IoT and Chain of Trust
In the previous article, we discussed what TPM means and features of TPM. In this short article we'll see applications of TPM in creating and establishing chain of trust.
Establishing a tamper proof chain of trust works at two levels. First, a device is booted in a trusted manner. This device interacts with other devices which are also booted in a secure way. The second level deals with establishing "chain of trust" amongst these secure devices. It is important to note that TPM only provides required mechanism to establish root of trust, but it is entirely up to the host machine and software (which includes OS as well as application software) to establish trusted execution environment and should be
capable of doing so. Let's see how this mechanism works, with the help of a simple example.
Consider a simplistic IoT setup as shown in following figure.
The Server
At the time of boot, BIOS uses Core Root of Trust i.e. BIOS boot block which is immutable, to measure BIOS blocks and stores the hash to Platform Configuration Register (PCR) 0 in TPM. When BIOS boot block needs to start next module, it again "measures" it and updates the hash in TPM. This process repeats until BIOS finishes execution. At the end of this step, the BIOS is measured up and the hash is available with TPM, if required.
When the control passes to boot loader, similar to BIOS, it measures various software modules that it invokes and updates TPM's PCRs. Once the server boots, application software continues to measure software components and update PCRs with this data. This also include kernel modules, drivers etc. So whenever any request is received to execute any piece of software, it is validated first with TPM hash and then it is executed. Any tampering with any software module after system boot-up will cause a mismatching "measurements", thus securing the system.
This process flow can be depicted as shown in following figure.
Edge computing devices
These devices themselves are small computers and they too have their own TPM modules on board. Exactly the same procedure is followed in booting up these devices as in Server.
Chain of Trust between Server and Edge devices
Till this point, the server as well as edge devices are booted in "clean" environment. From this step onwards, edge devices authenticate themselves with the server using encrypted communication channels. Authentication and extending chain of trust beyond the server boundary can be achieved by integrating security features across solution logic.
Chain of Trust between Edge devices and smart sensors
Integrating a hardware TPM at sensor level may not be feasible considering real-estate, cost benefits and onboard computing power. Many a times, the device merely transmits data to edge device. Even in such cases, fair amount of security measures can be implemented, which we will discuss in a separate article. However, it will suffice to say that the edge device should closely monitor and authenticate these devices frequently so as to thwart any physical tampering attempt.
References
Unified Extensible Firmware InterfaceThe Trusted Computing Group
Comments
Post a Comment