(1) China Tobacco Zhejiang Industrial Co. Ltd. Hangzhou 310009 China; (2) College of Computer Science Beijing University of Technology Beijing 100124 China; (3) State Key Laboratory of Information Security Institute of Software Chinese Academy of Sciences Beijing 100190 China; (4) Key Laboratory of Information and Network Security 3rd Research Institute Ministry of Public Security Shanghai 201204 China; (5) China Information Technology Security Evaluation Center Beijing 100085 China
为测试可信计算平台的安全性,提出了一种使用现场可编程门阵列(field program gate array,FPGA)搭建监控平台,针对可信平台模块被动工作模式的特点,采用监听、篡改和伪造输入数据等手段对可信平台模块进行攻击,达到攻击可信计算平台的目的.实验结果证明,现有可信计算平台存在中间人攻击的安全隐患.
English Abstract:
To test the security of trusted computing platform, a method using the field program gate array to build a monitor platform was proposed. By monitoring, tampering with and forging input data etc, this method deceived the trusted platform module (TPM) of the passive working mode, doing attacking experiments to the existing trusted platform and TPM. Result of this experiment proves that the existence of man in the middle attack in trusted platform.
Li Jian-Jun,Fang Juan,Ji Qi,et al. fpga-based trusted platform module attack[J]. Beijing Gongye Daxue Xuebao/Journal of Beijing University of Technology,2013-01-01,39(1):70-75.