search.noResults

search.searching

dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
Internet of Things An alternative solution


For devices lacking a TPM, developers can instead use Device Identifier Composition Engine (DICE) based architecture. DICE uses a combination of a small hardware engine and security code embedded in boot code and later software layers to provide device identity, integrity reporting and data protection capabilities. Similar to TPM, the DICE capabilities can help perform attestation, authentication and certification of software. DICE works by organizing the boot into different layers and using a Unique Device Secret (UDS) combined with measurements of each successive software layer and its configuration to give each configuration and layer a unique secret. Each layer uses its unique secret to derive keys that can be used to protect data or report integrity information. Because the software and configuration measurements are used to calculate the secrets, the secrets are different whenever a software or configuration changes happens. If malware does get installed on the machine, when boot happens, the malware measurements will be different from the previous software, and the malware will not have access to the previous secrets. If a software vulnerability is discovered, patches can be installed which automatically


generate new secrets for the patched layer and later ones.


The DICE architecture offers strong attestation of device identity, firmware and security along with the secure deployment of software updates. All these features make it a great tool for manufacturers and developers who can reboot the device securely following a compromise, attest device firmware and security policy and allow for secure software updates. Suitable for low-cost, low power endpoints, DICE also provides strong viable security and privacy foundations for systems without a TPM and enhances the existing protection and privacy on those with a TPM.


Resilience must be built


To build on the protection provided by the TPM and DICE, engineers should also look to adopt the work of TCG’s Cyber Resilient Technologies Work Group (CyRes), which endeavors to build resilience into IoT and other systems. Resilience encompasses better protection, detection of compromise and reliable recovery to a trusted state. Particularly for consumer IoT, as devices rapidly outnumber people, it is important security capabilities have an automatic way to recover a device to a trusted state without requiring manual steps from a person.


CIE JUNE20 TELONIC:Layout 1 17/06/2020 11:40 Page 1


The CyRes work group approach is to design devices with a resilience engine, which does recovery, separate from a resilience target, which is recovered. New building blocks are defined to protect the resilience engine from the target. For example, a new building block that provides protection for the storage area used by the resilience engine to hold its code, configuration, recovery policies and backup images. The resilience engine has control so the storage is not accessible to the resilience target and if the resilience target is compromised by malware, it cannot destroy the ability of the recovery engine to do recovery. To absolve the need for manual recovery steps, another new building block works like a watchdog timer to provide a way for the resilience engine to decide when it gets a chance to run, even if the resilience target stops cooperating because it crashes or is controlled by malware.


The resilience engine and target concepts provide defense in depth. The result is even when other protections or detection techniques fail, the resilience engine can be used to force recovery of the resilience target.


Within consumer IoT, protection, detection and recovery allow unpatched or misconfigured


code to be identified and fixed. CyRes techniques also mean manufacturers, service providers or end users can update the system securely and ensure included security measures continue to safeguard the device through its lifetime.


A secure future for all As the deployment of IoT heightens in popularity, it is crucial there are a variety of measures available for system developers and product manufacturers to ensure devices remain safe and secure throughout their lifetime. The TCG technologies and standards have a pivotal part in keeping safe billions of devices from interception and attack. By encouraging a security first approach through the continued prevention of malware and viruses along with resilience to recover a device once compromised, the ecosystem remains secure and safeguarded through futureproof measures and tools. As cyberthreats grow in sophistication and IoT applications become complex, the industry can be assured there is a safe, secure future for all where information remains protected and systems remain online.


trustedcomputinggroup.org


www.cieonline.co.uk


Components in Electronics


November 2020 37


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54