Intel’s “Trusted eXecution Technology” Circumvented
From an article in Infoworld via Slashdot, two researchers from Invisible Things Lab have discovered a method to circumvent Intel‘s Trusted eXecution Technology (TXT). The TXT system (PDF), part of Intel’s vPro hardware-assisted security product, is designed to allow software to run while protected against attacks from other software programs. However, the researchers at Invisible Things Lab discovered a two-phase attack that exploits a bug in Intel software in the first phase and then uses a deficiency in the actual TXT specification in the second stage, to successfully attack software designed to use the TXT system. While such software is currently rare, it may become more prevalent as more software aims to increase security.
This event is a result of researchers working to verify the security properties of Intel’s vPro hardware-based security system. Hardware is much more difficult to revise than software, if revision is possible at all. This may mean that all current implementations of TXT are essentially obsolete, and may remain so in perpetuity.
This security cloud does have a silver lining, however: TXT is a platform that Digital Rights Management (DRM)-enabled software is likely to use, and by showing that hardware-based security is as fallible as software-based security, this new revealation may guide companies towards less restrictive, more user-friendly approaches to security and intellectual property protection.
Software vendors considering using the TXT system will undoubtedly be turned off by this event. However, it is better to know that something is not totally secure than it is to think that it is secure when it is not, so in the long run, it is better for Intel, despite the current press, that this exploit was discovered early rather than after many software packages depended on the TXT system. Companies such as AMD may also learn that security is a difficult problem and that attempting to “solve it” may be more trouble than it is worth.
Comment by justine
January 7, 2009 @ 2:12 pm
“TXT is a platform that Digital Rights Management (DRM)-enabled software is likely to use, and by showing that hardware-based security is as fallible as software-based security, this new revealation may guide companies towards less restrictive, more user-friendly approaches to security and intellectual property protection.”
I seriously doubt this will happen. My bet is that rights owners will always try to restrict access to their content, and others will always be trying new ways to access it without paying. This conflict has gone on with every new media, and is not going to disappear soon: look at the ease of copying movies over between VHS, DvD, and Blu-Ray. Each one gets progressively more complex as the process continues.
Comment by Ivayla Dermendjieva
January 9, 2009 @ 6:49 pm
“by showing that hardware-based security is as fallible as software-based security, this new revealation may guide companies towards less restrictive, more user-friendly approaches”
Yes, hardware-based security is potentially as fallible as software-based, however it is important to keep in mind that there is no one perfect solution to security. Most systems today are large and complex, build upon outdated legacy code. Add to this new demands for increased usability, accessibility and reuse, it is becoming increasingly more important to attack the security problem on many different fronts addressing the different usage models, instead of relying on a single component be it software or hardware based. Software-based security is not necessarily inferior to hardware-based, if implemented properly (same goes for hardware-based approaches). The benefit that hardware-based security provides is speed and automation leaving a few less things for the programmers (and perhaps users) to worry about.
Another important aspect is that hardware security is not ubiquitous. For example, at the assembly level, you can label a particular segment (such as a data segment) as read/write-only to prevent against malicious (or otherwise) execution of binary data from this segment. This approach works great for applications with simple data accesses, however poses a problem for applications depending on auto-generated code. In such situations this feature would simply be disabled and all of the security it offers will be circumvented. This example shows that there are multiple components that will join forces to help ensure a well implemented and well secured system, both software and hardware based. And though I agree that every security measure should be implemented correctly and thus it is beneficial that Intel found out about this earlier rather than later, I do not believe this bug discredits hardware-based security.
Comment by Keith Tips
February 11, 2009 @ 9:47 am
Intel has additionally released TBoot as Open source for pre-kernel/VMM modules that use ITE (Intel Trusted Execution) that adds the capability to check a Xen Virtual Machine Monitor (VMM) launch by means of Dynamic Root of Trust Measurement.
All well and good these companies spending probably $Millions, but take a free tip from me, I have never seen a technology such as this ever do what it was designed for, and I very much doubt we ever will. All they can hope to achieve is increase the level of security making things harder, but they will always fail in the end.