Dec. 5, 2005 to Dec. 9, 2005
Danilo Bruschi , Universita degli Studi di Milano
Lorenzo Cavallaro , Universita degli Studi di Milano
Andrea Lanzi , Universita degli Studi di Milano
Mattia Monga , Universita degli Studi di Milano
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/CSAC.2005.47
We prove the existence of a flaw which we individuated in the design of the Object-Independent Authorization Protocol (OIAP), which represents one of the building blocks of the Trusted Platform Module (TPM), the core of the Trusted Computing Platforms (TPs) as devised by the Trusted Computing Group (TCG) standards. In particular, we prove, also with the support of a model checker, that the protocol is exposed to replay attacks, which could be used for compromising the correct behavior of a TP. We also propose a countermeasure to undertake in order to avoid such an attack as well as any replay attacks to the aforementioned protocol.
Danilo Bruschi, Lorenzo Cavallaro, Andrea Lanzi, Mattia Monga, "Replay Attack in TCG Specification and Solution", ACSAC, 2005, Computer Security Applications Conference, Annual, Computer Security Applications Conference, Annual 2005, pp. 127-137, doi:10.1109/CSAC.2005.47