Everyone likes to talk about security, but few really want to spend time on it and fewer still actually do it well. The fact of the matter is that security is hard to do, it takes time and resources, it slows down implementations, it’s a constantly moving goal post, no one gets credit if it’s done right, and you can’t brag about having done it well. Who wants to challenge a hacker?
However, in the age of IoT, security is clearly important, but it has to be done a certain way, depending on the application. It’s impossible to place user names and passwords or cryptographic capability on every sensor, so it’s usually done at an aggregation point, such as a gateway in a factory, home or smart building.
In the enterprise (IT), it’s good to isolate operational technology (OT) from the main networks so a hacker doesn’t access corporate data if they find an OT vulnerability. All points must be kept in mind for single installation: but what if the customer needs to scale, across multiple facilities? Globally?
Systems need to require minimal touch, be easily provisioned, be able to handle updates without user interfaces and not require user names and passwords for every access. Not only are user names and passwords fallible, they don’t scale.
This is where Trusted Platform Module (TPM) really comes into its own. Let’s describe quickly what it is, how it works and give implementation examples.
What is TPM?
TPM is an international standard for a secure cryptoprocessor, a microcontroller that is specifically designed to secure hardware by integrating keys into devices.1 The specification was written by the Trusted Computing Group (TCG) a group formed in 2003 by AMD, HP, Intel and Microsoft, so the original intent was clearly geared toward PCs. In 2009, it became ISO/IEC Standard 11889. Many iterations later, we’re now on TPM 2.0, released in October 2014.
Figure 1. TPM 2.0 implemented on a microcontroller enables hardware authentication and the generation of cryptographic keys. (Image source: Trusted Computing Group.)
The goal of TPM is to enable secure generation of cryptographic keys – and limitation of their use while also providing a random number generator (RNG). At the core of each TPM chip is a unique and secret RSA key that is burned in as it is produced, so it can perform platform authentication.
The funny thing about TPM is that it’s so innocuous, yet so many (good) security systems depend upon it to secure an operating system from attack at boot-up, when it’s most vulnerable. Take Windows, for a simple example (Figure 2.)
Figure 2: Though little mentioned, TPM is fundamental to system security. (InfosecInstitute.com)
In Microsoft’s Secure Boot procedure, authentication is provided by TPM, against which firmware and the boot loader are integrity checked using signatures and measurements. In this way, no executable file can run without being first validated. The hardware root-of-trust assurance that TPM provides is critical.
TPM can be implemented in many ways: firmware TPM (fTPM), discrete TPM (dTPM), integrated on an IC, virtually or in software. Many companies offer dTPM modules, including Intel (Figure 3).
Figure 3. The Intel® Trusted Platform Module (TPM module-AXXTPME3) is one of many discrete TPM implementations. (Image source: Newegg.com)
Intel also implements a hybrid hardware/firmware approach called Intel® Platform Trust Technology (Intel® PTT), an integrated solution in the Intel® Management Engine for 4th Generation Intel® Core™ processors.
Intel’s security solution has been implemented on gateways from the likes of Dell already, which brings us back to the smart building or factory. With a TPM on a gateway, a suitably enabled OS for IoT (IoTium, for example) can use locally authenticated devices and encrypt data to allow wide deployment of IoT devices and sensors, without having to assign a user name or password to each device, or to each building.
Individual sensors and devices all communicate through the gateway, so they don’t need to be directly protected. A smart gateway with sufficient local processing can ensure that all data to the cloud is encrypted, end to end. From there, the data and the building devices can be managed remotely, with one-click updates and zero-touch provisioning. All that’s needed is someone to connect the gateway at each facility.
It seems simple, but TPM and its implementation is a hugely complex technology. Books on the topic are plentiful, as are online resources. While TPM has been applied dutifully on Windows PCs, laptops and embedded systems, don’t overlook the opportunity to use it for secure and simplified IoT too. Your lawyer will thank you.