[tpm2] Re: Is the tpm2_create command safe against sniffing attacks?

[tpm2] Re: Is the tpm2_create command safe against sniffing attacks?

[Joseph Lee]

[-- Attachment #1: Type: text/plain, Size: 4482 bytes --]

Hi Dimi,

Sorry to bother you. By installing the latest version of tpm2-tools, 
encrypted communication is possible.
Seal/unseal was possible as shown below.

But I have one question. How can I detect if a MITM attack occurs during 
the seal/unseal process? After establishing a session, is there any way 
to get the EK certificate of that session?
It seems that the tpm2_getekcertificate command can only get 
certificates created via the createek command. I'd like to know if the 
TPM I've made a session with is genuine.

Seal:
 > tpm2_createprimary -c prim.ctx
 > tpm2_startauthsession --hmac-session -c prim.ctx -S sess.ctx
 > tpm2_create -Q -g sha256 -u seal.pub -r seal.priv -i temp.key -C 
prim.ctx -S sess.ctx
 > tpm2_load -Q -C prim.ctx -u seal.pub -r seal.priv -n seal.name -c 
seal.ctx
 > tpm2_evictcontrol -C o -c seal.ctx 0x81010001
 > tpm2_flushcontext sess.ctx

Unseal:
 > tpm2_startauthsession --hmac-session -c prim.ctx -S sess.ctx
 > tpm2_unseal -c seal.ctx -S sess.ctx -o out.key
 > tpm2_flushcontext sess.ctx

Thanks & Regards,
Joseph

------ Original Message ------
보낸 사람: "Joseph Lee (ZeronsoftN)" <joseph(a)zeronsoftn.com>
받는 사람: "Dimitar Tomov" <dimi(a)designfirst.ee>; "tpm2(a)lists.01.org" 
<tpm2(a)lists.01.org>
보낸 날짜: 2021-08-02 오전 6:27:36
제목: [tpm2] Re: Is the tpm2_create command safe against sniffing attacks?

>Hi Dimi,
>
>Thank you for your kind answer. Looking at the link you gave, I think I 
>can get more ideas.
>
>I've been trying session encryption via tpm2-tools all weekend.
>But I haven't found a way to create an encrypted session in tpm2-tools 
>yet. Maybe tpm2-tools doesn't support encrypted sessions?
>
>If this is clear, I will implement parameter encryption through 
>tpm2-tools with referring to wolfTPM.
>
>Thanks & Regards,
>Joseph
>
>------ Original Message ------
>보낸 사람: "Dimitar Tomov" <dimi(a)designfirst.ee>
>받는 사람: "tpm2(a)lists.01.org" <tpm2(a)lists.01.org>; "Joseph Lee 
>(ZeronsoftN)" <joseph(a)zeronsoftn.com>
>보낸 날짜: 2021-08-02 오전 4:33:02
>제목: [tpm2] Re: Is the tpm2_create command safe against sniffing 
>attacks?
>
>>Hi Joseph,
>>
>>TPM 2.0 offers Parameter Encryption capability and HMAC sessions as 
>>measures against Man-in-the-middle attacks
>>
>>Examples in wolfTPM demonstrate how to enable Parameter Encryption
>>
>>  
>>https://github.com/wolfSSL/wolfTPM/blob/b0a65e44b8a25be88b2f9ff4e35fbf08360e5d01/examples/nvram/store.c#L121
>>
>>There is also Keygen , Key import and Key loading examples with 
>>Parameter Encryption
>>
>>https://github.com/wolfSSL/wolfTPM/blob/b0a65e44b8a25be88b2f9ff4e35fbf08360e5d01/examples/nvram/store.c#L121
>>
>>Last week we discussed the Dolos Group story about a stolen laptop 
>>with TPM https://developers.tpm.dev/posts/15883726
>>
>>If Parameter Encryption and HMAC session have been used, this story 
>>would have developed differently.
>>
>>Hope this helps.
>>
>>Dimi
>>--
>>Founder of TPM.dev
>>
>>--------------------------------------------------------------------------------
>>From: Joseph Lee (ZeronsoftN) <joseph(a)zeronsoftncom 
>><mailto:joseph(a)zeronsoftn.com>>
>>Sent: Saturday, July 31, 2021 2:09 AM
>>To:tpm2(a)lists.01.org <tpm2(a)lists.01.org>
>>Subject: [tpm2] Is the tpm2_create command safe against sniffing 
>>attacks?
>>
>>Hello,
>>
>>https://pulsesecurity.co.nz/articles/TPM-sniffing
>>In this article, can see that communication with the TPM is vulnerable 
>>to sniffing if not careful.
>>
>>https://tpm2-software.github.io/2020/04/13/Disk-Encryption.html
>>Is the disk encryption described in tpm2-software's blog safe against 
>>these attacks?
>>
>>tpm2_createprimary -Q -C o -c prim.ctx
>>dd if=/dev/urandom bs=1 count=32 status=none | tpm2_create -Q -g 
>>sha256 -u seal.pub -r seal.priv -i- -C prim.ctx
>>tpm2_load -Q -C prim.ctx -u seal.pub -r seal.priv -n seal.name -c 
>>seal.ctx
>>tpm2_evictcontrol -C o -c seal.ctx 0x81010001
>>
>>My question is:
>>     1. Is there a tool in linux that can sniff communication with the 
>>current system's TPM?
>>     2. How to encrypt communications if the methods described above 
>>are not secure?
>>         It seems that encryption is possible through 
>>tpm2_startauthsession , but I do not know how to apply it to 
>>tpm2_create . (The -S option simply did not work.)
>>
>>Thank you.
>>
>>
>>
>>
>
>
>

