Ensuring security in a connected world with a new TCG subgroup

By Tom Broström, Chair of the MARS Subgroup in the Trusted Computing Group (TCG)

In a world where cars, cities, lighting and even healthcare systems are becoming ‘smart’ and connected to the Internet, it is crucial that sufficient protection is in place to safeguard systems that are quickly becoming a prime target for attackers.

AppSec/API Security 2022

The adoption of the Internet of Things (IoT) is growing rapidly, bringing with it a variety of new challenges that the Trusted Computing Group (TCG) has already put the wheels in motion to address.

The core work of TCG has been driven by the Trusted Platform Model (TPM), which has been the go-to solution for protecting a broad spectrum of systems for nearly ten years. The TPM allows devices to work securely within the TCG Measurement and Attestation framework and can be implemented differently depending on the requirements of the device.

But the smaller devices get, the smaller the space available for security chips or TPMs.

Small but secure
The IoT era is in full swing with a rising number of devices so small that questions have arisen over the inclusion of the full TPM chip and its suitability due to cost, space and power.As a direct response to this, TCG has formed its new Measurement and Attestation RootS (MARS) Subgroup to enable microcontroller manufacturers to incorporate their own, albeit less capable, TPM on die. Not all of the applications need the power or space of a full TPM, but they do need a basic functionality that will allow them to support measurement and attestation securely.

The subgroup will work to create the specifications for which small devices will be able to participate within TCG’s measurement and attestation framework, by directly supporting the minimal TPM command set needed to record and report boot and run-time integrity measurements.

Moving forward
Cyber Pack Ventures teamed up with the University of Maryland Baltimore County (UMBC) – both TCG members – to create a prototype, known as Radicle, that reflects MARS’ goals. Radicle was showcased for the first time during TCG’s recent members’ meeting in Warsaw, Poland, and is openly available. The members’ meeting marked the inaugural session of the MARS Subgroup where they agreed on the scope of its work and started developing a potential roadmap.

TCG’s TPM is a successfully deployed solution right across the industry, but as devices are becoming more connected, we need to adapt and overcome the challenges this brings. The MARS Subgroup will be responsible for delivering the specifications needed to achieve maximum security in an ever-connected world.

If you are interested in participating in the MARS subgroup, please get in touch by emailing [email protected].

*** This is a Security Bloggers Network syndicated blog from Trusted Computing Group authored by TCG Admin. Read the original post at: