Trusted Computing Group triumph as it reaches its 20-year milestone
Twenty years ago, Trusted Computing Group was formed to share the best solutions and practices to help prevent and mitigate risks of threats that were becoming increasingly prevalent in the digital modern world. Since then, the number of connected devices has continued to gain pace, bringing security threats and potential issues which never existed before. Through its member-driven work groups, TCG enables the benefits of trust in computing devices from mobile to embedded systems, as well as networks, storage, infrastructure and cloud security.
Now, with more than 100 specifications for best practices and standards published, three certification programs and 25 certified Trusted Platform Modules (TPMs) which have been deployed internationally to increase the resiliency of devices against cyber-attacks, TCG marks its successful 20-year milestone and is committed to increasing the adoption of its cybersecurity technologies in the future. Fostering innovation and collaboration with more than 122 world-class member companies and 3008 individual members, thank you to those who help protect tomorrow – today!
Dennis Mattoon, Chair of Device Identifier Composition Engine (DICE) Architectures Work Group and Principal Software Development Engineer at Microsoft
What is your role within TCG?
I am the Device Identifier Composition Engine Architectures Work Group Chair and I’m active in several other groups on behalf of Microsoft, including the Cyber Resilient Technology Work Group which is a focus of mine.
How long have you been a member of TCG?
I have been a member since September 2013.
During your time at TCG what key areas have you been involved in?
I started in TCG working on Dynamic Root of Trust Measurement (DTRM), then moved onto Trusted Platform Module (TPM) 2.0 and TPM Software Stack (TSS). Most recently, I’ve been focused on our contributions around DICE and Cyber Resilient Technologies.
What key areas are you currently working on and what future work do you have in the pipeline?
Right now, my focus is on resource constrained devices and cyber-resiliency. As we build consensus on these emerging technology areas, I expect to broaden our focus and to contribute to the goal of establishing an attestation architecture that spans TCG technology areas.
What areas do you see as being key for TCG in the coming years?
I’ve been encouraged by the willingness of TCG to pursue new and interesting Trusted Computing technologies in response to the continued evolution of the industry and the emergence of new and diverse threats. I think the key element of TCG’s continued success will be this kind of adaptability.
Aaron McIntosh, Co-chair of the Marketing Work Group and Director – Product Marketing at WinMagic.
What is your role within TCG?
I am Co-chair of the Marketing Work Group.
How long have you been a member of TCG?
I have been with TCG for nearly three years. Yes, I’m still a ‘newbie’ of sorts.
During your time at TCG what key areas have you been involved in?
Within the Marketing Work Group, we’ve done many great things over the past three years. We’ve launched a brand refresh, made some changes to our website, created a Speakership Program, contributed to many articles, blogs, webinars, and, most recently, helped select and onboard our new PR team, Proactive PR.
What key areas are you currently working on and what future work do you have in the pipeline?
Our biggest push at the moment is to set our 2020 plan and executables. We’re looking at building out our vertical-focused materials and the support mechanisms that come with that. We’re also working to find ways to bring new involvement within the Marketing Work Group itself. We’ve got big plans and need fresh ideas. So, if you’re reading this, reach out to your Product Marketing teams and ask them to contact us to see how they can get involved in spreading the word about all the great things you and your colleagues are doing here at TCG.
What areas do you see as being key for TCG in the coming years?
There’s currently a rapid expansion of both Internet of Things (IoT) and Artificial Intelligence (AI). I believe that many of the devices associated with these solutions lack the necessary security required to ensure privacy and trust. Our various TCG workgroups have put in a tremendous effort to develop the specifications and standards that can assist in this area. We need to do everything we can to get the attention of the device builders, integrators, adopters and governing bodies, so that they can use our guidance and documentation to build more secure solutions for all.
Lukas Jäger, Contributor to the Cyber Resilient Technology Work Group and the Device Identifier Composition Engine (DICE) Architectures Work Group and Researcher for Cyber-Physical Systems Security at Fraunhofer Institute for Secure Information Technology (SIT).
