OnBoard Security InSights

TPM - a Powerful, Inexpensive Security Building Block

Posted by Lee Wilson on Mar 22, 2018 1:51:50 PM
Find me on:

There are two worlds of computer security - high-end systems and then everything else. Both high- and low-end systems typically employ “top-down” defenses to harden their attack surfaces. These are “software-only” security techniques.

High-end and specialized systems have the additional protection of “bottom-up” defenses in the form of Hardware Security Modules (HSMs). HSMs sequester secrets (keys) from the general processing environment ensuring they cannot be stolen if the system is attacked. HSMs for these high-end systems are typically very expensive, making them impractical for low-end systems that still require solid cybersecurity.

As cyber-attacks become increasingly more common, there is a need for additional “bottom-up” hardware-based security, including code measurement. Software security measurement systems take a “snapshot” of a system by building transitive trust chains of software measurements (hashes) and storing them in tamper-proof storage. These measurements are used for the following functions:

  • Permit “attestation” (cybersecurity health checks) of a system by a remote appraiser.
  • “Seal” system secrets preventing their exposure when a system is attacked.
  • Authorize security operations based on the real-time health of the system assessed using the measurements.
  • Comprehensive code measurements are now considered to be a fundamental part of system security. They can be used to detect deep threats (e.g. bootkits and rootkits) which are otherwise undetectable by most “software-only” security solutions (firewalls, anti-virus software, etc.) or by traditional HSMs, which do not have these code measurement capabilities.

A sensible next step in hardware-based security is to combine code measurement with the key protection capabilities of an HSM, resulting in the Trusted Platform Module (TPM) 2.0.

TPM blog image

TPM 2.0 meets the performance and low cost requirements of the majority of the world’s computing platforms. TPM 2.0 complies with both Trusted Computing Group and ISO specifications so it is truly an international standard. TPM 2.0 gives all computing platforms – from servers all the way down to the Internet of Things sensors - the robust, modern hardware-based security needed to address the 21st century’s real and ever-growing cybersecurity challenges.

This blog was originally published in IIoT-World.com

Topics: Cyptography, Internet of Things, Embedded Security, Cyber Security, TPM, TSS, Trusted Computing, IoT,

Learn About the Latest in IoT Security from Our Team of Experts

 

OnBoard Security's security experts share insights on the latest security topics in:

  • Connected Cars
  • Autonomous Vehicles
  • Internet of Things
  • Quantum Computing

Subscribe to Email Updates

Recent Posts