Interview of Ari Singer, CTO by Ives Brant, Director of Marketing
“TPMs are poorly understood by many, well understood by few.”
TrustiPhi regularly engages with organizations that are grappling with whether their hardware-level security should incorporate a TPM. In some cases, the answer is yes. In others, newer technologies make more sense.
The TPM is Like a Storage Safe
In traditional TPM implementations, software is “measured” before it is run, in order to identify rogue software. The measurements are stored in the TPM, giving it second-hand awareness of “bad” software. The TPM will protect keys it holds, refusing access to rogue software that does not meet the expected measurements. For instance, a TPM might not allow a key on a compromised system to be used to authenticate a device to a bank, and that will prevent an attacker from accessing an account.
Threats that Authenta Addresses
Q: Trusted Platform Modules (TPMs), are built into billions of devices. What are key highlights of what they are, and their functions?
Ari: TPM is the first commercial implementation of modern trusted computing. It supports many of the traditional functions of a security modules like data encryption and device authentication, but it also can be used to help a device remain secure after successful attacks and reliably report on the device’s security.
You could also define trusted computing as “the use of a computer where there is confidence that the computer will behave as expected.”
The TPM is usually a specialized chip on an endpoint’s motherboard that stores cryptographic keys on behalf of its host system for authentication and protection of the endpoint. Trusted platform modules are self-contained components that have their own storage and processing capabilities. Each TPM chip contains one or more unique key pairs, certified by the vendor, called Endorsement Keys (EKs), for validating the TPM’s authenticity. A TPM can also store platform “measurements” that identify software and firmware running on the platform.
Q: Are TPMs difficult for bad actors to break through?
Ari: Yes. Typically, to stop the TPM from protecting the system, a hacker must interfere with it physically.
Q: TPMs have been widely used in all kinds of computers[AS1] . Are they relevant to the Internet of Things?
Ari: Yes, TPMs will be architected into billions of Internet of Things devices.
Q: Do most hardware engineers have a good understanding of how TPMs work?
Ari: No. TPM is a very complex technology that requires complementary components to be useful. There are many misconceptions, even within the industry, about what TPMs actually do.
Q: Can you give an example of such a misconception?
Ari: Sure – many believe that a TPM somehow controls the system of which it is a part. This is incorrect. In fact, a TPM is 100% passive with respect to the rest of the system. TPMs do not control anything on the host system they are embedded into.
Q: What does a TPM do?
Ari: The TPM is a tool that is used to enforce security policies on the system. It carries out protected operations on internal resources such as keys and software measurements. When used in the right way, it can keep a record (measurement) of what is running on the platform, securely report the measurement and only decrypt or authenticate data when the policies say it is okay.
Q: In the product development process, how is the TPM designed into a system?
Ari: The TPM is one piece of a broader security ecosystem in a device or product. That ecosystem includes everything from the BIOS to motherboards to account passwords. It’s up to the system designers to create systems that correctly use the TPM.
What determines whether you should build a security architecture around TPMs in 2021? We began with Ari Singer, who is CTO here at TrustiPhi and a long-time security architect with two decades in trusted computing. He has chaired both the Trusted Computing Group’s Trusted Platform Module (TPM) work group and the TPM Software Stack (TSS) working group and was a key contributor to the TPM 1.2 and 2.0 specifications. He has led teams that developed multiple TSS and TPM firmware implementations and TPM-enabled applications. Ari was also chair of the IEEE P1363 working group, which defined the leading standard for public key cryptography.
Q: What is a practical use of TPMs in the Internet of Things?
Ari: System designers can use TPMs to make it extremely difficult for a bad actor to swap out a system component without it being caught. For example, in automotive electronic control units (ECU), the ECU designer can build in dependencies on the TPM.
Q: Do TPMs provide Secure Boot capability to a system?
