Mocana Embraces TPM 2.0 for IoT Device Authentication Assurance

Mocana TPM 2.0

Mocana is set to announce on July 25 that it is supporting the Trusted Platform Module (TPM) 2.0 standard to help improve the security of embedded devices that make up the internet of things (IoT).

The TPM 2.0 standard enables organizations to provide cryptographic assurance about software delivery. TPM 2.0 support on the Mocana platform also enables new forms of embedded security for containers running on devices. A core improvement that TPM 2.0 provides over the older TPM 1.2 standard is that multiple sets of cryptographic keys and owners can be involved in the attestation process for security and authenticity.

“The multiple hierarchies of the keys allow us to provide solutions sets for signing and for endorsement process that are associated with the various ownership models and it allows us to put things together for a  supply chain where we can have multiple signatories,” Dean Weber, CTO of Mocana, told eWEEK. “TPM 1.2 had a single owner, whereas in this new model we can promote multiple owners.”

Mocana is an embedded security software provider that provides software offerings that helps vendors to secure devices. Mocana got started back in 2002 when the term IoT didn’t exist, though there were embedded computing devices. The growing volume of IoT devices has led to an increase in demand for technologies that Mocana delivers, which is why the company raised an $11 million funding round in May 2017.

With the multiple owner model for cryptographic assurance that TPM 2.0 enables, Weber said that attestation for example can be such that keys can be assigned to the vendor that builds a TPM, a seperate set of key can go to the vendor that builds the platform and another to the organizations that owns the platform. Weber said that with TPM 2.0, the hierarchy of the key architecture can remain independent, hereby providing for providence and endorsement of the platform from TPM creation all the way through application execution.

Steve Hanna, senior principal at Infineon Technologies and co-chair of the Embedded Systems Work Group in the Trusted Computing Group (TCG) commented that TPM 2.0 also provides cryptographic algorithm independence. He noted that with TPM 1.2 users were limited to only being able to use SHA and RSA cryptographic algorithms.

“TPM 2.0 is a library specification, so it’s no longer a one size fits all all approach,” Hanna told eWEEK. “There’s a recognition that TPM is used in embedded systems as well as still being used in PCs, laptops, tablets, mobile phones and servers.”

Secure Updates

A key challenge for embedded devices is the delivery of secure updates, which is an issue that TPM 2.0 and Mocana are aiming to help solve. Weber explained that the key architecture in TPM 2.0 helps to enable a secure update process.

“We have the software enabled function of secure updates, where we’re using secure cryptography, instead of just a hash and signing type of methodology,” Weber said.

Weber added that Mocana’s support of TPM 2.0 now enables multiple signatories to help further validate a secure update. So for example if Infineon has an update for its’ TPM, Infineon signs the update. The platform developer also wants to make sure the update have been approved as does the platform owner. Weber said that all of the signatories need to be present and valid for an update to be delivered and installed.

Getting the whole multiple signatory process for TPM 2.0 validation can be a potentially complicated matter. Weber said that Mocana’s Trust Center product provides a framework for creating the update package and validating the update package before transport. Upon transport and arrival Mocana Trust Center can revalidate the package prior to installation of the package.

Containers

Embedded and IoT devices are increasingly making use of Docker container technology to help separate different applications that might be running. TPM also has a role to play in helping to provide an additional layer of security to embedded container deployments.

“What Mocana has done is implemented local and remote mode of operations which are TPM specifications that allows us to use certified TPM keys to make sure that the containers are secure, separated and difficult to compromise,” Keao Caindec, VP Marketing at Mocana, told eWEEK.

Weber added that the TPM 2.0 specifications can be complicated for developers to implement and it’s the goal of Mocana to make them easier to use. He noted that for existing TPM 1.2 users, Mocana’s trusted abstraction platform migrates the system calls into a standard API call such that developers don’t need to change their system architecture.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

Mocana is set to announce on July 25 that it is supporting the Trusted Platform Module (TPM) 2.0 standard to help improve the security of embedded devices that make up the internet of things (IoT).

