motherboard chipset.

The TPMs from the likes of Broadcom are somewhere in the middle: They are integrated directly with some of the company's ethernet(and possibly other; I'm only familiar with the ones in some GigE products) chips; and aren't exactly going to be trivial to remove; but your computer will still work if you take a screwdriver to that part, unlike the Intel ones.

The most interesting part

[Citral]

From the FAQ: "TPM 2.0 is intended to be usable for a very broad range of platforms from embedded systems to mobile devices to PCs to servers." In other words, TCG is not dead but actively pushing TPMs to new platforms.

A use case: in case of theft, the permanent storage of your device can be protected against reading the flash memory (of course, assuming your device is locked in the first place) in the same fashion as Bitlocker works on PCs. The secret key with which your corporate data is encrypted can be stored in the TPM bound to a password and/or PCRs. (Assuming, of course, that the TPM itself is not hacked using physical attacks (DPA, etc.). But at least, it raises the bar for the average thief.)

The TPM has non-DRM uses

[johndoe42]

If you ignore all the weird DRM-ish uses (which are basically unsupported for now anyway [1]), the TPM makes a nice cryptographic token. Unfortunately, TPM v1.1 hard-coded the OAEP label to "TPM", which made it incompatible with everything. TPM v2.0 fixes this -- the label is now user-specified. That means that you can use it for modern hardware crypto (sadly, using SHA-1, which should be phased out).

[1] For meaningful DRM, you need an endorsed TPM, which most vendors don't provide. See http://www.privacyca.com/ekcred.html

Re:TPM Of Evil

[IamTheRealMike]

Don't be ridiculous. You don't have to modchip your motherboard. The TPM chip is, and always has been, something that provides services to the CPU on demand. It can't control your computer. The computer you're using now probably has one already and it may be used for such nefarious purposes as making disk encryption more secure.

Trusted computing has a needlessly bad rap because of kneejerk reactions like this one. In fact it's a flexible and general tool that can be used for many purposes. For example, you can use it to do sensitive operations on a computer compromised by malware. Games can use it to kick out cheaters. Things get especially interesting when you throw Bitcoin in the mix. It makes feasible autonomous agents, a form of evolutionary AI in which programs maintain their own wallets and rely on trusted computing technologies to protect them from potentially malicious humans who want to steal their money. You can also use it to make sensitive financial platforms like exchanges more secure against hackers. The actual cryptography needed to move money can be done inside the secure world with the root keys being held in the TPM chip. The secure code (PAL) verifies and sanity checks the requested operations. Even if the host machine is completely rooted and starts submitting false orders, it can only submit requests to the secure subsystem, it can't directly steal the money.

Remote attestation is useful any time somebody might want to trade or interact with you but have some assurances around how your computer may behave. DRM was one of the original driving motivations indeed, but even here the way the system works is not "evil" in any sense unless you have a truly warped idea of human relations. The technology lets you prove to some online store that you will follow the rules around using the stuff you're buying - like not simply uploading it to a file sharing network. But if you don't find the terms that store requires acceptable, you just don't shop there: they can't actually force you to run any software or put your computer into any particular state. In other words it lets you prove you are doing what you said you'd do, alternatively, it is designed to make it hard to lie - just a mechanical way to enforce contracts. Unless you're routinely in the habit of defrauding people you enter into contracts with, such a capability should not concern you. And the standards are completely open. You can run such an online store on your own Linux box in your bedroom if you like - there's nothing that tips the playing field in favor of Microsoft or other companies (which is why Bitcoin agents can use it).

This is a TCG/TPM-Lib thing. Not a MSFT thing.

[slew]

The headline is slighly misleading. It's not MSFT's spec, it's the Trusted Computing Group (TCG) and their TPM spec.

One of the goals of the new TPM spec was to allow a better way to replace some algorithms because the original TPM spec entangle SHA1 hash in such a way (with the PCR extension mechanism) that it was difficult to replace that hash algorithm when weakness was discovered that algorithm and people wanted to replace it. Once you change the design and open that up you should probably include the usual suspects.

Some interesting additional algorithms added to the support library were SM3_256 and SM4 (the hash and symmetric key algorithms mandated for use in chinese DRM), WHIRLPOOL512 (hash function from NESSIE). In addition of the normal RSA public key stuff, they've also added ECC, ECDSA, ECDH, ECDAA, ECSCHNORR (a smattering of ellipitic curve based standards) to the mix in order to help gain acceptance in those markets that want/need shorter key lengths that are available to EC-derived algorithms that presumably have similar security to their RSA counterparts with longer keys.

Interestingly, although they include the SHA2 family of hash functions as an SHA1 upgrade, the newly minted SHA3 was strangely absent. Also, I don't think they have included SM2 (the chinese ECC signature technique), but that's probably just an oversight. I expect both of these omissions to be remedied with the next release.

Re:TPM Of Evil

[TubeSteak]

Trusted computing has a needlessly bad rap because of kneejerk reactions like this one. In fact it's a flexible and general tool that can be used for many purposes.

Because I'm lazy, I'll just copy and paste a comment I made in another thread about TPM

Ever since TPM was created, we're always just a few bits and bytes away from having it leveraged against us, by them.
And by "us" I mean "the computer users."
By "them" I mean "the hardware manufacturers and software/media companies."

Example: The newest motherboards don't *need* the ability to disable trusted boot. Heck, it'd have been easier to not include it!
We're more or less at the mercy of a small number of companies and their design decisions.