How the TPM mitigates dictionary attacks
[This topic is pre-release documentation and is subject to change in future releases. Blank topics are included as placeholders.]
Trusted Platform Modules (TPMs) are security devices designed to provide security features that are difficult to provide with software alone. TPMs are passive devices that receive a single command at a time and return a result. When a TPM processes a command, it does so in a protected environment. Examples of a protected environment are a dedicated microcontroller on a discrete chip or a hardware protected special mode of the main CPU. A TPM can be used to create a cryptographic key that is not disclosed outside the TPM, but is able to be used in the TPM after the correct authorization value is provided. TPMs have dictionary attack logic designed to prevent brute force attacks to determine authorization values for using a key. The basic approach is for the TPM to only allow a limited number of authorization failures before the TPM prevents more attempts to use keys and locks the TPM. Providing a failure count for individual keys is not technically practical so TPMs have a global lockout when too many authorization failures occur. Because many entities may use the TPM, a single authorization success cannot reset the TPM’s dictionary attack logic. This prevents an attacker from creating their own key with a known authorization value and using it to reset the TPM’s dictionary attack logic. Generally TPMs are designed to forget about authorization failures after a period of time so the TPM does not enter lockout unnecessarily. A TPM owner password can be used to reset the TPM’s lockout logic.
TPM 2.0 Dictionary Attack Behavior
TPM 2.0 has well defined Dictionary Attack Logic behavior. This is in contrast to TPM 1.2 for which the dictionary attack logic was vendor specific and varied widely throughout the industry.
For Windows 8 Certified Hardware systems with a TPM 2.0, the TPM is configured by Windows 8 to lockout after 32 authorization failures and to forget one authorization failure every two hours. This means someone could quickly attempt to use a key with the wrong authorization value for 32 times. For each of the 32 attempts the TPM would return if the authorization failure was correct or not. A side effect of the 32nd failed attempt is the TPM enters a locked out state. Attempts to use a key with an authorization value for the next two hours would not return success or failure; instead the response indicates the TPM is locked out. The TPM will stay locked out for 2 hours. After two hours, one authorization failure is forgotten and the number of authorization failures remembered by the TPM drops to 31 so the TPM leaves the locked out state and returns to normal operation. With the right authorization value, keys could be used normally if no authorization failures occur in the next two hours. If a period of 64 hours elapses with no authorization failures, the TPM would not remember any authorization failures and 32 failed attempts could occur again.
Windows 8 Certification does not require TPM 2.0 systems forget about authorization failures when the system is fully powered off or when it has hibernated. Windows 8 does require authorization failures are forgotten when the system is running normally, in a sleep mode or in low power states other than off. If a Windows 8 system with a TPM 2.0 is locked out it, the TPM will leave lockout mode if the system is left on for two hours.
The dictionary attack logic for a TPM 2.0 may be fully reset immediately by sending a reset lockout command to the TPM and providing the TPM owner password. By default Windows 8 will automatically provision the TPM 2.0 and store the TPM owner password for use by system administrators. In some enterprise situations, the TPM owner authorization value is configured to be stored centrally in Active Directory and is not stored on the local system. An administrator can launch the TPM management console and choose the action to Reset the TPM Lockout. If the TPM owner password is stored locally, it is used to reset the lockout. If the TPM owner password is not available on the local system, the administrator will need to provide it. If an administrator attempts to reset the TPM lockout state with the wrong TPM owner password, the TPM will not allow another attempt to reset the lockout for 24 hours.TPM 2.0 allows some keys to be created without an authorization value associated with them. Those keys may be used when the TPM is locked out. An example is BitLocker with the default TPM-only configuration is able to use a key in the TPM to boot Windows 8 even when the TPM is locked.
Rationale behind the Windows 8 defaults
Windows 8 relies on the TPM 2.0 dictionary attack protection for multiple features. The defaults selected for Windows 8 balance trade-offs for different scenarios.
When BitLocker is used with the TPM+PIN configuration, it needs the number of PIN guesses to be limited over time. If a system is lost, someone could only make 32 PIN guesses immediately and one more every two hours. This adds up to only about 4415 guess per a year. Considering this number of PIN guesses per a year is possible for a system with TPM 2.0 provides a good yardstick for system administrators when determining how many PIN characters to use for BitLocker deployments.
The Windows 8 TPM Based SmartCard feature can be configured to allow logon to the system, and is often contrasted with physical SmartCards. The logon process uses a TPM based key with an authorization value. One difference is physical SmartCards can enforce lockout for just the physical SmartCard PIN and can reset the lockout after the correct PIN has been entered. For the TPM Based SmartCard feature, the TPM’s dictionary attack is not reset after a successful authentication. The TPM’s allowed number of authorization failures before entering lockout must take into account many factors. Some factors are other uses of the TPM, how often the user may accidentally mistype their logon, how frequently the user logs on. The intent of selecting 32 failures as the lockout threshold is so customers rarely lockout the TPM even when learning to type a new password or if they frequently lock and unlock their computer. If the customer does lockout the TPM they need to wait 2 hours or use some other credential like a username and password to logon.