As the connected digital ecosystem expands, cyberthreats and vulnerabilities are gaining momentum at an unprecedented scale. Creating a healthy immune system on every device is critical to build cyberresilience and protect organizations, end users and networks from malicious attacks. With 24.1 billion Internet of things (IoT) devices entering homes, workplaces and cities by 2030,1 the next era of cybersecurity is one that will be able to adapt to the needs of each device and consider the wider network.
Modern society increasingly places blind trust in everyday devices such as autonomous cars, smart homes and healthcare applications. With so many devices collecting, moving and storing data within the digital ecosystem, there are billions of opportunities for hackers to easily gain access to private information with varying levels of risk.
Assume Nothing
A zero trust approach to the system is needed whereby the integrity of each device and its movement of data must be determined rather than assumed. Using a zero trust approach ensures that any system or device is untrusted until it can be measured by a set of attributes to prove its trusted identity. With the complexity of devices, environments, applications and use cases, there is no one-size-fits-all approach when it comes to cybersecurity. A diverse approach is needed to address unique needs.
Every device, system or component within the digital ecosystem plays its role in creating a secure system for all. Behind this is the role of system developers and IT manufacturers who create software and hardware that provide open gateways for hackers or secure defenses. As new applications for smart refrigerators, baby monitors, automated cars and wearable technologies are developed for the consumer, security standards must be considered so that the technology is resilient to cyberthreats and stands the test of time on the market.
The aim for each device should be self-defense. The software and hardware on each device need to protect themselves to create a trusted computing ecosystem. Each device has unique requirements. To establish a foundation of security for every device in a system, a root of trust must be planted in the device.
FOR OPTIMUM SECURITY, A HARDWARE-BASED IDENTITY AND ATTESTATION PLATFORM FOR DATA INTEGRITY, DEVICE RECOVERY AND SYSTEM UPDATES IS NEEDEDS.
Establishing a Root of Trust
The trust in connected devices can be determined only by the trust in the secure integrity of the device. The Trusted Platform Module (TPM) is a standard hardware root of trust that has been adopted in millions of devices in the last decade to provide integrity measurements, health checks and authentication services to protect embedded systems.2 Depending on the requirements of each unique system, the chip can be implemented at different security levels and is equipped to protect even against the most sophisticated attacks. The TPM provides secure storage of boot and runtime state, and cryptographic secrets such as private encryption keys. Resistant to physical attack, the chip prevents attackers from recoding the device and accessing stored data by hiding these keys so that the data cannot be read and authorized users cannot be locked out. In addition, the TPM combines robust cryptographic identity with remote security management features such as remote attestation. Since the TPM is defined by open standards, designers can choose from a variety of TPM products from different vendors supported by common software. For example, device manufacturers can use the TPM to detect unauthorized changes to the device firmware and configuration, enabling manufacturers to consider whether to enable access depending on what the device reports.
Breaking Down Barriers to Security: Space and Resources
Physical space is not just an issue for IoT devices when it comes to adopting security technologies such as TPM. Resource and budget constraints are also realities that must be overcome to mitigate serious risk. With limited space, power and money available to integrate secure technologies, it becomes more difficult to create and maintain the optimum trusted computing environment. A combination of hardware support and software techniques to achieve this is recommended.
Adopting TPM functionality into the hardware is possible for even the smallest IoT devices with small TPM chips that can be integrated in a variety of devices no matter the size. This enables devices to adopt device integrity and attestation on existing hardware to reduce the number of vulnerable gateways for hackers to enter the IoT ecosystem.
For optimum security, a hardware-based identity and attestation platform for data integrity, device recovery and system updates is needed. With a layered boot architecture, each layer and configuration with its hardware root of trust for measurement works by organizing the boot into layers and creating secrets unique to each layer and configuration based on a unique device secret like individual fingerprints. If a different code is booted, the deviation from the standard boot will be recognized and different secrets will be generated to prevent attackers from accessing any genuine data. If, however, a vulnerability does exist and discloses a secret, the code automatically patches and re-keys the device, making it possible to recover the data while preventing it from being read. Suitable for low-cost, low-power endpoints, a Device Identifier Composition Engine (DICE) creates cryptographically strong device identities, which form the foundation for attestation for software updates and patches. It helps to provide viable security and privacy foundations for systems without a TPM and enhances the security and privacy of systems with a TPM. In both cases, it creates a strong device identity, attestation of device firmware, and security policy with verification of software updates and safe deployment.
