-
faulTPM: Exposing AMD fTPMs' Deepest Secrets
Authors:
Hans Niklas Jacob,
Christian Werling,
Robert Buhren,
Jean-Pierre Seifert
Abstract:
Trusted Platform Modules constitute an integral building block of modern security features. Moreover, as Windows 11 made a TPM 2.0 mandatory, they are subject to an ever-increasing academic challenge. While discrete TPMs - as found in higher-end systems - have been susceptible to attacks on their exposed communication interface, more common firmware TPMs (fTPMs) are immune to this attack vector as…
▽ More
Trusted Platform Modules constitute an integral building block of modern security features. Moreover, as Windows 11 made a TPM 2.0 mandatory, they are subject to an ever-increasing academic challenge. While discrete TPMs - as found in higher-end systems - have been susceptible to attacks on their exposed communication interface, more common firmware TPMs (fTPMs) are immune to this attack vector as they do not communicate with the CPU via an exposed bus. In this paper, we analyze a new class of attacks against fTPMs: Attacking their Trusted Execution Environment can lead to a full TPM state compromise. We experimentally verify this attack by compromising the AMD Secure Processor, which constitutes the TEE for AMD's fTPMs. In contrast to previous dTPM sniffing attacks, this vulnerability exposes the complete internal TPM state of the fTPM. It allows us to extract any cryptographic material stored or sealed by the fTPM regardless of authentication mechanisms such as Platform Configuration Register validation or passphrases with anti-hammering protection. First, we demonstrate the impact of our findings by - to the best of our knowledge - enabling the first attack against Full Disk Encryption solutions backed by an fTPM. Furthermore, we lay out how any application relying solely on the security properties of the TPM - like Bitlocker's TPM- only protector - can be defeated by an attacker with 2-3 hours of physical access to the target device. Lastly, we analyze the impact of our attack on FDE solutions protected by a TPM and PIN strategy. While a naive implementation also leaves the disk completely unprotected, we find that BitLocker's FDE implementation withholds some protection depending on the complexity of the used PIN. Our results show that when an fTPM's internal state is compromised, a TPM and PIN strategy for FDE is less secure than TPM-less protection with a reasonable passphrase.
△ Less
Submitted 2 May, 2023; v1 submitted 28 April, 2023;
originally announced April 2023.
-
EM-Fault It Yourself: Building a Replicable EMFI Setup for Desktop and Server Hardware
Authors:
Niclas Kühnapfel,
Robert Buhren,
Hans Niklas Jacob,
Thilo Krachenfels,
Christian Werling,
Jean-Pierre Seifert
Abstract:
EMFI has become a popular fault injection (FI) technique due to its ability to inject faults precisely considering timing and location. Recently, ARM, RISC-V, and even x86 processing units in different packages were shown to be vulnerable to electromagnetic fault injection (EMFI) attacks. However, past publications lack a detailed description of the entire attack setup, hindering researchers and c…
▽ More
EMFI has become a popular fault injection (FI) technique due to its ability to inject faults precisely considering timing and location. Recently, ARM, RISC-V, and even x86 processing units in different packages were shown to be vulnerable to electromagnetic fault injection (EMFI) attacks. However, past publications lack a detailed description of the entire attack setup, hindering researchers and companies from easily replicating the presented attacks on their devices. In this work, we first show how to build an automated EMFI setup with high scanning resolution and good repeatability that is large enough to attack modern desktop and server CPUs. We structurally lay out all details on mechanics, hardware, and software along with this paper. Second, we use our setup to attack a deeply embedded security co-processor in modern AMD systems on a chip (SoCs), the AMD Secure Processor (AMD-SP). Using a previously published code execution exploit, we run two custom payloads on the AMD-SP that utilize the SoC to different degrees. We then visualize these fault locations on SoC photographs allowing us to reason about the SoC's components under attack. Finally, we show that the signature verification process of one of the first executed firmware parts is susceptible to EMFI attacks, undermining the security architecture of the entire SoC. To the best of our knowledge, this is the first reported EMFI attack against an AMD desktop CPU.
