https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/footer-logo.png
  • Home
  • News
    • Back
    • IoT World 2020 News
  • Strategy
  • Special Reports
  • Galleries
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • IoT World 2020 News
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Video / Podcasts
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Strategic Partners
  • IOT World Events
    • Back
    • Internet of Things World: San Jose
    • IoT World 2020 News
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • IoT World 2020 News
  • Strategy
  • Special Reports
  • Galleries
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • IoT World 2020 News
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Video / Podcasts
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Strategic Partners
  • IOT World Events
    • Back
    • Internet of Things World: San Jose
    • IoT World 2020 News
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Architecture
  • Engineering/Development
  • Security
ioti.com

Security


Getty Images

Trusted Platform Modules: 8 More Surprises for IoT Security

TPMs aren’t easy, but they should have a bigger impact in the IoT than they had in PCs.
  • Written by Ari Singer, CTO, TrustiPhi
  • 13th March 2019

Part 2 of a two-part TPM Surprise Series

In part one of this series, we looked at eight surprises about trusted platform modules, targeting common misconceptions. If you felt we were at times critical of TPMs, you’d be right. But now in part two, we focus on the benefits of TPMs, their important role in the Internet of Things and factors that determine if TPMs can help you.

Surprise 9: TPMs have a vital role to play in the Internet of Things because they make device integrity verifiable and sustainable.

How do you know if your devices, out in the field, are still okay? While most people think of TPMs as embedded security modules that protect cryptographic keys, they also embody a crucial innovation — the notion of device integrity or what you might call “device health.” Prior to TPMs, once the software or firmware of a device was compromised, all bets were off with respect to the security benefits the device could provide. TPMs brought something new to broadly available commercial devices: a mechanism to provide cyber-resiliency by keeping track of ongoing device health and — when the device is compromised — helping the system take action to recover.

Surprise 10: A TPM can help protect your supply chain.

One TPM “downside” is that they must be fundamentally architected into the design of new IoT devices. On the flipside, once a TPM is architected in, it can be your eyes and ears when a device is outside of your control. The TPM can help safeguard the integrity of a device as it passes through supply chains. Device manufacturers can’t always fully trust all entities in their supply chain (offshore assembly plants, for example), but they can’t give up the economic benefits of using lower-cost suppliers and facilities. The TPM can be used in various points along the supply chain to verify that the device has not been improperly modified.

Surprise 11: TPM-based device integrity makes device maintenance easier.

If you don’t know whether a device has been compromised, you can’t manage it properly.

Once you have the TPM benefit of verifiably tracking device integrity, a natural extension is using TPMs to help securely update your device. Keys on the TPM can help protect your software and firmware updates. The TPM can provide remote verification that updates were properly installed. This enables remote update and verification of devices without returning them to the factory.

Surprise 12: If rogue software has been introduced into the device, the TPM can help the system operate in a “protected mode” to minimize damage.

Some systems should never shut down, like those which steer a driverless vehicle around a pedestrian. At the same time, unauthorized software must be blocked from destructive activity. Systems can be designed to require TPM action to fully operate. When a TPM becomes aware of rogue software, it can withhold keys or other critical data that the device needs to carry out specific functions. This effectively puts the device into a “protected mode,” where its operation is restricted until the system is repaired.

Surprise 13: TPM supports only three Roots of Trust, but can cooperate with other Roots of Trust to accomplish many key functions.

Every device has roots of trust, whether or not a user is aware of them. The real question is how secure they are. A root of trust is a fundamental part of your system that you must trust and whose compromise leads to the fundamental breakdown of trust in the overall device.

Unlike tree roots, which all serve similar functions, the various roots of trust do completely different jobs. TPM provides hardware-based roots of trust for reporting, for storage, and for integrity. To perform its fundamental device integrity functions, the TPM can interact with a Root of Trust for Measurement (RTM). The TPM can also support the actions of a Root of Trust for Verification (RTV) after a secure boot.

These five roots of trust satisfy the needs of the vast majority of applications. As new IoT technologies mature, TPMs will also interact with other new roots of trust, such as for update, detection, recovery and resiliency.

Surprise 14: TPMs are far superior at specific tasks

Maybe this isn’t such a big surprise. Nearly all industries that need hardware-level security — and utilize the IoT — require secure boot, secure update, secure communications and strong cryptography. A TPM is strong and efficient at most of these functions, especially in conjunction with the right complementary roots of trust.

As you add security capabilities such as an RTM or an RTV, or a Trusted Execution Environment (TEE), these capabilities become stronger and more comprehensive. Consider this, as you decide which technologies to incorporate in a device.

Surprise 15: Increasingly, there are viable alternatives to TPMs that are well suited to IoT devices

With technology advancing quickly, it is always important to pay attention to new products and solutions in the market. TPMs have been a trailblazer, and was the only game in town for many years, for device integrity and measured boot. Today, thanks in large part to TPMs, there are new technologies that solve some of the same problems TPMs were designed to solve. For instance, Micron Technology recently developed a product line called Authenta, which implements all five of the NIST roots of trust. (Disclosure: my team here at TrustiPhi was deeply involved with Authenta in a consulting role.) There is also a new Trusted Computing Group (TCG) standard called Device Identifier Composition Engine (DICE) that defines a much simpler device integrity technology for devices that don’t have a TPM.

