Secure network services rely on the integrity of network equipment

Date Published: December, 04, 2020

By Tom Laffey and Michael Eckel, Co-Chairs of TCG’s Network Equipment Work Group

As next-generation network deployment accelerates and the promises of new applications, IoT devices and connected markets bring new opportunities to industries worldwide, there is an increased awareness of security network risks to ensure a safe and secure connected ecosystem. As the network grows, network service operators have a responsibility to provide both reliable and secure services to end users. This is critical to avoid serious consequences. A successful attack on network equipment could cause interference to the network operation and compromise critical IT applications. It is essential to preserve the integrity and security of network equipment to maintain customer privacy and network reliability.

As more time goes by, cyber attacks are becoming increasingly sophisticated. In addition, as wider network infrastructure is being deployed, more entry points for attackers are created. The network offers a variety of potential risks, and due to constant availability the potential to exploit any vulnerability is higher.

As the supply chain of network equipment becomes increasingly complex, careful design and construction to authenticate and authorize modular elements in order to detect unauthorized firmware or software.

With added complexity, network operators need to know their equipment is authentic and trustworthy. Network equipment owners and operators need to verify the authenticity and integrity of network equipment in order to detect unauthorized or unwanted changes in contrast to a pristine device configuration. Device manufacturers, distributors and auditors also have business interests in verifying the authenticity of the device.  All parties have a responsibility. For network operators this means ensuring the trustworthiness of their equipment despite the complexity of the network.

For network equipment to be trustworthy, deviations in software must be guarded against, and, if found, treated as tampering. Trusted Computing can be used to secure equipment such as routers, switches and firewalls using remote attestation and Measured Boot. With remote attestation it becomes possible to verify that software loaded on a device is authentic and integral. This bridges the gap between the vendor shipping the device, and the device being deployed in the field. By leveraging TPM based remote attestation, both deployed software and device configuration can be verified to be authentic and in compliance with management policies and baselines.

Each network equipment device needs to be uniquely identifiable. A strong cryptographic identifier, as can be provided by using a Trusted Platform Module (TPM), perfectly fulfils this requirement and secures against tampering. As a hardware-based root of trust, the TPM enables a more robust approach to security than purely software-based approaches with:

  • Secure proof of boot state using hashes of boot objects
  • Securing storage of cryptographic secrets, such as virtual private network (VPN) keys
  • Cryptographic-quality Random Number Generator (RNG)

TPMs provide a cost-effective solution to enhance the security of networks by protecting the integrity and security of network equipment. Remote device management benefits from TPMs in two ways. First, a TPM provides and protects a strong hardware-based identity that makes devices clearly distinguishable. Second, with TPM-based remote attestation the integrity and authenticity of devices can be remotely verified. This provides reassurance that end users and applications experience a safe and secure network.

TCG’s Network Equipment Work Group is continuously working on security solutions, so network operators can rely on and trust their networks to deliver the promise of an advanced digital ecosystem that is bringing about innovation and growth to many industries across the world. Some of the world’s leading tech companies contribute to this work as members of TCG and are committed to protecting next-generation network equipment infrastructure.

To find out more about the work of the Network Equipment Work Group, please visit the TCG website. If you are interested in contributing to this critical work, find out how you can become a member of TCG today and get in touch.


Membership in the Trusted Computing Group is your key to participating with fellow industry stakeholders in the quest to develop and promote trusted computing technologies.

Join Now

Trusted Computing

Standards-based Trusted Computing technologies developed by TCG members now are deployed in enterprise systems, storage systems, networks, embedded systems, and mobile devices and can help secure cloud computing and virtualized systems.

Read more


Trusted Computing Group announced that its TPM 2.0 (Trusted Platform Module) Library Specification was approved as a formal international standard under ISO/IEC (the International Organization for Standardization and the International Electrotechnical Commission). TCG has 90+ specifications and guidance documents to help build a trusted computing environment.

Read More