The challenges that IoT brings

As IoT adoption continues to grow, a rising number of devices are so small that the inclusion of a full TPM chip might be impractical due to factors such as cost, space and power. This begs the question: what can be done within the bounds of the IoT microcontroller to implement the essential commands that would otherwise reside in the TPM? Identifying these essential commands is also problematic in that it is desirable to be robust enough to be useful, but small enough to be palatable by device manufacturers. Arguably, most of the TPM specification’s 113 commands would be unnecessary for very small IoT devices. 

Another problem for IoT is that some devices are so primitive that they lack the resources to perform the big math required to produce asymmetric digital signatures needed to securely convey health assertions. While this type of signing is universally accepted, alternatives such as HMAC for weaker devices are well known but unpopular.

Achieving roots of trust

IoT microcontroller manufacturers are including crypto accelerators (e.g. AES) in some of their product offerings. Since cryptographic primitives form the basis of many TPM commands, manufacturers have unknowingly been building the core component of a TPM. All that is missing is a little extra state machine logic to drive the accelerators to form roots of trust. This notion was the inspiration for the creation of the Measurement and Attestation RootS (MARS) subgroup within the Trusted Computing Group (TCG).

MARS is looking to specify a small subset of TPM commands necessary to support measurement and attestation. Once this has been done, manufacturers can bake in their own MARS TPM with very little overhead. This will ensure that devices that typically lack a separate TPM will still be able to include the required roots of trust. In turn, this will allow trusted computing technologies to flourish in otherwise inhospitable areas.

MARS will also be working with other groups to adopt appropriate symmetric cipher, signing and hashing algorithms. MARS has already been in contact with NIST regarding their Lightweight Cryptography Standardization Process designed to identify crypto standards that are suitable for constrained devices. Their scope is Authenticated Encryption with Associated Data with optional hashing.

The future of IoT security

Experts agree that there is a void in the area of IoT strategy when it comes to the protection of the resources and mechanisms of attestation. Through its collaboration with industry leaders, the Trusted Computing Group is drawing on their specific needs and use cases to ensure that the developed specifications offer the roots of trust required to protect critical resources and mechanisms. By doing so, the industry will have the necessary tools to efficiently participate in established trusted computing practices.

Trusted Computing Group’s new Measurement and Attestation RootS (MARS) Subgroup has been formed to develop specifications that will enable IoT manufacturers to build TCG-compliant chips with very little overhead for them and their customers. Through its innovative ideas and solutions, IoT manufacturers who were previously reluctant to add additional TPMs are able to implement some of the needed roots of trust directly onto the chip.

With Trusted Computing Group’s roots of trust, IoT device manufacturers can detect unauthorized changes to device firmware and configuration. This critical feature gives the ability for a remote resource provider to take the device configuration into consideration as to whether to allow access to its resources. With this model, somebody else can make a determination or access control decision based on what the device reports—and can trust the report.

By implementing existing capabilities and proven solutions today, IoT manufacturers can face the security threats of the future, no matter what they bring.