Surprise 16: Implementing TPM for the IoT is different than TPM for PCs – and it will be better, faster, and easier.

The bad news: TPM for the IoT is no copy-paste of TPM for PCs. Not much from TPM for PC implementations can be reused in TPM for IoT. IoT devices use different processors, boot code, operating systems and applications than do PCs.

The good news: Already there are new infrastructure components and new approaches unique to TPM for IoT. TPM 2.0 profiles — such as one for automotive applications — are being created to simplify TPM-based solutions.

Our expectation: TPM for IoT will have a more mature, complete and easier-to-use ecosystem of tools and software to work with, and it won’t take as long as it did with the PC world. As the engineers at my company and others design IoT systems, we’ll all build upon and benefit from the collective experience with TPM for PCs. It’s going to be better the second time around.

What’s Next?

If you have comments about how great (or unsuitable) TPMs are, and their emerging role in your industry, please post them or contact me directly. We’d like to know! Part 1 of this series, if you missed it, is available under the title of “Trusted Platform Modules: 8 Surprises for IoT Security.”

Author

Ari Singer, CTO at TrustiPhi and long-time security architect, is a former chair of both the Trusted Computing Group’s Trusted Platform Module (TPM) workgroup and the TPM Software Stack (TSS) working group. He was a key contributor to the TPM 1.2 and 2.0 specifications – and has led teams that developed multiple TSS and TPM firmware implementations and TPM-enabled applications. With 16 years in trusted computing, Singer was an influencer in other security standards including Efficient Embedded Security Standards (EESS), IETF, IEEE 802.15.3 and IEEE 802.15.4. He was also chair of the IEEE P1363 working group, the leading standard for public key cryptography. Ari can be reached at: [email protected]

Tags: Security Features

Related


  • TPM
    Trusted Platform Modules: 8 Surprises for IoT Security
    Trusted Platform Modules are poorly understood by many, well understood by few.
  • Berlin treatment plant
    Case study: How Berlin protects its water infrastructure from hackers
    One of the biggest water treatment facilities in Europe hooked up with IT operations management firm Auconet to secure its network of connected industrial devices.
  • Image shows welding robotics and a digital manufacturing operation.
    IoT Supply Chain Vulnerability Poses Threat to IIoT Security
    The supply chain provides building blocks for IoT but also vulnerabilities. IT pros need to ward against malicious attacks that exploit supply chain security gaps.
  • IoT Security Needs Pen Testing Approach
    IoT pen testing is a no-brainer, say experts. But don’t test everything.

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Content

  • Electric Grid Stability Assailed by Growing Challenges
  • COVID-19 Driving Data Integration Projects in IoT
  • Common Internet of Things Security Pitfalls 
  • Can Privacy-Preserving Machine Learning Overcome Data-Sharing Worries?

News

View all

Webex Collaboration Banks on Hybrid Workplace Model at Cisco Live 2021

2nd April 2021

Cisco Enlists Networking Automation, CX Cloud in COVID-19 Response

31st March 2021

White Papers

View all

Telehealth and COVID Infographic

30th March 2021

Medical Supply Chain Management with Smart Devices and Sensors

30th March 2021

Special Reports

View all

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

Webinars

View all

Real-Time Analysis of Driver Behavior Using Machine Learning

13th May 2021

Weber’s Journey: How a Top Grill Maker Serves Up Connected Cooking

25th February 2021

Galleries

View all

Top IoT Trends to Watch in 2020

26th January 2020

Five of the Most Promising Digital Health Technologies

14th January 2020

Industry Perspectives

View all

IoT Spending Holds Firm — Tempered by Dose of ‘IoT Pragmatism’

1st December 2020

The Great IoT Connectivity Lockdown

11th May 2020

Events

View all

Embedded IoT World 2021

28th April 2021 - 29th April 2021

The Virtual Industrial AI Summit

29th June 2021 - 30th June 2021

IoT World 2021

2nd November 2021 - 4th November 2021

Twitter

IoTWorldToday, IoTWorldSeries

How Smart Environments Will Take Shape Post-COVID-19 dlvr.it/RxfPG2 https://t.co/Y6DMWxZf9S

14th April 2021
IoTWorldToday, IoTWorldSeries

IoT Enterprise Deployments Continue Apace, Despite COVID-19 dlvr.it/RxWwsS https://t.co/BSkxdf17vs

12th April 2021
IoTWorldToday, IoTWorldSeries

🥳Happy #IoTDay! How are you celebrating? We're giving $50 off All Access Passes to join our upcoming virtual event,… twitter.com/i/web/status/1…

9th April 2021
IoTWorldToday, IoTWorldSeries

🎉 Announcing #EIOTWORLD sponsor, @InnoPhaseinc — a fabless wireless semiconductor platform company specializing in… twitter.com/i/web/status/1…

8th April 2021

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X