[-- Attachment #2: attachment.htm --]
[-- Type: text/html, Size: 13019 bytes --]

[tpm2] Re: Is the tpm2_create command safe against sniffing attacks?

[joseph]

[-- Attachment #1: Type: text/plain, Size: 1351 bytes --]


"salted session" was the keyword I was looking for!
Really thank you :) 화요일, 03 8월 2021, 03:59오전 +09:00 발신 Kenneth Goldman  kgoldman(a)us.ibm.com :

>"Steven Clark" < davolfman(a)gmail.com> wrote on 08/02/2021 01:26:56 PM:
>
> I think it may be an optional standard but my TPM has some certs 
> permanently stored in nv-indices in the 0x1c0000x range that can be 
> checked against the manufacturer cert.  I haven't learned how to 
> leverage those into trusted parameter encryption keys yet but they 
> should be able to verify there's a real TPM at the other end at the 
> very least (and more if you learn to use them correctly).
>
>The EK certificates in NV are in theory optional, but every TPM
>I have encountered has them.
>
>Checking the certificate against the manufacturer's CA is
>a standard crypto library function.
>
>Once you have an authentic EK, create a salted session using
>the EK.
>
>Once you have the salted session, set the encrypt and/or decrypt bit
>when running the command.
>
>Underneath, there's some complicated crypto, but it's all
>hidden from the application.
>
>_______________________________________________
>tpm2 mailing list --  tpm2(a)lists.01.org
>To unsubscribe send an email to  tpm2-leave(a)lists.01.org
>%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s

[-- Attachment #2: attachment.htm --]
[-- Type: text/html, Size: 2669 bytes --]

[tpm2] Re: Is the tpm2_create command safe against sniffing attacks?

[Kenneth Goldman]

[-- Attachment #1: Type: text/plain, Size: 952 bytes --]





"Steven Clark" <davolfman(a)gmail.com> wrote on 08/02/2021 01:26:56 PM:

> I think it may be an optional standard but my TPM has some certs
> permanently stored in nv-indices in the 0x1c0000x range that can be
> checked against the manufacturer cert.  I haven't learned how to
> leverage those into trusted parameter encryption keys yet but they
> should be able to verify there's a real TPM at the other end at the
> very least (and more if you learn to use them correctly).

The EK certificates in NV are in theory optional, but every TPM
I have encountered has them.

Checking the certificate against the manufacturer's CA is
a standard crypto library function.

Once you have an authentic EK, create a salted session using
the EK.

Once you have the salted session, set the encrypt and/or decrypt bit
when running the command.

Underneath, there's some complicated crypto, but it's all
hidden from the application.

[-- Attachment #2: attachment.htm --]
[-- Type: text/html, Size: 1402 bytes --]

[tpm2] Re: Is the tpm2_create command safe against sniffing attacks?