Overcoming the Cybersecurity Skills Gap
With many devices requiring enhanced security across the embedded and industrial markets with a wide range of systems, there needs to be a simplified way to adopt secure TPM functionalities. By removing the need for programmers to be TPM experts to apply the security benefits provided by Trusting Computing Group (TCG)-certified TPM 2.0 chips, another obstacle can be removed while keeping the connected ecosystem secure.
ROOT OF TRUST IS THE FOUNDATION OF ANY PLATFORM FIRMWARE INTEGRITY ASSURANCE—WITHOUT IT, THERE IS NO WAY TO DETERMINE THE RECORD TO INFORM TRUSTED DECISIONS.
In resource constraint devices, such as high-performance multicore information and communication technology (ICT) systems such as cloud servers or small resource-constraint IoT nodes such as sensors, an application programming interface (API) is needed for easier adoption of TPM functionalities. Using an API enables cost-effective and simplified implementation of the storage, management and processing of cryptographic keys inside the secure boundaries of a TPM chip to enhance the security of devices and networks. These functions include signing, key storage in hierarchies, authorization, secure time, personalization, life cycle management and certificate management. To easily activate these functions, the API provides automated processing for key storage, default cryptographic configuration for administrators, best-practice provisioning, file system integration and process evaluation. Both high- and low-level applications can implement the TPM functionalities with the Feature Application Programming Interface (FAPI) specification, which means it can be used in systems and devices across worldwide markets. By implementing these standards to be suitable for varying device needs, more embedded, automotive and IoT systems will build resilience to sophisticated attacks, and a secure connected ecosystem will be possible.
Looking for Risk Above and Beyond
When looking ahead to prepare for risk, more consideration for secure systems goes beyond roots of trust measurement and platform attestation. The wider network must be considered, as hackers are now becoming more sophisticated and are trying to bypass the security and attack at the hardware level. The world beyond the device requires every step to be taken to eliminate any risk in the transmission of data between devices.
A hacker can modify the firmware of a keyboard and produce a key logger, which enables them to send messages, create malicious codes or redirect traffic log information, causing significant damage. For devices to be able to attest to their own integrity when connected to an entire network infrastructure, they need to be able to determine the configuration of the hardware and what firmware has been run. By taking measurements that are stored in the TPM, a network administrator or verifier can determine what is currently running.
However, to ensure a trusted decision can be made, the verifier needs to identify what should be running on the system and require a baseline to which a set of measurements can be compared. A reference needs to be produced that reflects the set of measurements made when the platform is configured as the platform manufacturer ships the system. Storing this measurement in a system enables the recording of the integrity measurement to be evaluated against what it should be to identify whether the system has lost its integrity.
Consider Every Open Gateway
Root of trust is the foundation of any platform firmware integrity assurance—without it, there is no way to determine the record to inform trusted decisions. Both the trust of the system and every component around it in the network need to be established to achieve a safe and secure trusted ecosystem. In considering every vulnerable opportunity possible and overcoming challenges that IT developers face, TCG’s specifications can be applied across all vertical markets, offering the building blocks to create a secure ecosystem from smart home devices to satellite networks. With a diverse number of specifications available that address unique challenges, there is always a way to enhance security and consider the options to stay ahead of the threats of the future.
Endnotes
1 Transforma Insights, “Global IoT Market Will Grow to 24.1 Billion Devices in 2030, Generating $1.5 Trillion Annual Revenue,” 19 May 2020, http://transformainsights.com/news/iot-market-24-billion-usd15-trillion-revenue-2030
2 Teo, J.; Cyber Security and Global Information Assurance: Threat Analysis and Response Solutions, IGI Global, USA, 2009, p. 343–370
Thorsten Stremlau
Is a senior engineering staff member and chief technology officer (CTO) within Lenovo’s Intelligent Devices Group PC and Smart Devices business. He is also the marketing work group chair at Trusted Computing Group (TCG). His career has been dedicated to identifying solutions and strategic implementations for customers in all aspects of IT. Having been part of TCG from its inception, Stremlau has helped drive acceptance of Trusted Platform Module (TPM) products.