The Community for Technology Leaders
Computer Security Applications Conference, Annual (2005)
Tucson, Arizona
Dec. 5, 2005 to Dec. 9, 2005
ISSN: 1063-9527
ISBN: 0-7695-2461-3
pp: 127-137
Danilo Bruschi , Universita degli Studi di Milano
Lorenzo Cavallaro , Universita degli Studi di Milano
Andrea Lanzi , Universita degli Studi di Milano
Mattia Monga , Universita degli Studi di Milano
ABSTRACT
We prove the existence of a flaw which we individuated in the design of the Object-Independent Authorization Protocol (OIAP), which represents one of the building blocks of the Trusted Platform Module (TPM), the core of the Trusted Computing Platforms (TPs) as devised by the Trusted Computing Group (TCG) standards. In particular, we prove, also with the support of a model checker, that the protocol is exposed to replay attacks, which could be used for compromising the correct behavior of a TP. We also propose a countermeasure to undertake in order to avoid such an attack as well as any replay attacks to the aforementioned protocol.
INDEX TERMS
null
CITATION
Danilo Bruschi, Lorenzo Cavallaro, Andrea Lanzi, Mattia Monga, "Replay Attack in TCG Specification and Solution", Computer Security Applications Conference, Annual, vol. 00, no. , pp. 127-137, 2005, doi:10.1109/CSAC.2005.47
92 ms
(Ver )