△ Less
Submitted 20 September, 2022;
originally announced September 2022.
-
On the parameterized complexity of computing tree-partitions
Authors:
Hans L. Bodlaender,
Carla Groenland,
Hugo Jacob
Abstract:
We study the parameterized complexity of computing the tree-partition-width, a graph parameter equivalent to treewidth on graphs of bounded maximum degree. On one hand, we can obtain approximations of the tree-partition-width efficiently: we show that there is an algorithm that, given an $n$-vertex graph $G$ and an integer $k$, constructs a tree-partition of width $O(k^7)$ for $G$ or reports that…
▽ More
We study the parameterized complexity of computing the tree-partition-width, a graph parameter equivalent to treewidth on graphs of bounded maximum degree. On one hand, we can obtain approximations of the tree-partition-width efficiently: we show that there is an algorithm that, given an $n$-vertex graph $G$ and an integer $k$, constructs a tree-partition of width $O(k^7)$ for $G$ or reports that $G$ has tree-partition-width more than $k$, in time $k^{O(1)}n^2$. We can improve slightly on the approximation factor by sacrificing the dependence on $k$, or on $n$. On the other hand, we show the problem of computing tree-partition-width exactly is XALP-complete, which implies that it is $W[t]$-hard for all $t$. We deduce XALP-completeness of the problem of computing the domino treewidth. Next, we adapt some known results on the parameter tree-partition-width and the topological minor relation, and use them to compare tree-partition-width to tree-cut width. Finally, for the related parameter weighted tree-partition-width, we give a similar approximation algorithm (with ratio now $O(k^{15})$) and show XALP-completeness for the special case where vertices and edges have weight 1.
△ Less
Submitted 29 April, 2024; v1 submitted 23 June, 2022;
originally announced June 2022.
-
On the Complexity of Problems on Tree-structured Graphs
Authors:
Hans L. Bodlaender,
Carla Groenland,
Hugo Jacob,
Marcin Pilipczuk,
Michał Pilipczuk
Abstract:
In this paper, we introduce a new class of parameterized problems, which we call XALP: the class of all parameterized problems that can be solved in $f(k)n^{O(1)}$ time and $f(k)\log n$ space on a non-deterministic Turing Machine with access to an auxiliary stack (with only top element lookup allowed). Various natural problems on `tree-structured graphs' are complete for this class: we show that L…
▽ More
In this paper, we introduce a new class of parameterized problems, which we call XALP: the class of all parameterized problems that can be solved in $f(k)n^{O(1)}$ time and $f(k)\log n$ space on a non-deterministic Turing Machine with access to an auxiliary stack (with only top element lookup allowed). Various natural problems on `tree-structured graphs' are complete for this class: we show that List Colouring and All-or-Nothing Flow parameterized by treewidth are XALP-complete. Moreover, Independent Set and Dominating Set parameterized by treewidth divided by $\log n$, and Max Cut parameterized by cliquewidth are also XALP-complete.
Besides finding a `natural home' for these problems, we also pave the road for future reductions. We give a number of equivalent characterisations of the class XALP, e.g., XALP is the class of problems solvable by an Alternating Turing Machine whose runs have tree size at most $f(k)n^{O(1)}$ and use $f(k)\log n$ space. Moreover, we introduce `tree-shaped' variants of Weighted CNF-Satisfiability and Multicolour Clique that are XALP-complete.
△ Less
Submitted 19 January, 2024; v1 submitted 23 June, 2022;
originally announced June 2022.
-
List Colouring Trees in Logarithmic Space
Authors:
Hans L. Bodlaender,
Carla Groenland,
Hugo Jacob
Abstract:
We show that List Colouring can be solved on $n$-vertex trees by a deterministic Turing machine using $O(\log n)$ bits on the worktape. Given an $n$-vertex graph $G=(V,E)$ and a list $L(v)\subseteq\{1,\dots,n\}$ of available colours for each $v\in V$, a list colouring for $G$ is a proper colouring $c$ such that $c(v)\in L(v)$ for all $v$.
