Danilo Bruschi
Universita` degli Studi di Milano
Italy
Lorenzo Cavallaro
Universita` degli Studi di Milano
Italy
Andrea Lanzi
Universita` degli Studi di Milano
Italy
Mattia Monga
Universita` degli Studi di Milano
Italy
We prove the existence of a flaw which we individuated in the
design of the Object-Independent Authorization Protocol (OIAP),
which represents one of the building blocks of the Trusted Platform
Module (TPM), the core of the Trusted Computing Platforms (TPs) as
devised by the Trusted Computing Group (TCG) standards. In
particular, we prove, also with the support of a model checker,
that the protocol is exposed to replay attacks, which could be
used for compromising the correct behavior of a TP. We also propose
a countermeasure to undertake in order to avoid such an attack
as well as any replay attacks to the aforementioned protocol.
Keywords: Trusted Computing Platforms, Integrity, Replay Attacks, Model Checker