Trusted Computing Group (TCG) really has come a long way from its origins in desktop PCs with the early TPMs. Today, TCG has work groups not only focused on continued security for PCs, servers and network gear, but we also have had for some time an expanding effort into the bigger world of enterprise security and now the Internet of Things.
For several years, we have been working to port the widely vetted and accepted concepts of trust to some thorny issues in auto security. One of those issues is how to ensure security and integrity of remote upgrades to software. With autos now being rolling computers, jammed with networks, sensors and micrcocontrollers and processors, the question of such security is not simple.
TCG members previously have demonstrated trusted use cases for automotive security via the TPM (Trusted Platform Module) and its Trusted Network Communications network security specifications to ensure the integrity of transmission of data between the factory (or third parties) and vehicles and to ensure the integrity of the embedded electronic control units (ECUs) that control the car’s operation. TCG’s approach can:
1. Measure and report on the integrity of firmware and software used in the ECU
2. Create, store, and manage cryptographic keys in the ECU
3. Provide attestation and assurance of identity of the ECU
4. Support secure firmware and software updates in the ECU
5. Provide anti-rollback protection and secure configuration memory for the ECU
This demonstration will be shown at the upcoming SAE (Society of Automotive Engineers) World Congress TechHub in Detroit’s Cobo Center, April 14. TechHub’s program is focused on electronics including security and will offer attendees some great talks. TCG members also will show a variety of specification and standards-based ways to ensure security in other applications including:
· Protection of intellectual property by the TPM: Infineon and Wibu Systems
· Ensuring trust and security for devices in the IoT connected via mobile or public cloud with TNC specifications: Tempered Networks
· Scalable strong device identity in the IoT with PKI service using the TPM: GlobalSign and Infineon
· Open-source management-software for self-encrypting drives (SEDs): Drive Trust Alliance
Membership in the Trusted Computing Group is your key to participating with fellow industry stakeholders in the quest to develop and promote trusted computing technologies.
Standards-based Trusted Computing technologies developed by TCG members now are deployed in enterprise systems, storage systems, networks, embedded systems, and mobile devices and can help secure cloud computing and virtualized systems.
Trusted Computing Group announced that its TPM 2.0 (Trusted Platform Module) Library Specification was approved as a formal international standard under ISO/IEC (the International Organization for Standardization and the International Electrotechnical Commission). TCG has 90+ specifications and guidance documents to help build a trusted computing environment.