Secure Elements DICE & TPM
From IIW
Secure Elements DICE and TPM
Wednesday 5C
Convener: Alan Viars
Notes-taker(s): Alan Viard
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps: Trebuchet 11
TPM 2.0 Notes
Level Setting: What is a TPM?
A Security Co-Processor
- Public Private Key Operations
- Key Creation
- Key signing
- Key exchange
- Non-Volatile Storage
- Access protected
- Symmetric encryption
- HMAC operations
- Limited symmetric encryption
Purely Passive
- It does NOT monitor your system
Level Setting: What is a TPM?
Two Questions
Why was the Specification upgraded from 1.2?
- Over 1 Billion served
Why do I care?
- How can I make use of TPMs to solve my current problems?
Why the Change from 1.2?
Security
- TPM 1.2 was built around SHA-1
- The algorithm was embedded in all structures
- There wasn’t room enough to simply change to SHA256
Complexity
- TPM 1.2 had grown “organically” after 1.1b
- It was unnecessarily complicated
Ease of use
- TPM 1.2 was hard to use
- Complexity of authorization
New Functionality
- Algorithm flexibility
- Unified Authorization
- Fast Key loading
Why Use a TPM 2.0?
Problems that can be solved/ameliorated with TPMs
- Poor entropy leading to weak keys
- Supply chain risks / Counterfeit hardware
- Keeping bad guys off of your internal network
- Keeping malware infected hardware off of your internal network
- Massive password database releases
- Multi-factor authentication
- Email Security
- FIPS certified / Common criteria certified encryption engines
- Securing your root certificates
- Merging physical and logical controls
For more information:
https://www.apress.com/us/book/9781430265832
(Free download)
For more information