[Steven Clark]

[-- Attachment #1: Type: text/plain, Size: 5224 bytes --]

Hi Joseph,

I think it may be an optional standard but my TPM has some certs
permanently stored in nv-indices in the 0x1c0000x range that can be checked
against the manufacturer cert.  I haven't learned how to leverage those
into trusted parameter encryption keys yet but they should be able to
verify there's a real TPM at the other end at the very least (and more if
you learn to use them correctly).

On Sun, Aug 1, 2021 at 8:33 PM Joseph Lee (ZeronsoftN) <
joseph(a)zeronsoftn.com> wrote:

> Hi Dimi,
>
> Sorry to bother you. By installing the latest version of tpm2-tools,
> encrypted communication is possible.
> Seal/unseal was possible as shown below.
>
> But I have one question. How can I detect if a MITM attack occurs during
> the seal/unseal process? After establishing a session, is there any way to
> get the EK certificate of that session?
> It seems that the tpm2_getekcertificate command can only get certificates
> created via the createek command. I'd like to know if the TPM I've made a
> session with is genuine.
>
> Seal:
> > tpm2_createprimary -c prim.ctx
> > tpm2_startauthsession --hmac-session -c prim.ctx -S sess.ctx
> > tpm2_create -Q -g sha256 -u seal.pub -r seal.priv -i temp.key -C
> prim.ctx -S sess.ctx
> > tpm2_load -Q -C prim.ctx -u seal.pub -r seal.priv -n seal.name -c
> sealctx
> > tpm2_evictcontrol -C o -c seal.ctx 0x81010001
> > tpm2_flushcontext sess.ctx
>
> Unseal:
> > tpm2_startauthsession --hmac-session -c prim.ctx -S sess.ctx
> > tpm2_unseal -c seal.ctx -S sess.ctx -o out.key
> > tpm2_flushcontext sess.ctx
>
> Thanks & Regards,
> Joseph
>
> ------ Original Message ------
> 보낸 사람: "Joseph Lee (ZeronsoftN)" <joseph(a)zeronsoftn.com>
> 받는 사람: "Dimitar Tomov" <dimi(a)designfirst.ee>; "tpm2(a)lists.01.org" <
> tpm2(a)lists.01.org>
> 보낸 날짜: 2021-08-02 오전 6:27:36
> 제목: [tpm2] Re: Is the tpm2_create command safe against sniffing attacks?
>
> Hi Dimi,
>
> Thank you for your kind answer. Looking at the link you gave, I think I
> can get more ideas.
>
> I've been trying session encryption via tpm2-tools all weekend.
> But I haven't found a way to create an encrypted session in tpm2-tools
> yet. Maybe tpm2-tools doesn't support encrypted sessions?
>
> If this is clear, I will implement parameter encryption through tpm2-tools
> with referring to wolfTPM
>
> Thanks & Regards,
> Joseph
>
> ------ Original Message ------
> 보낸 사람: "Dimitar Tomov" <dimi(a)designfirst.ee>
> 받는 사람: "tpm2(a)lists.01.org" <tpm2(a)lists.01.org>; "Joseph Lee (ZeronsoftN)"
> <joseph(a)zeronsoftn.com>
> 보낸 날짜: 2021-08-02 오전 4:33:02
> 제목: [tpm2] Re: Is the tpm2_create command safe against sniffing attacks?
>
> Hi Joseph,
>
> TPM 2.0 offers Parameter Encryption capability and HMAC sessions as
> measures against Man-in-the-middle attacks
>
> Examples in wolfTPM demonstrate how to enable Parameter Encryption
>
>
> https://github.com/wolfSSL/wolfTPM/blob/b0a65e44b8a25be88b2f9ff4e35fbf08360e5d01/examples/nvram/store.c#L121
>
>
> There is also Keygen , Key import and Key loading examples with Parameter
> Encryption
>
>
> https://github.com/wolfSSL/wolfTPM/blob/b0a65e44b8a25be88b2f9ff4e35fbf08360e5d01/examples/nvram/store.c#L121
>
> Last week we discussed the Dolos Group story about a stolen laptop with
> TPM https://developers.tpm.dev/posts/15883726
>
> If Parameter Encryption and HMAC session have been used, this story would
> have developed differently.
>
> Hope this helps.
>
> Dimi
> --
> Founder of TPM.dev
>
> ------------------------------
> *From:* Joseph Lee (ZeronsoftN) <joseph(a)zeronsoftncom
> <joseph(a)zeronsoftn.com>>
> *Sent:* Saturday, July 31, 2021 2:09 AM
> *To:* tpm2(a)lists.01.org <tpm2(a)lists.01.org>
> *Subject:* [tpm2] Is the tpm2_create command safe against sniffing
> attacks?
>
> Hello,
>
> https://pulsesecurity.co.nz/articles/TPM-sniffing
> In this article, can see that communication with the TPM is vulnerable to
> sniffing if not careful.
>
> https://tpm2-software.github.io/2020/04/13/Disk-Encryption.html
> Is the disk encryption described in tpm2-software's blog safe against
> these attacks?
>
>
>    1. tpm2_createprimary -Q -C o -c prim.ctx
>    2. dd if=/dev/urandom bs=1 count=32 status=none | tpm2_create -Q -g
>    sha256 -u seal.pub -r seal.priv -i- -C prim.ctx
>    3. tpm2_load -Q -C prim.ctx -u seal.pub -r seal.priv -n seal.name -c
>    seal.ctx
>    4. tpm2_evictcontrol -C o -c seal.ctx 0x81010001
>
>
> My question is:
>     1. Is there a tool in linux that can sniff communication with the
> current system's TPM?
>     2. How to encrypt communications if the methods described above are
> not secure?
>         It seems that encryption is possible through tpm2_startauthsession
> , but I do not know how to apply it to tpm2_create . (The -S option simply
> did not work.)
>
> Thank you.
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> tpm2 mailing list -- tpm2(a)lists.01.org
> To unsubscribe send an email to tpm2-leave(a)lists.01.org
> %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s

