Evolving the TPM

While earlier TPM standards were incorporated into billions of devices including servers, embedded systems and network gear, the evolving nature of IoT and the increased demand for security beyond the traditional PC environment led us to develop a new TPM specification – one that was adopted as an international standard, ISO / IEC 11889:2015.

To offer greater flexibility of application and to enable more widespread usage of TPMs, we took a‘ library’ approach to TPM 2.0. Doing so allowed users to choose the most applicable aspects of TPM functionality for the level of implementation and security required. Additionally, new features and functions were added, such as‘ algorithm agility’, which provides the ability to implement new cryptographic algorithms as needed. This flexibility allows the newest TPMs to be applied to a range of embedded applications, including those found in automotive, industrial, smart homes and beyond.

Another feature,‘ algorithm interchangeability’ gives the TPM the power to exchange algorithms for enhanced cryptographic agility. TPM 2.0 overcomes previous limitations through improved basic verification signatures and the ability to handle keys for both limited and conditional use. As a result, manufacturers can instil greater functionality, enhanced device performance and quicker operations, with the chip capable of being used in devices and applications where resources are limited.

TPM solutions for different requirements

There are several types of TPMs especially popular today, all offering different trade-offs between cost, features and security. For example, a Discrete TPM provides the highest level of security, as might be needed to secure a brake controller in a car. This TPM ensures that the device it is protecting will not be hacked even via sophisticated measures. To accomplish this, a discrete chip is designed, built and evaluated for the highest level of security to resist potential tampering.

Next is an Integrated TPM. It still has a hardware TPM but is instead integrated into a chip that provides functions other than security. The hardware implementation makes it resistant to software bugs, yet the level is not designed specifically to be tamper resistant.

Firmware TPMs are implemented in protected firmware; as the code runs on the main central processing unit( CPU), a separate chip is not used.

The code is hosted within a protected environment that is separated from the rest of the programs found in the CPU. This is known as a‘ trusted execution environment’( TEE), and this method of separation means secrets like private keys that might be required by the TPM but not be accessed by others are kept protected. This also ensures a difficult path for hackers to access these keys in the event of a successful attack.

Businesses can also choose to use a Software TPM, which is actually implemented as an emulator of a TPM. While offering fewer security capabilities, this option is very good for building and / or testing a system prototype with a TPM in it.

In today’ s computing landscape, many IoT systems now include sensors and rely to some degree on cloud processing – which means virtualisation. In cloud environments, a virtual TPM( vTPM) can be used to form part of the environment and provide the same commands that a physical TPM would – the main difference being that these commands are dictated separately to each virtual machine.

Looking to the future

It should come as no surprise that the TPM 2.0 has become an essential tool in supporting cybersecurity, with major organisations mandating its presence for operating systems such as Windows 11. Important features people rely on, such as Windows Hello for identity protection, or BitLocker for data protection, are underpinned by the TPM’ s capabilities, making this RoT an indispensable component of any device’ s security infrastructure.

TCG won’ t rest on their laurels however, and we will continue to evaluate current and future market requirements to evolve the TPM further. One topic on the mind of every security professional at the moment is Quantum Computing. We are fast approaching an age in which quantum computers will be able to crack all kinds of security, including the ones considered‘ hard’ by cryptographers. Both Shor’ s and Grover’ s algorithms have the potential to undermine all current security measures, and up to 54 % of cryptographic experts now expect RSA-2048-scale quantum computers will be developed before 2040.

Thankfully, institutions such as the National Institute of Standards and Technology( NIST) have standardised new algorithms to try to get ahead of this pressing deadline.

TCG continues to monitor and remain aligned with the roadmap outlined by NIST, and are considering the way such algorithms can be adopted in future TPM standards.

TPMs essentially offer enhanced security measures by signing and verifying data provided to your device to establish its identity.

WWW. INTELLIGENTCISO. COM 53