Integrity of hardware-based computer security is challenged

A presentation scheduled for Black Hat USA 2007 that promised to undermine chip-based desktop and laptop security has been suddenly withdrawn without explanation.

The briefing, “TPMkit: Breaking the Legend of [Trusted Computing Group’s Trusted Platform Module] and Vista (BitLocker),” promised to show how computer security based on trusted platform module (TPM) hardware could be circumvented

“We will be demonstrating how to break TPM,” Nitin and Vipin Kumar said in their abstract for their talk that was posted on the Black Hat Web site but was removed overnight Monday.

“The demonstration would include a few live demonstrations. For example, one demonstration will show how to login and access data on a Windows Vista System (which has TPM + BitLocker enabled),” the abstract said.

BitLocker is disk-encryption technology in Microsoft’s Vista operating system that relies on TPM to store keys.

In an e-mail, Vipin Kumar says, “We have pulled back our presentation from … Black Hat. So, we won't be presenting anything related to TPM/BitLocker in Black Hat. . . . We would not like to say anything about the TPM/BitLocker for the time being.” He didn’t respond to inquiries about why the brothers withdrew.

A spokeswoman for the conference was unable to offer more information. “At their request, they are no longer presenting. That is all the info I have,” said the spokeswoman, Nico Sell, in an e-mail.

The conference brings together technically savvy security experts from business, government and the hacking community to discuss the latest security technologies. Frequently, Black Hat briefings become controversial because they point out previously unknown weaknesses in products or technologies.

The Kumars’ promised exploit would be a chink in the armor of hardware-based system integrity that TPM is designed to ensure.

TPM is also a key component of Trusted Computing Group’s architecture for network access control (NAC). TPM would create a unique value or hash of all the steps of a computer’s boot sequence that would represent the particular state of that machine, according to Steve Hanna, co-chair of TCG’s NAC effort.

This initial hash of a known, trusted machine would be stored in the TPM and compared to the hash that is created when that machine last booted up. As part of TCG’s NAC plan, if the hash values don’t match, that indicates the machine has been altered and might no longer be secure, says Hanna.

That check, known as remote attestation, would be part of decision making by a NAC policy server. In their description of their talk, the Kumars said they have developed a tool called TPMkit that bypasses remote attestation andwould let a computer that is not in a trusted state gain access anyway.

At the Black Hat conference in Amsterdam earlier this year the Kumars demonstrated a bootkit that can insinuate itself into the Vista kernel without setting off Vista security alarms. At the time, the pair said they thought TPM was the only way to ensure that unsigned code is blocked from executing during the Vista boot sequence.

The Kumars live in India and run a security consulting firm called NV Labs.