Joe Pennisi, President of the Trusted Computing Group (TCG), tells us how TCG and its Trusted Platform Module (TPM), a secure crypto-processor which is attached to a device, can provide a strong first line of defence when a device is remotely attacked or physically stolen – providing robust, hardware-based protection instead of being solely reliant on software security programs.
Personal devices, including laptops and computers, have completely transformed the way society operates. Whether device owners are accessing banking or healthcare applications, working remotely or visiting their favourite social media or entertainment channels, ensuring adequate security measurements are in place to avoid falling victim to a malicious attack is pivotal.
In 2024 the global average cost of a data breach was US$4.88 million, with hackers continuing to weaponise the devices we rely on to cause significant financial and reputational damage through ransomware and other sophisticated methods. It’s not just remote attacks we need to worry about either: if a device is physically stolen, then its owner needs to be able to trust that the data and secrets held on the device will be sealed off against unauthorised access. This is where the Trusted Computing Group (TCG) and its Trusted Platform Module (TPM) comes in.
Protecting you from attacks
Ensuring the concept of trusted computing for 25 years now, the TPM is a secure crypto-processor which is attached to a device for secure operations. Using a TPM helps to protect a user’s identity and sensitive data by storing the keys crucial to encryption, decryption and authentication. Doing so provides a strong first line of defence against potentially critical malware and firmware attacks, as all data will remain encrypted.
Currently sitting within over two billion devices worldwide, the TPM is a ‘silent guardian’ that ensures optimal device security despite the fact many people remain unaware of its existence. This includes the devices where the element of security may be an afterthought – such as printers and washing machines.
By implementing a TPM chip, devices gain robust, hardware-based protection rather than being solely reliant on software security programs. This means manufacturers can quickly and easily encrypt disks and prevent a range of firmware, ransomware and dictionary attacks.
Ensuring the highest levels of security
The TPM standard defines a hardware Root-of-Trust (RoT) that can be used alongside software to enable key security features, including integrity measurements, health checks and authentication services.
Once a device is booted up, the TPM will review its health and environment, and only allow operations to begin so long as the device is found to be in a trustworthy state. Residing within a device as a dedicated processor, the TPM contains an Endorsement Key (EK), which is resistant to software-based access, and an Attestation Identity Key (AIK) to protect the device against unauthorised modification. It achieves this by measuring sections of firmware and software before they are executed.
These measurements are then provided to the server for validation when your system tries to connect to a network. In the event they don’t match, the boot process will not occur, and there will be no way to access and exploit any data stored in your device.
TPMs essentially offer enhanced security measures by signing and verifying data provided to your device to establish its identity. It also provides hardened storage for software and platform keys to protect algorithms being used. In the event an attack is successful, unauthorised entities still won’t be able to access the information stored within the TPM, giving users assurance that they do not need their systems constantly evaluated by security professionals.
Evolving the TPM
While earlier TPM standards were incorporated into billions of devices including servers, embedded systems and network gear, the evolving nature of IoT and the increased demand for security beyond the traditional PC environment led us to develop a new TPM specification – one that was adopted as an international standard, ISO/IEC 11889:2015.
To offer greater flexibility of application and to enable more widespread usage of TPMs, we took a ‘library’ approach to TPM 2.0. Doing so allowed users to choose the most applicable aspects of TPM functionality for the level of implementation and security required. Additionally, new features and functions were added, such as ‘algorithm agility’, which provides the ability to implement new cryptographic algorithms as needed. This flexibility allows the newest TPMs to be applied to a range of embedded applications, including those found in automotive, industrial, smart homes and beyond.
Another feature, ‘algorithm interchangeability’ gives the TPM the power to exchange algorithms for enhanced cryptographic agility. TPM 2.0 overcomes previous limitations through improved basic verification signatures and the ability to handle keys for both limited and conditional use. As a result, manufacturers can instil greater functionality, enhanced device performance and quicker operations, with the chip capable of being used in devices and applications where resources are limited.
TPM solutions for different requirements
There are several types of TPMs especially popular today, all offering different trade-offs between cost, features and security. For example, a Discrete TPM provides the highest level of security, as might be needed to secure a brake controller in a car. This TPM ensures that the device it is protecting will not be hacked even via sophisticated measures. To accomplish this, a discrete chip is designed, built and evaluated for the highest level of security to resist potential tampering.
Next is an Integrated TPM. It still has a hardware TPM but is instead integrated into a chip that provides functions other than security. The hardware implementation makes it resistant to software bugs, yet the level is not designed specifically to be tamper resistant.
Firmware TPMs are implemented in protected firmware; as the code runs on the main central processing unit (CPU), a separate chip is not used. The code is hosted within a protected environment that is separated from the rest of the programs found in the CPU. This is known as a ‘trusted execution environment’ (TEE), and this method of separation means secrets like private keys that might be required by the TPM but not be accessed by others are kept protected. This also ensures a difficult path for hackers to access these keys in the event of a successful attack.
Businesses can also choose to use a Software TPM, which is actually implemented as an emulator of a TPM. While offering fewer security capabilities, this option is very good for building and/or testing a system prototype with a TPM in it.
In today’s computing landscape, many IoT systems now include sensors and rely to some degree on cloud processing – which means virtualisation. In cloud environments, a virtual TPM (vTPM) can be used to form part of the environment and provide the same commands that a physical TPM would – the main difference being that these commands are dictated separately to each virtual machine.
Looking to the future
It should come as no surprise that the TPM 2.0 has become an essential tool in supporting cybersecurity, with major organisations mandating its presence for operating systems such as Windows 11. Important features people rely on, such as Windows Hello for identity protection, or BitLocker for data protection, are underpinned by the TPM’s capabilities, making this RoT an indispensable component of any device’s security infrastructure.
TCG won’t rest on their laurels however, and we will continue to evaluate current and future market requirements to evolve the TPM further. One topic on the mind of every security professional at the moment is Quantum Computing. We are fast approaching an age in which quantum computers will be able to crack all kinds of security, including the ones considered ‘hard’ by cryptographers. Both Shor’s and Grover’s algorithms have the potential to undermine all current security measures, and up to 54% of cryptographic experts now expect RSA-2048-scale quantum computers will be developed before 2040.
Thankfully, institutions such as the National Institute of Standards and Technology (NIST) have standardised new algorithms to try to get ahead of this pressing deadline.
TCG continues to monitor and remain aligned with the roadmap outlined by NIST, and are considering the way such algorithms can be adopted in future TPM standards.
