Dictionary Attack User Interface

Infineon Security Platform

previous page next page

Infineon Security Platform Solution

Dictionary Attack User Interface

Notes:
  • This topic is only relevant for Security Platforms with a Trusted Platform Module 1.2. The details of the Security Platform dictionary attack defense mechanism are only valid for Security Platforms with an Infineon Trusted Platform Module 1.2.
  • This topic is mainly targeted at the Security Platform Owner.

The Security Platform Owner and administrator is responsible for dictionary attack settings and defense measures. In case of repeatedly mistyped passwords and in case of a real dictionary attack the Security Platform User is informed accordingly.

The following table lists dictionary attack related user interface parts:

Configure dictionary attack threshold

 The Security Platform Owner or an authorized administrator can set the number of allowed failed authentication attempts before dictionary attack defending measures are taken. This can be done either via the configuration of Security Platform Features, or via policy Configure dictionary attack threshold.

Defense level reset

Stand-alone mode:
The Security Platform Owner can reset the defense level via Settings Tool - Advanced - Reset.... The Security Platform Initialization Wizard SpTPMWz.exe is then started with the command line parameter -resetattack.

The Owner Password is required to perform this operation. You can either type in the Owner Password or provide an Owner Password Backup File. Make sure to provide the correct password. After multiple wrong owner authentication, your Security Platform will be temporarily locked. During this time you will not be able to reset the dictionary attack defense level any more.

Server mode:
Trusted Computing Management Server provides a server-controlled secure and efficient way to reset the dictionary attack defense level:

  • Defense level reset functionality can be set up and managed without local presence of administrators or knowledge of Owner Passwords.
  • Defense level reset can be initiated for any Trust Domain Platform remotely from any computer with network connection to Trust Domain Server.

If the administrator knows the Owner Password, the defense level can also be reset locally by starting the Security Platform Initialization Wizard SpTPMWz.exe with the command line parameter −resetattack or /resetattack. This is the only allowed usage of Security Platform Initialization Wizard in server mode.

Notifications and warnings

Messages explaining the current state and dictionary attack defense measures are displayed in the following situations:

  • Failed authentication (for Security Platform Owner and Security Platform Users)
  • Dictionary attack threshold exceeding
  • Authentication attempt during lock-out time

In the case of a real dictionary attack (not caused by accidental failed authentications) an alarm error message is displayed.


©Infineon Technologies AG

previous page start next page