The non-profit Trusted Computing Group (TCG) has unveiled what it calls the “world’s tiniest” Trusted Platform Module (TPM). Called Radicle, the prototype was demonstrated at a TCG members meeting in Poland, recently, and aims to bring the hardware-based root of trust (RoT) capabilities enjoyed by servers and PCs to the IoT world.
Founded by AMD, HP, IBM, Intel, and Microsoft, way back in 2003, the TCG was a successor to the Trusted Computing Platform Alliance (TCPA). Since its creation, the TCG developed and standardized the TPM design in 2009, as ISO 11889, looking to bring TPM capabilities to the world of mobile devices, expanding from the TCPA’s focus on larger computers.
Now, the Radicle prototype design is going to be furthered by the TCG’s Measurement and Attestation Roots (MARS) group, with the goal of creating a chip and standard that is small enough to be used in IoT devices. Of course, they still need to end up with a TPM chip that can carry out the necessary cryptographic functions, and integrations with other common IoT chipsets and modules are going to be necessary.
“In a nutshell, we want to specify what the tiniest TPM needs to be so it can be integrated directly within the host chip,” said Tom Brostrom, MARS chair. This will ensure that devices that aren’t big enough to integrate a separate TPM will still be able to retain the required RTS/RTR [Roots of Trust for Storage and Reporting] capabilities. In turn, this will allow greater reach of trusted computing technologies over a wider set of devices and use cases.”
So, upcoming work from the TCG should facilitate the adoption of TPMs into smaller and more affordable IoT designs. However, they face a huge uphill battle against an avalanche of dirt-cheap connected devices, whose designers will view any additional expenditure beyond the barebones BOM cost simply as lost profits.
The smart home is a good example of this race to the bottom, where no-name brands account for the top sellers in Amazon listings for connected light bulbs. More reputable brands get to trade on their good name, and so have the margins needed to accommodate these additional expenses, but in the consumer markets, there is a real danger that even a super affordable TPM is going to be completely ignored by the cheapest designs – feeding into the issue of roving botnets.
Legislation or product bans seem to be the most effective way to stave-off this problem, but it is one that is going to get worse before it improves. Consumers vote with their wallets, and can afford to buy these risky devices because they aren’t going to be liable in a lawsuit if their knock-off Nest bricks a hospital network. Businesses, meanwhile, should be much more conservative, but we believe it’s going to take a couple of high-profile cases before the purchasing ethos shifts to prioritize security at a corporate level.
We are currently on v2.0 of the TPM specification, which was released in September 2016. The TPM houses a random number generator that is used to create the cryptographic keys that form the basis of Public Key Infrastructure (PKI) technologies. The other main feature is that it allows for Remote Attestation, which is essentially a way to (almost) guarantee that the hardware and software on the device has not been tampered with, in order to provide secure boot or platform integrity capabilities.
Of course, the TPM is not loved by all. The concept and standard have both been criticized from an open source perspective, as TPMs could allow the manufacturers of the devices, rather than the users, to decide what applications or code to run on the system.
There are also criticisms that the TPM is no barrier to a hardware-based attack, and thus relying on it opens you up to an attack if someone has physical possession of the device, as they can hack away at its systems. The third most common criticism is the most conspiratorial, and is such that there is no guarantee that governments don’t have lists of the supposedly secret numerical keys that are burned into the TPMs during manufacturing.