What is your role within TCG?
I am a contributor to the Cyber Resilient Technology Work Group and the Device Identifier Composition Engine Architectures Work Group.
How long have you been a member of TCG?
I have been a member since 2016.
During your time at TCG what key areas have you been involved in?
As part of the DICEArch WG I have been involved in the development of the specification of a DICE-based symmetric remote attestation protocol. This protocol enables resource-constrained devices with DICE to attest their identity and integrity to a remote verifier. A usage scenario for this is the attestation of smaller nodes in a local network to a gateway that includes these attestations into its own and creates a compound attestation for the whole local network in the process.
As part of the CyRes WG I have been involved in the proof-of-concept implementation of an authenticated watchdog that works with legacy TPM 2.0. A small microcontroller is used as the authenticated watchdog, the legacy TPM 2.0 serves as a cryptographic gateway between the watchdog that uses symmetric cryptography, and the remote Systems operations center that uses symmetric cryptography. This concept can be easily applied to legacy devices equipped with a TPM 2.0 to add authenticated watchdog functionality without modifying the TPM.
What key areas are you currently working on and what future work do you have in the pipeline?
The integration of DICE into cyber-physical systems (industrial and automotive). The symmetric DICE-based attestation protocol has a wide range of possible applications ranging from Industrial Internet of Things (IIoT) over Automotive to every other network with heterogeneous and resource-constrained devices.
The integration of authenticated watchdogs into resilient industrial networks. Resiliency becomes an important property for critical network infrastructures and an authenticated watchdog is the hardware anchor for resiliency based on Software-Defined Networks, intrusion detection, virtualization and other technologies.
What areas do you see as being key for TCG in the coming years?
Post-Quantum Cryptography. The rise of quantum computers will be a significant threat to existing cryptography schemes and Trusted Computing must be adapted to counter this.
Practical applicability and widespread use of Remote Attestation for heterogeneous devices. Remote Attestation is a powerful but uncommon Trusted Computing scheme. Widening the range of use cases and simplifying its usage are important to use the full potential of this technique.
Use of TCG technology in emerging and future technologies. Trusted Computing techniques are applicable to many fields but in order to leverage their usage it is important to focus on the fields of technology that will gain the most traction in the future. Predicting the future is always difficult but I’d place my bets for the technologies with the largest potential on the IIoT, smart grids, mobility and finance.
Yoni Shternhell, Co-chair of the Storage Work Group and Chair of the Persistent Memory Work Group and Standardization Expert at Western Digital Technologies.
What is your role within TCG?
I am the Co-chair of the Storage Work Group (SWG) and I’m also the Chair of the Persistent Memory Work Group.
How long have you been a member of TCG?
I started participating in the Storage Work Group in 2009.
During your time at TCG what key areas have you been involved in?
During my participation in the SWG, I was working (and still am under Western Digital) for SanDisk Corporation. As such, our main objective was to create a security framework and standardization to enable Self Encrypting Drives (SEDs) for various use cases. I’m also focused on driving certification process for the specifications developed in TCG.
What key areas are you currently working on and what future work do you have in the pipeline?
I was the lead author for the Ruby specification, which provides definition to functionality for implementing Data Center, Bulk Data and Enterprise class systems.
I also helped with driving forward the Configurable Locking Feature Set to give host applications the ability to configure the management of locking and data encryption on an individual NVM express (NVMe) namespace.
My main objective now is to help drive the Key Per I/O specification (in TCG and in NVMe).
What areas do you see as being key for TCG in the coming years?
In the future, I would like to see TCG enlarging its scope to Persistent Memory and computational storage use cases.
*** This is a Security Bloggers Network syndicated blog from Trusted Computing Group authored by TCG Admin. Read the original post at: https://trustedcomputinggroup.org/trusted-computing-group-triumph-as-it-reaches-its-20-year-milestone/