0

I was thinking about a host computer having a hardware TPM (Trusted Platform Module), with which I can get trustworthy information about the platform (first and foremost, that I am not in a virtual machine).

Then I thought, what would happen, if I (a program of mine) was started in a VM and wanted to ask a (then virtual) TPM the same questions. Presumably I could try to get its certificate, based on the Endorsement Key, that only manufacturers like Intel can provide. A virtual TPM can't have something like this.

But: What if the vTPM works together with the hTPM, trying to make me think that I am not in a VM?

Can all the identifying information requests simply be passed through to the hTPM and the answers given into the VM to my program?

I think my question is a bit general and could become more specific, with the TPM at play, but:

How can you detect or circumvent a MITM, when he and the communication partner are on the same team?

Minix
  • 109
  • 4

1 Answers1

1

If your communication partner is on the same team as the MitM, it's no longer a MithM. There is no secret your partner could know that they couldn't share with the MitM. Similarly, you have no way to prevent your partner from simply relaying the information after you exchange it. If your partner can read it, they can pass the information to the MitM after the fact.

This is why trust is important in secure communications. When you are talking to another system, you have to have trust in who you are talking to and how they will behave with it. There are many different ways to attempt to establish trust, but it's fundamentally on you to decide if a communication is secure enough or not based on what trust information is available.

AJ Henderson
  • 41,816
  • 5
  • 63
  • 110
  • I see. I have a feeling, there might be a way to make it work with a TPM, since it is not entirely under the control of the other party (the attacker), but I think I will ask a separate question, after some more initial research into the matter. – Minix Sep 13 '17 at 09:48
  • A pre programmed hsm might let you do some things if you originally had the host in your control, but I'm hard pressed to think of a situation that the host computer doesn't know what's going on. You could use trusted boot I suppose and try to build an unhackable os that would ensure your desired behavior if you are the maker of the host, but that is drm territory and comes along with all the hackableness of broad drm type solutions. – AJ Henderson Sep 13 '17 at 12:46