We show that List Colouring can be solved on $n$-vertex trees by a deterministic Turing machine using $O(\log n)$ bits on the worktape. Given an $n$-vertex graph $G=(V,E)$ and a list $L(v)\subseteq\{1,\dots,n\}$ of available colours for each $v\in V$, a list colouring for $G$ is a proper colouring $c$ such that $c(v)\in L(v)$ for all $v$.
△ Less
Submitted 20 June, 2022;
originally announced June 2022.
-
XNLP-completeness for Parameterized Problems on Graphs with a Linear Structure
Authors:
Hans L. Bodlaender,
Carla Groenland,
Hugo Jacob,
Lars Jaffke,
Paloma T. Lima
Abstract:
In this paper, we showcase the class XNLP as a natural place for many hard problems parameterized by linear width measures. This strengthens existing $W[1]$-hardness proofs for these problems, since XNLP-hardness implies $W[t]$-hardness for all $t$. It also indicates, via a conjecture by Pilipczuk and Wrochna [ToCT 2018], that any XP algorithm for such problems is likely to require XP space.
In…
▽ More
In this paper, we showcase the class XNLP as a natural place for many hard problems parameterized by linear width measures. This strengthens existing $W[1]$-hardness proofs for these problems, since XNLP-hardness implies $W[t]$-hardness for all $t$. It also indicates, via a conjecture by Pilipczuk and Wrochna [ToCT 2018], that any XP algorithm for such problems is likely to require XP space.
In particular, we show XNLP-completeness for natural problems parameterized by pathwidth, linear clique-width, and linear mim-width. The problems we consider are Independent Set, Dominating Set, Odd Cycle Transversal, ($q$-)Coloring, Max Cut, Maximum Regular Induced Subgraph, Feedback Vertex Set, Capacitated (Red-Blue) Dominating Set, and Bipartite Bandwidth.
△ Less
Submitted 13 July, 2022; v1 submitted 31 January, 2022;
originally announced January 2022.
-
Bounding twin-width for bounded-treewidth graphs, planar graphs, and bipartite graphs
Authors:
Hugo Jacob,
Marcin Pilipczuk
Abstract:
Twin-width is a newly introduced graph width parameter that aims at generalizing a wide range of "nicely structured" graph classes. In this work, we focus on obtaining good bounds on twin-width $\text{tww}(G)$ for graphs $G$ from a number of classic graph classes. We prove the following:
- $\text{tww}(G) \leq 3\cdot 2^{\text{tw}(G)-1}$, where $\text{tw}(G)$ is the treewidth of $G$,
-…
▽ More
Twin-width is a newly introduced graph width parameter that aims at generalizing a wide range of "nicely structured" graph classes. In this work, we focus on obtaining good bounds on twin-width $\text{tww}(G)$ for graphs $G$ from a number of classic graph classes. We prove the following:
- $\text{tww}(G) \leq 3\cdot 2^{\text{tw}(G)-1}$, where $\text{tw}(G)$ is the treewidth of $G$,
- $\text{tww}(G) \leq \max(4\text{bw}(G),\frac{9}{2}\text{bw}(G)-3)$ for a planar graph $G$ with $\text{bw}(G) \geq 2$, where $\text{bw}(G)$ is the branchwidth of $G$,
- $\text{tww}(G) \leq 183$ for a planar graph $G$,
- the twin-width of a universal bipartite graph $(X,2^X,E)$ with $|X|=n$ is $n - \log_2(n) +
\mathcal{O}(1)$ .
An important idea behind the bounds for planar graphs is to use an embedding of the graph and sphere-cut decompositions to obtain good bounds on neighbourhood complexity.
△ Less
Submitted 24 January, 2022;
originally announced January 2022.
