Secure Elements DICE & TPM

From IIW
Jump to: navigation, search

Secure Elements DICE and TPM


Wednesday 5C

Convener: Alan Viars

Notes-taker(s): Alan Viard


Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps: Trebuchet 11


TPM 2.0 Notes


Level Setting: What is a TPM?

A Security Co-Processor

Public Private Key Operations
Key Creation
Key signing
Key exchange
Non-Volatile Storage
Access protected
Symmetric encryption
HMAC operations
Limited symmetric encryption


Purely Passive

It does NOT monitor your system



Level Setting: What is a TPM?

Two Questions

Why was the Specification upgraded from 1.2?

Over 1 Billion served


Why do I care?

How can I make use of TPMs to solve my current problems?

Why the Change from 1.2?

Security

TPM 1.2 was built around SHA-1
The algorithm was embedded in all structures
There wasn’t room enough to simply change to SHA256


Complexity

TPM 1.2 had grown “organically” after 1.1b
It was unnecessarily complicated


Ease of use

TPM 1.2 was hard to use
Complexity of authorization


New Functionality

Algorithm flexibility
Unified Authorization
Fast Key loading


Why Use a TPM 2.0?

Problems that can be solved/ameliorated with TPMs

Poor entropy leading to weak keys
Supply chain risks / Counterfeit hardware
Keeping bad guys off of your internal network
Keeping malware infected hardware off of your internal network
Massive password database releases
Multi-factor authentication
Email Security
FIPS certified / Common criteria certified encryption engines
Securing your root certificates
Merging physical and logical controls



For more information:

https://www.apress.com/us/book/9781430265832

(Free download)


For more information

Dice: https://trustedcomputinggroup.org/winbond-introduces-trustmetm-secure-flash-memory-implementing-trusted-computing-group-tcg-device-identifier-composition-engine-dice-architectu