The TPM 2.0 standard enables organizations to provide cryptographic assurance about software delivery. TPM 2.0 support on the Mocana platform also enables new forms of embedded security for containers running on devices. A core improvement that TPM 2.0 provides over the older TPM 1.2 standard is that multiple sets of cryptographic keys and owners can be involved in the attestation process for security and authenticity.

“The multiple hierarchies of the keys allow us to provide solutions sets for signing and for endorsement process that are associated with the various ownership models and it allows us to put things together for a  supply chain where we can have multiple signatories,” Dean Weber, CTO of Mocana, told eWEEK. “TPM 1.2 had a single owner, whereas in this new model we can promote multiple owners.”

Mocana is an embedded security software provider that provides software offerings that helps vendors to secure devices. Mocana got started back in 2002 when the term IoT didn’t exist, though there were embedded computing devices. The growing volume of IoT devices has led to an increase in demand for technologies that Mocana delivers, which is why the company raised an $11 million funding round in May 2017.

With the multiple owner model for cryptographic assurance that TPM 2.0 enables, Weber said that attestation for example can be such that keys can be assigned to the vendor that builds a TPM, a seperate set of key can go to the vendor that builds the platform and another to the organizations that owns the platform. Weber said that with TPM 2.0, the hierarchy of the key architecture can remain independent, hereby providing for providence and endorsement of the platform from TPM creation all the way through application execution.

Steve Hanna, senior principal at Infineon Technologies and co-chair of the Embedded Systems Work Group in the Trusted Computing Group (TCG) commented that TPM 2.0 also provides cryptographic algorithm independence. He noted that with TPM 1.2 users were limited to only being able to use SHA and RSA cryptographic algorithms.

“TPM 2.0 is a library specification, so it’s no longer a one size fits all all approach,” Hanna told eWEEK. “There’s a recognition that TPM is used in embedded systems as well as still being used in PCs, laptops, tablets, mobile phones and servers.”

Secure Updates

A key challenge for embedded devices is the delivery of secure updates, which is an issue that TPM 2.0 and Mocana are aiming to help solve. Weber explained that the key architecture in TPM 2.0 helps to enable a secure update process.

“We have the software enabled function of secure updates, where we’re using secure cryptography, instead of just a hash and signing type of methodology,” Weber said.

Weber added that Mocana’s support of TPM 2.0 now enables multiple signatories to help further validate a secure update. So for example if Infineon has an update for its’ TPM, Infineon signs the update. The platform developer also wants to make sure the update have been approved as does the platform owner. Weber said that all of the signatories need to be present and valid for an update to be delivered and installed.

Getting the whole multiple signatory process for TPM 2.0 validation can be a potentially complicated matter. Weber said that Mocana’s Trust Center product provides a framework for creating the update package and validating the update package before transport. Upon transport and arrival Mocana Trust Center can revalidate the package prior to installation of the package.

Containers

Embedded and IoT devices are increasingly making use of Docker container technology to help separate different applications that might be running. TPM also has a role to play in helping to provide an additional layer of security to embedded container deployments.

“What Mocana has done is implemented local and remote mode of operations which are TPM specifications that allows us to use certified TPM keys to make sure that the containers are secure, separated and difficult to compromise,” Keao Caindec, VP Marketing at Mocana, told eWEEK.

Weber added that the TPM 2.0 specifications can be complicated for developers to implement and it’s the goal of Mocana to make them easier to use. He noted that for existing TPM 1.2 users, Mocana’s trusted abstraction platform migrates the system calls into a standard API call such that developers don’t need to change their system architecture.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.



*** This is a Security Bloggers Network syndicated blog from Trusted Computing Group authored by TCG Admin. Read the original post at: http://www.eweek.com/security/mocana-embraces-tpm-2.0-for-iot-device-authentication-assurance#new_tab