{"id":"https://openalex.org/W4392758114","doi":"https://doi.org/10.46586/tches.v2024.i2.714-734","title":"TPMScan: A wide-scale study of security-relevant properties of TPM 2.0 chips","display_name":"TPMScan: A wide-scale study of security-relevant properties of TPM 2.0 chips","publication_year":2024,"publication_date":"2024-03-12","ids":{"openalex":"https://openalex.org/W4392758114","doi":"https://doi.org/10.46586/tches.v2024.i2.714-734"},"language":"en","primary_location":{"id":"doi:10.46586/tches.v2024.i2.714-734","is_oa":true,"landing_page_url":"https://doi.org/10.46586/tches.v2024.i2.714-734","pdf_url":"https://tches.iacr.org/index.php/TCHES/article/download/11444/10949","source":{"id":"https://openalex.org/S4210207404","display_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","issn_l":"2569-2925","issn":["2569-2925"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"diamond","oa_url":"https://tches.iacr.org/index.php/TCHES/article/download/11444/10949","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5069701908","display_name":"Petr \u0160venda","orcid":"https://orcid.org/0000-0002-9784-7624"},"institutions":[{"id":"https://openalex.org/I21449261","display_name":"Masaryk University","ror":"https://ror.org/02j46qs45","country_code":"CZ","type":"education","lineage":["https://openalex.org/I21449261"]}],"countries":["CZ"],"is_corresponding":true,"raw_author_name":"Petr Svenda","raw_affiliation_strings":["Masaryk University, Brno, Czech Republic"],"affiliations":[{"raw_affiliation_string":"Masaryk University, Brno, Czech Republic","institution_ids":["https://openalex.org/I21449261"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5075584355","display_name":"Anton\u00edn Dufka","orcid":"https://orcid.org/0009-0003-5058-2571"},"institutions":[{"id":"https://openalex.org/I21449261","display_name":"Masaryk University","ror":"https://ror.org/02j46qs45","country_code":"CZ","type":"education","lineage":["https://openalex.org/I21449261"]}],"countries":["CZ"],"is_corresponding":false,"raw_author_name":"Antonin Dufka","raw_affiliation_strings":["Masaryk University, Brno, Czech Republic"],"affiliations":[{"raw_affiliation_string":"Masaryk University, Brno, Czech Republic","institution_ids":["https://openalex.org/I21449261"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5036039132","display_name":"Milan Bro\u017e","orcid":"https://orcid.org/0000-0001-7179-0386"},"institutions":[{"id":"https://openalex.org/I21449261","display_name":"Masaryk University","ror":"https://ror.org/02j46qs45","country_code":"CZ","type":"education","lineage":["https://openalex.org/I21449261"]}],"countries":["CZ"],"is_corresponding":false,"raw_author_name":"Milan Broz","raw_affiliation_strings":["Masaryk University, Brno, Czech Republic"],"affiliations":[{"raw_affiliation_string":"Masaryk University, Brno, Czech Republic","institution_ids":["https://openalex.org/I21449261"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5094140148","display_name":"Roman Lacko","orcid":null},"institutions":[{"id":"https://openalex.org/I21449261","display_name":"Masaryk University","ror":"https://ror.org/02j46qs45","country_code":"CZ","type":"education","lineage":["https://openalex.org/I21449261"]}],"countries":["CZ"],"is_corresponding":false,"raw_author_name":"Roman Lacko","raw_affiliation_strings":["Masaryk University, Brno, Czech Republic"],"affiliations":[{"raw_affiliation_string":"Masaryk University, Brno, Czech Republic","institution_ids":["https://openalex.org/I21449261"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5094140149","display_name":"Tomas Jaros","orcid":null},"institutions":[{"id":"https://openalex.org/I21449261","display_name":"Masaryk University","ror":"https://ror.org/02j46qs45","country_code":"CZ","type":"education","lineage":["https://openalex.org/I21449261"]}],"countries":["CZ"],"is_corresponding":false,"raw_author_name":"Tomas Jaros","raw_affiliation_strings":["Masaryk University, Brno, Czech Republic"],"affiliations":[{"raw_affiliation_string":"Masaryk University, Brno, Czech Republic","institution_ids":["https://openalex.org/I21449261"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5094140150","display_name":"Daniel