Dictionary Attack Defense

Infineon Security Platform

Infineon Security Platform Solution

Dictionary Attack Defense

Notes:
  • This topic is only relevant for Security Platforms with a Trusted Platform Module 1.2. The details of the Security Platform dictionary attack defense mechanism are only valid for Security Platforms with an Infineon Trusted Platform Module 1.2.
  • This topic is mainly targeted at the Security Platform Owner.

A dictionary attack is a method used to break security systems, specifically password-based security systems, in which the attacker systematically tests all possible passwords beginning with words that have a higher possibility of being used, such as names and places. The word "dictionary" refers to the attacker exhausting all of the words in a dictionary in an attempt to discover the password. Dictionary attacks are typically done with software instead of an individual manually trying each password.

A dictionary attack against the Security Platform Solution could try to detect the Owner Password, a user's Basic User Password or password-protected keys. A dictionary attack against a password is also called password attack. With the TCG 1.2 standard a protection mechanism against dictionary attacks has been introduced. The Security Platform Solution utilizes this mechanism. Note that defense measures are taken not only in case of a real attack, but also in case of multiple accidental wrong password entries.

How to avoid dictionary attacks

Consider the following recommendations how to avoid dictionary attacks:
  • Adhere to general security precautions as advised in appropriate security portals.
  • Set reasonably low dictionary attack threshold values (see policy Configure dictionary attack threshold).
  • Use complex passwords to avoid that an attacker could discover a password.

How to react to dictionary attacks

Consider the following recommendations, if the Security Platform has reported a dictionary attack:
  • As a start, leave your system temporarily disabled.
  • Disconnect your system from the network.
  • Check Microsoft Event Viewer for additional information.
  • Check appropriate security portals for information on latest security threats.
  • Track and eliminate the attacking application or service. Consider contacting a security specialist for assistance.
  • Take security measures to block further attacks (e.g. installing security patches, configuring firewall settings and security policies).

After this you can connect your system to the network again. You will have to restart your system to enable the Security Platform again.

Dictionary attack defense measures

Dictionary attack user interface

©Infineon Technologies AG