[-- Attachment #2: attachment.htm --]
[-- Type: text/html, Size: 12452 bytes --]

[tpm2] Re: Is the tpm2_create command safe against sniffing attacks?

[Joseph Lee]

[-- Attachment #1: Type: text/plain, Size: 2935 bytes --]

Hi Dimi,

Thank you for your kind answer. Looking at the link you gave, I think I 
can get more ideas.

I've been trying session encryption via tpm2-tools all weekend.
But I haven't found a way to create an encrypted session in tpm2-tools 
yet. Maybe tpm2-tools doesn't support encrypted sessions?

If this is clear, I will implement parameter encryption through 
tpm2-tools with referring to wolfTPM.

Thanks & Regards,
Joseph

------ Original Message ------
보낸 사람: "Dimitar Tomov" <dimi(a)designfirst.ee>
받는 사람: "tpm2(a)lists.01.org" <tpm2(a)lists.01.org>; "Joseph Lee 
(ZeronsoftN)" <joseph(a)zeronsoftn.com>
보낸 날짜: 2021-08-02 오전 4:33:02
제목: [tpm2] Re: Is the tpm2_create command safe against sniffing attacks?

>Hi Joseph,
>
>TPM 2.0 offers Parameter Encryption capability and HMAC sessions as 
>measures against Man-in-the-middle attacks.
>
>Examples in wolfTPM demonstrate how to enable Parameter Encryption
>
>  
>https://github.com/wolfSSL/wolfTPM/blob/b0a65e44b8a25be88b2f9ff4e35fbf08360e5d01/examples/nvram/store.c#L121
>
>There is also Keygen , Key import and Key loading examples with 
>Parameter Encryption
>
>https://github.com/wolfSSL/wolfTPM/blob/b0a65e44b8a25be88b2f9ff4e35fbf08360e5d01/examples/nvram/store.c#L121
>
>Last week we discussed the Dolos Group story about a stolen laptop with 
>TPM https://developers.tpm.dev/posts/15883726
>
>If Parameter Encryption and HMAC session have been used, this story 
>would have developed differently.
>
>Hope this helps.
>
>Dimi
>--
>Founder of TPM.dev
>
>--------------------------------------------------------------------------------
>From: Joseph Lee (ZeronsoftN) <joseph(a)zeronsoftn.com>
>Sent: Saturday, July 31, 2021 2:09 AM
>To:tpm2(a)lists.01.org <tpm2(a)lists.01.org>
>Subject: [tpm2] Is the tpm2_create command safe against sniffing 
>attacks?
>
>Hello,
>
>https://pulsesecurity.co.nz/articles/TPM-sniffing
>In this article, can see that communication with the TPM is vulnerable 
>to sniffing if not careful.
>
>https://tpm2-software.github.io/2020/04/13/Disk-Encryption.html
>Is the disk encryption described in tpm2-software's blog safe against 
>these attacks?
>
>tpm2_createprimary -Q -C o -c prim.ctx
>dd if=/dev/urandom bs=1 count=32 status=none | tpm2_create -Q -g sha256 
>-u seal.pub -r seal.priv -i- -C prim.ctx
>tpm2_load -Q -C prim.ctx -u seal.pub -r seal.priv -n seal.name -c 
>seal.ctx
>tpm2_evictcontrol -C o -c seal.ctx 0x81010001
>
>My question is:
>     1. Is there a tool in linux that can sniff communication with the 
