TCG Inside? - A Note on TPM Specification Compliance

This is a paper that I have written together with Ahmad-Reza Sadeghi, Marcel Selhorst, Christian Stüble and Christian Wachsmann, and I am going to present it at the First ACM Workshop on Scalable Trusted Computing (STC’06) in Fairfax, Virginia, USA, next month. The paper describes the first steps towards having an independent means for testing the compliance of Trusted Platform Module (TPM) chips according the TCG specifications. Besides presenting a test strategy, we have also developed a prototype test suite. Although the currently implemented tests do not cover the complete TCG specification, our test results show that many TPM implementations do not meet the TCG specification and have bugs. We also discuss that non-compliance may have crucial impact on security. For instance, non-compliant error return codes may be useful for profiling TPM chip models. These profiles may then be used in further attacks, e.g., password dictionary attacks.

We have already published first results of our tests in a technical report, which was also mentioned in the c’t magazine (“Sicherheits-Chips auf den Zahn gefühlt”, in German). For more information, see our project website on TPM Compliance Tests.