A new post in Embedded Computing Design by Microsoft’s Dennis Mattoon, also the chair of TCG’s DICE Work Group, explains how the Device Identifier Composition Engine, or DICE, is used to provide a hardware-based root of trust for IoT and embedded systems.
These systems in inherently are insecure but difficult to architect for security with traditional methods from the PC world. TCG has been working with members from around the world and industry and recently released the DICE work including a specification and resources to use it.
As the blog post explains, “…DICE relies on a combination of simple silicon capabilities and software techniques that work together to provide a cryptographically strong device identity. Improvements over software-only security are based, in part, on breaking the boot process into layers. Secrets unique to each layer and hardware configuration are created using a Unique Device Secret (UDS) known only to the DICE (and, optionally, manufacturer)…The device secrets and keys, unique to the device and each software layer, ensure that if code or configuration is modified, the secrets and keys will be different. With this approach, each software layer keeps the secret it receives completely confidential to itself. If a secret is disclosed through a vulnerability, patching the code will automatically re-key the device.”
The post provides some additional details about implementing DICE, which is supported in products from a number of TCG members and others including STMicroelectronics’ STM32L0\L4 family of MCUs, Micron Technology’s Authenta-based flash memory and the Microchip Technology’s CEC1702 with a SecureIoT1702 Demo board and flash memory from WinBond.
Membership in the Trusted Computing Group is your key to participating with fellow industry stakeholders in the quest to develop and promote trusted computing technologies.
Standards-based Trusted Computing technologies developed by TCG members now are deployed in enterprise systems, storage systems, networks, embedded systems, and mobile devices and can help secure cloud computing and virtualized systems.
Trusted Computing Group announced that its TPM 2.0 (Trusted Platform Module) Library Specification was approved as a formal international standard under ISO/IEC (the International Organization for Standardization and the International Electrotechnical Commission). TCG has 90+ specifications and guidance documents to help build a trusted computing environment.