Title :
Replay attack in TCG specification and solution
Author :
Bruschi, Danilo ; Cavallaro, Lorenzo ; Lanzi, Andrea ; Monga, Mattia
Author_Institution :
Dipt. di Informatica e Comunicazione, Univ. degli Studi di Milano
Abstract :
We prove the existence of a flaw which we individuated in the design of the object-independent authorization protocol (OIAP), which represents one of the building blocks of the trusted platform module (TPM), the core of the trusted computing platforms (TPs) as devised by the trusted computing group (TCG) standards. In particular, we prove, also with the support of a model checker, that the protocol is exposed to replay attacks, which could be used for compromising the correct behavior of a TP We also propose a countermeasure to undertake in order to avoid such an attack as well as any replay attacks to the aforementioned protocol
Keywords :
authorisation; formal specification; model checker; object-independent authorization protocol; replay attack; trusted computing group solution; trusted computing group specification; trusted computing group standards; trusted computing platform module; Access protocols; Application software; Authorization; Buildings; Communications technology; Computational modeling; Computer security; Digital signatures; Embedded software; Protection;
Conference_Titel :
Computer Security Applications Conference, 21st Annual
Conference_Location :
Tucson, AZ
Print_ISBN :
0-7695-2461-3
DOI :
10.1109/CSAC.2005.47
