Trusted platform modules eye embedded
18 Oct 2004
Security in embedded systems is emerging as a critical concern. Handheld appliances that have become ubiquitous are perhaps the most challenging to secure. Because of their small form factors and mobility, the devices are easily lost or stolen. Meanwhile, security solutions for these appliances are highly constrained by their cost, size limitations, use of computing and battery resources.
One of the primary concerns of designers of these appliances is finding ways to dramatically improve security while working within the constraints of cost, size, power and processor limitations. These designers must, along with everything else, recognize the importance of keeping development costs and time-to-market at a minimum.
Trusted platform modules (TPMs), which implement trusted-computing security objectives in a low-power, high-performance hardware/software combination, help designers meet this challenge effectively.
The TPM is a microcontroller based on an industry standard specification issued by the Trusted Computing Group (TCG). The controllers store passwords, digital certificates and encryption keys and provide secure and affordable authentication, encryption and network access for a variety of computing platforms. This hardware-based "root of trust" can be extended to include associated software and enables the accurate measurement of security risk. Once risk can be measured, risk mitigation can be implemented, including appropriate policies, underwriting risk and improving the computing environment.
More specifically, the TPM is a secure key generator and key cache management device that supports industry standard cryptographic APIs. TPM generates, stores and manages cryptographic keys in hardware, leveraging the resources of the rest of the system platform and allowing for cost-effective "hardening" of many applications that previously relied solely on software encryption algorithms with keys hidden in unsecured memory.
In embedded systems that employ only software encryption of data and files, keys are usually stored in unsecured memory. Keys can be stored on a removable token, such as a smart card or USB dongle, which are easy to misplace, and costlier than TPMs. TPMs store encryption keys—including the storage root key, endorsement key and other sensitive data in non-volatile memory that is protected by the TPM controller and the TPM's tamper-detection circuits.
TPMs manage five major security functions. They perform public-key functions for on-chip key pair generation using a hardware random-number generator (RNG); and manage public-key signature, encryption and decryption to enable secure storage of data and digital secrets. They store hashes (unique numbers calculated from pre-runtime configuration information) that enable verifiable attestation of the machine configuration when booted; and create endorsement keys that can be used to anonymously establish that an identity key was generated in a TPM. And they initialize and manage functions that allow the owner to turn TPM functionality on and off, reset the chip and take ownership of its functions.
A true RNG is used in the creation of RSA key pairs internal to the TPM. The TPM's microprocessor controls the functions and sequencing of the entire TPM, including its internal functional blocks and its interface to the rest of the system resources. It moves data between the system processor and the internal TPM memory and sequences the cryptographic engine. The TPM's RNG generates the seed numbers for the cryptographic processor's encryption, decryption and key generation functions. By offloading the RSA calculation from the general-purpose system processor, TPMs typically can improve both system and encryption performance.
TPMs use hash algorithms to test system software and hardware in their known trusted states. The measurements are then stored in secure non-volatile memory. Subsequent measurements are compared with the stored trusted-state measurements, and any changes will alert the system that the software or hardware has been modified, indicating invasion by viruses or worms.
Security challenges
The distinction between computers and embedded devices is blurring, especially in the emerging handheld multimodal appliances that may have a PDA, a cellphone and a camera all in the same device. Even cameras now have the ability to run software usually thought of as computer applications, such as simple photo-editing programs.
Thus, depending on the type of device, an embedded system may need to provide secure creation, processing and storage of any or all of the following: user identification; network access that allows only authorized devices to connect to a network or service; storage for sensitive information, such as passwords, PINs, keys and certificates; protection from viruses and Trojan horses; protection of hardware from physical and electrical attacks (tamper resistance); privacy and integrity of data communicated to/from other devices or servers in a network; and assurance that content downloaded to or stored in the appliance is used in accordance with the terms set forth by the content provider.
The challenges for designers fall into six general categories:
• Computational overhead for security algorithms—Since TPMs include dedicated low-power, high-performance processors for algorithms and other security functions, the designer is spared the choice of either overloading the main CPU or having to add a separate processor for security functions, with the associated development of code to run it.
• Lack of universally interoperable standards—When compared with proprietary solutions, an industry standard specification, such as that developed by the TCG, which now has more than 70 members across the computing spectrum, helps ensure that vendors can create interoperable devices and can benefit from the experience and intellectual assets of a number of companies.
• Limitations on available power—By some estimates, running security applications on a battery-powered device can decrease battery life by as much as half or more. With the power economies realized by running security functions in hardware rather than in software, TPMs can significantly extend battery life.
• Vulnerability to physical invasion like loss or theft—Some vendors' TPMs use tamper-detection circuits that detect any attempt to break into the module, although this is not required by the TCG specification. For example, voltage, clock frequency and other aspects of the TPM's operating environment can be monitored for signs of tampering. If the environment moves out of a prescribed range, the tamper-prevention circuits will take action to prevent access to sensitive information stored within the TPM.
• Cost and time-to-market considerations—Proprietary security solutions often use pseudo-RNG rather than true RNG, for example, which makes the keys more vulnerable to cracking. Those solutions are often done in software only, which is not only computationally inefficient but also much easier to crack. In addition, if the solution needs to go through a certification process, this adds substantially to cost and slows down time-to-market. Since TPMs are standards-compliant, the savings in time and money over proprietary solutions is substantial.
• Security weaknesses in wireless communications—Mobile appliances often use wireless communication, which means that the physical signal is easily accessible to eavesdroppers and hackers. Wireless security is a challenging problem that must be addressed by most mobile appliances.
Wireless security has been most often based on protocols, typically implemented in software and often not thoroughly tested. In contrast, TPMs provide hardware-based security, implementing algorithms that have undergone extensive testing. By providing an effective way to solve all the general areas of security that challenge embedded-systems designers, TPMs are much more secure and much more affordable than existing software-only solutions. OEMs now can provide affordable, certifiable hardware security in open-system architectures based on industry standards.
- Kevin Schutz
Product Manager, Secure Products
Atmel Corp.
AI