>current system's TPM?
>     2. How to encrypt communications if the methods described above are 
>not secure?
>         It seems that encryption is possible through 
>tpm2_startauthsession , but I do not know how to apply it to 
>tpm2_create . (The -S option simply did not work.)
>
>Thank you.
>
>
>
>

[-- Attachment #2: attachment.htm --]
[-- Type: text/html, Size: 10654 bytes --]

[tpm2] Re: Is the tpm2_create command safe against sniffing attacks?

[Dimitar Tomov]

[-- Attachment #1: Type: text/plain, Size: 2131 bytes --]

Hi Joseph,

TPM 2.0 offers Parameter Encryption capability and HMAC sessions as measures against Man-in-the-middle attacks.

Examples in wolfTPM demonstrate how to enable Parameter Encryption

 https://github.com/wolfSSL/wolfTPM/blob/b0a65e44b8a25be88b2f9ff4e35fbf08360e5d01/examples/nvram/store.c#L121

There is also Keygen , Key import and Key loading examples with Parameter Encryption

https://github.com/wolfSSL/wolfTPM/blob/b0a65e44b8a25be88b2f9ff4e35fbf08360e5d01/examples/nvram/store.c#L121

Last week we discussed the Dolos Group story about a stolen laptop with TPM https://developers.tpm.dev/posts/15883726

If Parameter Encryption and HMAC session have been used, this story would have developed differently.

Hope this helps.

Dimi
--
Founder of TPM.dev

________________________________
From: Joseph Lee (ZeronsoftN) <joseph(a)zeronsoftn.com>
Sent: Saturday, July 31, 2021 2:09 AM
To: tpm2(a)lists.01.org <tpm2(a)lists.01.org>
Subject: [tpm2] Is the tpm2_create command safe against sniffing attacks?

Hello,

https://pulsesecurity.co.nz/articles/TPM-sniffing
In this article, can see that communication with the TPM is vulnerable to sniffing if not careful.

https://tpm2-software.github.io/2020/04/13/Disk-Encryption.html
Is the disk encryption described in tpm2-software's blog safe against these attacks?


  1.  tpm2_createprimary -Q -C o -c prim.ctx
  2.  dd if=/dev/urandom bs=1 count=32 status=none | tpm2_create -Q -g sha256 -u seal.pub -r seal.priv -i- -C prim.ctx
  3.  tpm2_load -Q -C prim.ctx -u seal.pub -r seal.priv -n seal.name -c seal.ctx
  4.  tpm2_evictcontrol -C o -c seal.ctx 0x81010001

My question is:
    1. Is there a tool in linux that can sniff communication with the current system's TPM?
    2. How to encrypt communications if the methods described above are not secure?
        It seems that encryption is possible through tpm2_startauthsession , but I do not know how to apply it to tpm2_create . (The -S option simply did not work.)

Thank you.




[https://mail.zeronsoftn.com/mthumbnail/ffbd1000-b8b6-44ea-b660-35333967ae6e.png]

[-- Attachment #2: attachment.htm --]
[-- Type: text/html, Size: 8172 bytes --]