Ari: That’s another widespread misconception. The fact is, a TPM doesn’t help much to carry out Secure Boot. One reason is the sequence of events; secure boot happens before the TPM can come into play. When a system powers on, early boot code (such as a UEFI BIOS) must decide what software will run next and what measurements will be sent to the TPM. Only after those secure boot decisions are made, can the TPM be used. The currently-running software can use the TPM to authenticate or decrypt the next piece of software
Q: So TPMs have no role to play in secure boot at all?
Ari: Yes, and no. The TPM has no impact on a secure boot, but the TPM can support a well-designed boot process (including “measured boot”).
Q: If a company is determined to work with TPMs as its hardware security, who does it bring on board – where does it find the expertise?
Ari: That’s a good question, because few people really know how to work with TPMs. There’s a real shortage of TPM skills. One effect of this shortage is that TPMs are not being fully leveraged for security gains.
Q: You’re saying that most TPMs are not being tapped to their full potential?
Ari: That’s definitely the case. Most devices with TPMs use them minimally.
Q: Will that limit the use of TPMs for the Internet of Things?
Ari: Initially, it certainly has. However, with the newer, more flexible TPM 2.0, designers and developers may be able to more easily select granular TPM functions for embedded applications, from automotive ECUs to industrial sensors and smart home devices.
Reference Example: https://trustedcomputinggroup.org/resource/tcg-tpm-2-0-library-profile-for-automotive-thin/
Q: You mentioned a shortage of TPM expertise – are they very difficult to use?
Ari: Exceedingly difficult. TPM were not designed to be user-friendly, and it’s not.In fact, TPMs are so complicated that not many companies have built solutions to leverage them, despite there actually being a lot of support for TPMs – HP, IBM, Dell, Intel, Microsoft and others, over the years, built a whole ecosystem to make implementation of TPMs for PCs feasible.
Q: What cost factors come with TPMs?
Ari: TPMs are a relatively expensive addition to a system’s bill of materials. In most cases, TPMs are hardware – but they require a lot more than hardware to be implemented. To figure the cost, add in software, adapting the physical design of the device, changes to the system architecture, and modifications to integrate with the broader infrastructure. It’s simplistic to make any rough estimate, but adding a TPM could easily increase the cost of a device by fifty cents or more.
Q: Is that a high price for hardware-level security?
Ari: For many embedded applications, selling at a lower price point, fifty cents could be unacceptable. For devices already being re-architected or that have high security requirements, like those used to operate and secure industrial sites or critical infrastructure, the incremental cost is more likely to be justifiable.
Q: When should TPMs not be considered for use?
Ari: If the requirement is just to protect symmetric or asymmetric keys, then simpler hardware or software-based designs can probably meet that requirement as well as a TPM.
Q: What if what’s needed is merely a secure repository for encryption keys?
Ari: Then TPM is probably overkill and overspend.
Q: Besides being used in new products, can you retrofit existing systems with a TPM?
Ari: Certainly not with a hardware-based TPM. The TPM has to be architected into the overall system from the beginning. There’s no way to plug TPMs into the design after a device has been physically manufactured. The TPM requires real estate on the circuit board, and to perform properly it has to be carefully integrated into the boot process and security functions of the platform.
Q: And if the TPM is not hardware?
Ari: Firmware or software-based TPMs are typically not as secure as a hardware-based TPM, but they do offer an option that, yes, could be integrated into an existing design.
Q: What are the takeaways for security architects designing new products?
Ari: Adding TPM to the requirements list for a new system does not magically solve the security problems. There is extensive integration and implementation work involved, and that takes time and money.
Q: Is TPM the best solution for IoT devices?
Ari: There’s no absolute yes or no answer, but for simpler, smaller devices which describes much of the IoT, there are alternatives like SoCs, devices with a Trusted Execution Environment (TEE), and Micron Authenta, which is. a hardware security element in an otherwise standard flash memory chip. Each solution has its tradeoffs for loT applications.