By: Dennis Mattoon

Whether in the enterprise or the consumer space, trusted computing should form the backbone of your networks to ensure digital connectivity is safe and secure. Standards are essential to establish this, comprising specifications, guidance, and software developed by internationally recognised bodies such as the Trusted Computing Group (TCG). By implementing these standards, users can rest assured any component found within a computer network can be reliably verified—keeping their network safe from malicious activity.

When it comes to security, organizations often focus primarily on device, network, and data security. These are all relevant areas to address, but one area often neglected is firmware security. The number of attacks against firmware—the code responsible for device behaviour—continues to increase exponentially. If hackers gain access to the firmware, they can quickly gain complete control over the device and cause significant damage.

Attacks against consumer products such as smartwatches are commonplace, but with the growth of embedded systems and the Internet of Things (IoT), we are seeing a notable rise in attacks on firmware used in industrial settings. Through something as innocuous as a sensor, cybercriminals can gain access to critical infrastructure and create major disruption to operations. Not only are these attackers stealing sensitive data, but they can also modify the behaviour of certain technologies—for example, raising the temperature on a thermostat to ruin produce or endanger livestock. Consequently, solutions that can protect operations within the firmware and ensure routine device behaviour are of paramount importance.

Establishing a ‘trusted’ network

As technologies continue to develop and evolve, so do the bodies that establish the standards and the specifications they design to enhance security measures. The core concept of trusted computing has been expanded beyond personal computers to cover a wide range of technologies and concepts, from cloud computing and virtualization to data center technologies, automated vehicles, and supply chain security. The standards and specifications available to organizations continue to play a crucial role across a number of industries, especially finance, healthcare and industry, where cybersecurity may not always be the first thing on the agenda.

One of the most essential standards used in devices today is the Trusted Platform Module (TPM), a hardware-based security feature that ensures a safe environment for storing and processing private data. Over a billion devices across the world leverage a TPM to store cryptographic keys and other sensitive information while attesting to the identity of software, firmware, and other elements running on a device. Take the industrial sector as an example—a TPM establishes trust in communications between any devices and control systems found within a factory to protect the integrity of the device and its data. 

Choosing the right solution

Not every specification will fit perfectly with the devices you leverage, however. For larger devices, the TPM can help successfully defend against firmware attacks, but for smaller devices—such as tiny sensors found in vehicles or smartphones—this hardware Root-of-Trust (RoT) can often be larger than the device to which it attaches. In these circumstances, solutions like the Device Identity Composition Engine (DICE) are critical, but vendors may still require some guidance as to which RoT is most suitable for their requirements. DICE enables secure positioning of device identities, including the generation and management of device-specific keys. Through specifications like DICE, attributes that identify a device (such as manufacturer, model, and serial numbers) can be stored safely in a protected environment to reduce the risk of illicit tampering.

For resource-constrained devices like microcontroller units (MCU), device security typically relies on a combination of hardware protection for secrets and the fortification of measurements and keys used in firmware. Before solutions like DICE, the device