TCG has published an Architect’s Guide to implement security in the IoT, Architects Guide: IoT Security. This guide demonstrates using widely available and implemented industry standard solutions for a secure IoT infrastructure.
More details and recommendations on the role of trust and industry standards and implementations are detailed in the TCG Guidance for Securing IoT.
TCG suggests that this can be accomplished by answering two simple questions:
The intention is to make it possible for a deployment of IoT devices to organize themselves into closed networks based on mutual recognition of both identity and integrity. Devices that cannot provide a recognized identity and a valid integrity report are unable to communicate with devices that are part of the closed community. This approach
To support this approach, IoT devices should have a hardware root of trust like a TPM. Such a hardware root of trust can support strong device authentication, measured boot, and remote attestation. For details on how these techniques work, see the TCG Architect’s Guide for Cybersecurity.
For the foreseeable future, most IoT devices will not have a hardware root of trust like a TPM. To deal with this legacy, we support the deployment and use of IF-MAP Metadata for ICS Security. This standard supports a gateway architecture for IoT deployments, making it possible to establish secure and trusted communications for devices that do not have roots of trust. For information on this solution, see the TCG Architect’s Guide for ICS Security.
Membership in the Trusted Computing Group is your key to participating with fellow industry stakeholders in the quest to develop and promote trusted computing technologies.
Standards-based Trusted Computing technologies developed by TCG members now are deployed in enterprise systems, storage systems, networks, embedded systems, and mobile devices and can help secure cloud computing and virtualized systems.
Trusted Computing Group announced that its TPM 2.0 (Trusted Platform Module) Library Specification was approved as a formal international standard under ISO/IEC (the International Organization for Standardization and the International Electrotechnical Commission). TCG has 90+ specifications and guidance documents to help build a trusted computing environment.