TCG Publishes New Whitepaper to Guide Use of Its Mobile and Trusted Network Communications (TNC) Specifications for Mobile Security

The Trusted Computing Group has released a new whitepaper describing how the combination of technologies developed in its mobile and Trusted Network Communications (TNC) workgroups can be combined to address challenges faced by mobile device, mobile network, and mobile service providers.

While both the mobile and TNC workgroups have existed for years and their specifications have been incorporated into multiple products, this is one of the first efforts to look at the benefits of using these two sets of technologies together. This collaboration comes at a time when the number of mobile devices in use and volume of data these devices are exchanging is rapidly increasing, partially due to the adoption of 5G communications standards. As such, mobile devices are a significant and growing part of the global communications infrastructure.

Increasingly, mobile devices have become the primary computer for many people in their day-to-day lives. However, these mobile devices now also face many of the same threats plaguing traditional endpoints, like personal laptops, and their software is subject to similar types of vulnerabilities that malicious parties can exploit.

This creates risks for users, who may wish to conduct sensitive transactions on their mobile devices, such as mobile banking; for service providers, who may wish to ensure that only paying customers receive their services; and for network providers, who need to worry about compromised mobile devices mounting attacks against other devices on their networks. In all cases, there is a need to measure the security health of mobile devices, and to report it to parties so then can use this to make decisions about access to resources.

Standards produced by the TCG Mobile workgroup have made significant strides in securing sensitive activities on mobile devices. The group’s TNC standards provide a way to gather health measurements from endpoints and deliver them securely to authorized parties.

Together, these two sets of technologies provide ways to develop accurate measurements of important mobile device elements and make it possible for authorized parties to use this information to manage device access. The new TCG whitepaper about using both sets of standards together is a conceptual model, rather than a detailed technical standard, and it is expected that some work will be necessary to achieve the described vision.

The intent of the whitepaper is to demonstrate both the benefits and the feasibility of using these technologies in a synchronized manner to address real problems. It is hoped that those who operate in the mobile device space, including device manufacturers, mobile service providers, and mobile network providers, will recognize the value of these standards and join the Trusted Computing Group to help ensure that the creation of standards that join mobile and TNC technologies fully address their specific needs and requirements to create a more secure and robust mobile ecosystem.

For more information, see the primary TCG website, www.trustedcomputinggroup.org, and its new developer site, https://develop.trustedcomputinggroup.org, which offers many resources and information on using trusted computing.