Monotonic counters allow trusted applications to detect offline storage data replay attacks. A separate monotonic counter is available for use by each applet, and is shared between instances of the same applet (i.e., if multiple applets are running on a platform, each applet will use a separate monotonic counter).
To prevent an attacker from replaying data, the applet reads the current monotonic counter value and increments it every time data is updated. It embeds the incremented counter in the data. If an attacker subsequently attempts to replay the data, the data will contain the old monotonic counter (and not the newly incremented value), thereby indicating that the data is not valid.
The applet can also reset the monotonic counter to zero, in which case the counter does not guarantee the data’s validity.
A monotonic counter’s value is lost in the following cases:
♦ After the Return To Factory Defaults (RTFD) operation.
♦ After clear-CMOS/coin-battery removal, unless the counter is protected from replay attacks and is SPI-based (see Protecting Monotonic Counters from Replay Attacks
below). For an example of how to use the monotonic counter to prevent replay of old data, see the Protected Storage Sample
Due to flash wear-out considerations, a trusted application is allowed to use up to 100 counter increments or counter reset operations during a single epoch.
The epoch ends when one of the following occurs:
Platform power cycle (reboot or shut-down).
24 hours have passed since the trusted application was installed, or since the last increment or last reset operation.