-
One Glitch to Rule Them All: Fault Injection Attacks Against AMD's Secure Encrypted Virtualization
Authors:
Robert Buhren,
Hans Niklas Jacob,
Thilo Krachenfels,
Jean-Pierre Seifert
Abstract:
AMD Secure Encrypted Virtualization (SEV) offers protection mechanisms for virtual machines in untrusted environments through memory and register encryption. To separate security-sensitive operations from software executing on the main x86 cores, SEV leverages the AMD Secure Processor (AMD-SP). This paper introduces a new approach to attack SEV-protected virtual machines (VMs) by targeting the AMD…
▽ More
AMD Secure Encrypted Virtualization (SEV) offers protection mechanisms for virtual machines in untrusted environments through memory and register encryption. To separate security-sensitive operations from software executing on the main x86 cores, SEV leverages the AMD Secure Processor (AMD-SP). This paper introduces a new approach to attack SEV-protected virtual machines (VMs) by targeting the AMD-SP. We present a voltage glitching attack that allows an attacker to execute custom payloads on the AMD-SPs of all microarchitectures that support SEV currently on the market (Zen 1, Zen 2, and Zen 3). The presented methods allow us to deploy a custom SEV firmware on the AMD-SP, which enables an adversary to decrypt a VM's memory. Furthermore, using our approach, we can extract endorsement keys of SEV-enabled CPUs, which allows us to fake attestation reports or to pose as a valid target for VM migration without requiring physical access to the target host. Moreover, we reverse-engineered the Versioned Chip Endorsement Key (VCEK) mechanism introduced with SEV Secure Nested Paging (SEV-SNP). The VCEK binds the endorsement keys to the firmware version of TCB components relevant for SEV. Building on the ability to extract the endorsement keys, we show how to derive valid VCEKs for arbitrary firmware versions. With our findings, we prove that SEV cannot adequately protect confidential data in cloud environments from insider attackers, such as rogue administrators, on currently available CPUs.
△ Less
Submitted 26 August, 2021; v1 submitted 10 August, 2021;
originally announced August 2021.
-
Close relatives (of Feedback Vertex Set), revisited
Authors:
Hugo Jacob,
Thomas Bellitto,
Oscar Defrain,
Marcin Pilipczuk
Abstract:
At IPEC 2020, Bergougnoux, Bonnet, Brettell, and Kwon showed that a number of problems related to the classic Feedback Vertex Set (FVS) problem do not admit a $2^{o(k \log k)} \cdot n^{\mathcal{O}(1)}$-time algorithm on graphs of treewidth at most $k$, assuming the Exponential Time Hypothesis. This contrasts with the $3^{k} \cdot k^{\mathcal{O}(1)} \cdot n$-time algorithm for FVS using the Cut&Cou…
▽ More
At IPEC 2020, Bergougnoux, Bonnet, Brettell, and Kwon showed that a number of problems related to the classic Feedback Vertex Set (FVS) problem do not admit a $2^{o(k \log k)} \cdot n^{\mathcal{O}(1)}$-time algorithm on graphs of treewidth at most $k$, assuming the Exponential Time Hypothesis. This contrasts with the $3^{k} \cdot k^{\mathcal{O}(1)} \cdot n$-time algorithm for FVS using the Cut&Count technique.
During their live talk at IPEC 2020, Bergougnoux et al.~posed a number of open questions, which we answer in this work.
- Subset Even Cycle Transversal, Subset Odd Cycle Transversal, Subset Feedback Vertex Set can be solved in time $2^{\mathcal{O}(k \log k)} \cdot n$ in graphs of treewidth at most $k$. This matches a lower bound for Even Cycle Transversal of Bergougnoux et al.~and improves the polynomial factor in some of their upper bounds.
- Subset Feedback Vertex Set and Node Multiway Cut can be solved in time $2^{\mathcal{O}(k \log k)} \cdot n$, if the input graph is given as a clique-width expression of size $n$ and width $k$.
- Odd Cycle Transversal can be solved in time $4^k \cdot k^{\mathcal{O}(1)} \cdot n$ if the input graph is given as a clique-width expression of size $n$ and width $k$. Furthermore, the existence of a constant $\varepsilon > 0$ and an algorithm performing this task in time $(4-\varepsilon)^k \cdot n^{\mathcal{O}(1)}$ would contradict the Strong Exponential Time Hypothesis.
△ Less
Submitted 30 June, 2021;
originally announced June 2021.