Zatovic","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Daniel Zatovic","raw_affiliation_strings":["Red Hat, Brno-Medl\u00e1nky, Czech Republic"],"affiliations":[{"raw_affiliation_string":"Red Hat, Brno-Medl\u00e1nky, Czech Republic","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5102629203","display_name":"Josef Pospisil","orcid":null},"institutions":[{"id":"https://openalex.org/I4387152111","display_name":"National Cyber and Information Security Agency","ror":"https://ror.org/002wyas44","country_code":null,"type":"government","lineage":["https://openalex.org/I4387152111"]}],"countries":["CZ"],"is_corresponding":false,"raw_author_name":"Josef Pospisil","raw_affiliation_strings":["National Cyber and Information Security Agency, Brno, Czech Republic"],"affiliations":[{"raw_affiliation_string":"National Cyber and Information Security Agency, Brno, Czech Republic","institution_ids":["https://openalex.org/I4387152111"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5069701908"],"corresponding_institution_ids":["https://openalex.org/I21449261"],"apc_list":null,"apc_paid":null,"fwci":3.1011,"has_fulltext":true,"cited_by_count":6,"citation_normalized_percentile":{"value":0.92163609,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":98},"biblio":{"volume":"2024","issue":"2","first_page":"714","last_page":"734"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12122","display_name":"Physical Unclonable Functions (PUFs) and Hardware Security","score":0.9800000190734863,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12122","display_name":"Physical Unclonable Functions (PUFs) and Hardware Security","score":0.9800000190734863,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9728000164031982,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/scale","display_name":"Scale (ratio)","score":0.5901486873626709},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.4148833453655243},{"id":"https://openalex.org/keywords/physics","display_name":"Physics","score":0.07513311505317688}],"concepts":[{"id":"https://openalex.org/C2778755073","wikidata":"https://www.wikidata.org/wiki/Q10858537","display_name":"Scale (ratio)","level":2,"score":0.5901486873626709},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.4148833453655243},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.07513311505317688},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.46586/tches.v2024.i2.714-734","is_oa":true,"landing_page_url":"https://doi.org/10.46586/tches.v2024.i2.714-734","pdf_url":"https://tches.iacr.org/index.php/TCHES/article/download/11444/10949","source":{"id":"https://openalex.org/S4210207404","display_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","issn_l":"2569-2925","issn":["2569-2925"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:07ce4cb0415c411d843401c0929d68d2","is_oa":true,"landing_page_url":"https://doaj.org/article/07ce4cb0415c411d843401c0929d68d2","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Transactions on Cryptographic Hardware and Embedded Systems, Vol 2024, Iss 2 (2024)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.46586/tches.v2024.i2.714-734","is_oa":true,"landing_page_url":"https://doi.org/10.46586/tches.v2024.i2.714-734","pdf_url":"https://tches.iacr.org/index.php/TCHES/article/download/11444/10949","source":{"id":"https://openalex.org/S4210207404","display_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","issn_l":"2569-2925","issn":["2569-2925"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320306192","display_name":"Silicon Valley Community Foundation","ror":"https://ror.org/001ader08"},{"id":"https://openalex.org/F4320307791","display_name":"Cisco