By Tom Laffey, Co-chair of the Network Equipment workgroup and Co-chair of the Infrastructure workgroup at Trusted Computing Group

As the number of connected devices continues to grow, so does the number of network connections to devices. Security at the “edge” of the network depends on the integrity of switching and routing equipment in the network infrastructure. In addition, while edge devices may need anonymity to provide privacy to their users, a network provider, perhaps counter-intuitively, cannot ensure anonymity to connected devices without knowing the identity of each infrastructure element in the network with robust precision.

The Network Equipment Work Group at Trusted Computing Group (TCG) focuses on applying TCG technologies to networking equipment, which is becoming more distributed with a wider attack surface. In late 2021, TCG’s Infrastructure workgroup published the TPM 2.0 Keys for Device Identity and Attestation specification, which describes how to use TPM 2.0 to create a strong and durable device identity assigned to new devices during the manufacturing process. This initial identity, commonly known as an IDevID, is intended for a wide range of critical functions, such as device attestation and zero touch configuration, which secure and ease deployment at scale. This makes things more difficult for cyber attackers who cannot mimic or impersonate these secure devices.

Preventing cyber attacks
Over time, there have been several high-profile incidents that have highlighted issues in the supply chain in terms of security. A software example is the 2020 attack on SolarWinds. This attack received a large amount of attention because it moved attention to integrity much earlier in every development process. This shows how important it is that the basics are not overlooked. For example, firmware and software updates must be signed and integrity protected, otherwise they open the door wide for cyber-attacks to compromise a device.

In identity applications, the critical thing to protect is the private key associated with the identity. The key for a factory installed identity must not be copyable to some other device, as that creates an opportunity for spoofing and transfer of the manufacturer installed identity from one device to another. All too often, keys are stored by software somewhere in a file system or other area not specifically designed to protect against unauthorized access, whether the system is running or is turned off. To mitigate supply chain risks and provide remote enrolment security, the TPM and other technologies can be used to protect the key used to verify a device’s identity.

Within a network, the relying party or endpoint service needs to know what the device is. For example, if you have a cloud management service that is managing millions of devices, it is incredibly important that the service knows which device is which, with a high degree of certainty, as each one will belong to a unique customer or subscriber. Building on top of that, to enable a remote attestation and verification process to ensure that a device is in the expected state, each endpoint needs to be strongly and uniquely authenticated to a relying party—in this case a configuration verifier. If a situation arises where the verifier determines the device is attesting something somehow different from what is expected, a policy is applied to decide on what to do in response. Policies can vary depending on a range of factors, such as the device and application. As an example, the non-compliant device might be moved from a production network to an isolated remediation network.

We are living in a time where no organization or individual can automatically assume that a device is safe and trusted. It is therefore important to take steps to ensure the device is trustworthy by proving it has not been tampered with. This begins with a network manager’s ability to remotely prove identity of network infrastructure.

The power of trusted computing technology
TCG has always worked to ensure a TPM can be profiled (or scaled) to different platform types, depending on requirements. For example, a TPM profile for a PC is different from the profile for a car or a mobile phone. Aside from the TPM, other TCG technologies such as DICE, can be used to identify and authenticate remote devices. TCG is working on a spectrum of technologies to create a toolkit that can be applied to a variety of device classes.

As the number of devices grow, it is increasingly important to ensure strong authentication and device integrity. Implementing TCG technologies at an early stage in the device’s development will help to ensure its security and integrity over its lifetime, providing tools for auditable confidence in network infrastructure.