TCG Members Infineon Technologies and Juniper Networks Demonstrate How to Secure Network Equipment with TPM at Mobile World Congress
PORTLAND, Ore., Feb.13, 2018 – Trusted Computing Group (TCG) today announced new guidance and an architects guide to secure network equipment. In a few weeks at Mobile World Congress, TCG members Infineon Technologies and Juniper Networks will demonstrate these recommendations in Stand 6C4, Hall 6.
Recent attacks such as CherryBlossom and Marai have exposed some networks and data, resulting in significant data loss and impact to business. TCG’s new guidance and architects guide, developed with input from network equipment makers and their suppliers, offer designers and developers of network equipment, including routers, switches and firewalls, specific recommendations and best practices to secure against compromise. Strong hardware security enabled by the Trusted Platform Module (TPM) ensures that equipment is tamper-resistant and protected against a variety of attacks.
The Mobile World Congress demo will showcase the Juniper Networks® SRX320 Services Gateway protected with the Infineon OPTIGA™ TPM. The TPM prevents physical and logical tampering of the router and securely stores an encrypted hash. If the router configuration is updated but not authorized, the router will not boot, thereby preventing a potential attack. This is just one of the 12 use cases described in the guidance document. The companies also will discuss implementation of the guidance and TPM in a webcast on Feb. 21, 2018.
TCG recognizes that network equipment is shipped as a closed embedded system with security provided by the unit as a whole; equipment must boot and operate without manual intervention; and the equipment itself typically should not have the ability to hide or mask its own identity. As with many embedded and industrial systems, network equipment typically has a long life cycle. Recommendations offered by TCG and members include:
- Devices should use a TPM as a hardware-based root of trust
- Devices should provide a cryptographic device identity based on IEEE 802.1AR and use the TPM to protect keys. Cryptographic identity can provide a reliable way to identify remote devices for applications involving device management, configuration and authentication
- The TPM can be used to protect confidential data, such as VPN keys in network equipment
- TPM-based attestation can offer assurance to the integrity of software running on network equipment
- Use of the TPM’s random number generator can enhance the strength of cryptographic protocols by providing additional entropy
Implementing these recommendations can raise the bar for network equipment security and substantially increases the difficulty for attackers who want to undermine this security.
TCG (@TrustedComputin) is a not-for-profit organization that develops, defines and promotes open, vendor-neutral, global industry standards, supportive of a hardware-based root of trust, for interoperable trusted computing platforms. More information about TCG is available at www.trustedcomputinggroup.org. Follow TCG on Twitter and on LinkedIn.
Brands and trademarks are the property of their respective owners.
This is a Security Bloggers Network syndicated blog post authored by TCG Admin. Read the original post at: Trusted Computing Group