Boffins from the Worcester Polytechnic Institute and University of California, San Diego, in the US, and the University of Lu beck in Germany, have found that TPMs leak timing information that allows the recovery of the private keys used for cryptographic signatures.
In a paper [PDF] published on Tuesday, "TPM-FAIL: TPM meets Timing and Lattice Attacks," researchers Daniel Moghimi, Berk Sunar, Thomas Eisenbarth, and Nadia Heninger describes how they successfully conducted black-box timing analysis of TPM 2.0 devices to recover 256-bit private keys for ECDSA (Elliptic Curve Digital Signature Algorithm) and ECSchnorr signatures that are supposed to remain unobserved within the TPM.
Timing measurements represent a side channel attack that can be used to infer the inner workings of cryptographic systems.
"Our analysis reveals that elliptic curve signature operations on TPMs from various manufacturers are vulnerable to timing leakage that leads to recovery of the private signing key," the paper states.
"We show that this leakage is significant enough to be exploited remotely by a network adversary."
The researchers found that a local attacker can recover the ECDSA key from Intel fTPM in 4-20 minutes, depending upon the available level of access.