Systems","ror":"https://ror.org/03yt1ez60"}],"has_content":{"grobid_xml":false,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4392758114.pdf"},"referenced_works_count":20,"referenced_works":["https://openalex.org/W1517403092","https://openalex.org/W1531623177","https://openalex.org/W1580599221","https://openalex.org/W1992723624","https://openalex.org/W2126448927","https://openalex.org/W2141040012","https://openalex.org/W2148147836","https://openalex.org/W2233023171","https://openalex.org/W2495477535","https://openalex.org/W2548487232","https://openalex.org/W2656105308","https://openalex.org/W2904369888","https://openalex.org/W2909407144","https://openalex.org/W2985947210","https://openalex.org/W3086463011","https://openalex.org/W3091169353","https://openalex.org/W3112415556","https://openalex.org/W3211507582","https://openalex.org/W4385412297","https://openalex.org/W4389217751"],"related_works":["https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W2358668433","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W2382290278","https://openalex.org/W2478288626","https://openalex.org/W4391913857","https://openalex.org/W2350741829","https://openalex.org/W2530322880"],"abstract_inverted_index":{"The":[0,197,256],"Trusted":[1],"Platform":[2],"Module":[3],"(TPM)":[4],"is":[5,54],"a":[6,26,30,99,105,177,230],"widely":[7],"deployed":[8],"computer":[9],"component":[10],"that":[11],"provides":[12],"increased":[13],"protection":[14],"of":[15,34,41,51,67,102,113,120,127,145,179,194,204,208,242,261],"key":[16,207],"material":[17],"during":[18],"cryptographic":[19,46,76,114,154],"operations,":[20,115],"secure":[21,27],"storage,":[22],"and":[23,48,74,78,116,138,187,192,249,264,275],"support":[24],"for":[25,130,150,220],"boot":[28],"with":[29,104,217,267],"remotely":[31],"attestable":[32],"state":[33],"the":[35,42,49,64,68,111,173,205,225,240,272],"target":[36],"machine.":[37],"A":[38],"systematic":[39],"study":[40],"TPM":[43,84,97],"ecosystem,":[44],"its":[45,57],"properties,":[47],"orderliness":[50],"vulnerability":[52,226,262],"mitigation":[53,266],"missing":[55,268],"despite":[56,229],"pervasive":[58],"deployment":[59],"\u2013":[60],"likely":[61],"due":[62],"to":[63,94,161],"black-box":[65],"nature":[66],"implementations.":[69,155],"We":[70,175],"collected":[71],"metadata,":[72],"RSA":[73],"ECC":[75,243],"keys,":[77],"performance":[79],"characteristics":[80],"from":[81],"78":[82],"different":[83],"versions":[85,212,274],"manufactured":[86],"by":[87],"6":[88],"vendors,":[89],"including":[90],"recent":[91],"Pluton-based":[92],"iTPMs,":[93],"systematically":[95],"analyze":[96],"implementations.Surprisingly,":[98],"high":[100,143],"rate":[101],"changes":[103,152],"detectable":[106],"impact":[107],"on":[108,245],"generated":[109],"secrets,":[110],"timing":[112,235],"frequent":[117],"off-chip":[118],"generation":[119],"Endorsement":[121],"Keys":[122],"were":[123,170,237,254],"observed.":[124],"Our":[125],"analysis":[126,257],"public":[128],"artifacts":[129],"TPM-related":[131],"products":[132],"certified":[133,160],"under":[134],"Common":[135],"Criteria":[136],"(CC)":[137],"FIPS":[139],"140":[140],"showed":[141],"relatively":[142],"popularity":[144],"TPMs":[146,157],"but":[147],"without":[148],"explanation":[149],"these":[151],"in":[153,172,184,190,239],"Despite":[156],"being":[158],"commonly":[159],"CC":[162],"EAL4+,":[163],"serious":[164,199],"vulnerabilities":[165],"like":[166],"ROCA":[167],"or":[168],"TPM-Fail":[169],"discovered":[171,200,238],"past.":[174],"found":[176],"range":[178],"additional":[180],"unreported":[181],"nonce":[182],"leakages":[183,236,253],"ECDSA,":[185],"ECSCHNORR,":[186],"ECDAA":[188],"algorithms":[189,244],"dTPMs":[191],"fTPMs":[193],"three":[195],"vendors.":[196],"most":[198],"leakage":[201],"allows":[202],"extraction":[203],"private":[206],"certain":[209],"Intel\u2019s":[210],"fTPM":[211],"using":[213],"only":[214],"nine":[215],"signatures":[216],"no":[218],"need":[219],"any":[221],"side-channel":[222],"information,":[223],"making":[224],"retrospectively":[227],"exploitable":[228],"subsequent":[231,265],"firmware":[232],"update.":[233],"Unreported":[234],"implementations":[241],"multiple":[246],"Nuvoton":[247],"TPMs,":[248],"other":[250],"previously":[251],"reported":[252],"confirmed.":[255],"also":[258],"unveiled":[259],"incompleteness":[260],"reporting":[263],"clear":[269],"information":[270],"about":[271],"affected":[273],"inconsistent":[276],"fixes.":[277]},"counts_by_year":[{"year":2025,"cited_by_count":5},{"year":2024,"cited_by_count":1}],"updated_date":"2026-03-01T08:55:55.761014","created_date":"2025-10-10T00:00:00"}