How can I protect the smaller devices in my network?
As Internet of Things (IoT) devices become more commonplace, the risk of vulnerable networks being targeted and exploited increases. Users must be able to trust their devices and need to protect against hackers seeking to find gaps and weaknesses in their systems.
A Trusted Platform Module (TPM) goes some way in helping to overcome these issues, especially in complex architectures, but an increasing proportion of devices across the world do not use a TPM. This is where Device Identifier Composition Engine (DICE) comes in – allowing for accurate measurement and attestation architectures to establish trust in all devices.
What is DICE?
DICE is a hardware Root-of-Trust (RoT) used to protect the devices and components where a TPM would be impractical or infeasible. When a TPM is present, DICE is used to protect communication with the TPM and provides the Root of Trust for Measurement (RTM) for the platform. DICE was designed to close critical gaps in infrastructure and help to establish safeguarding measures for devices. The DICE RoT can also be easily integrated into existing infrastructure, with the architecture being flexible and interoperable with existing security standards.
When would I need to use DICE?
There are three key use cases for DICE:
What sort of devices does DICE protect?
From tiny network connected sensors to components within complex security architectures in the data center, DICE provides strong cryptographic identity, measurement, and attestation.
How does DICE work?
Easily integrated into current frameworks and in conjunction with existing security protocols, the DICE standard offers a simple, dependable method for implementing robust security controls. It equips manufacturers with the means to create a cryptographically secure device identity, while verifying the software in newer devices and in the most recent updates. All of this can be done at a low cost.
A unique device secret is held by the hardware and enables a cryptographic process that leverages inherent device properties, forming the foundation of the DICE standard. If an attack is successfully executed against a device, the unique secret associated with the compromised layer cannot be utilized to breach subsequent layers, thereby limiting the potential damage and maintaining the integrity of other elements. In the event that malicious code is detected within the firmware. DICE also facilitates the rapid re-keying of the device to preserve its integrity and assist in pinpointing vulnerabilities during the system’s update procedure.
Where is DICE used today where a TPM may not be practical?
An example of where DICE is more suitable than a TPM is in smaller chips, such as a solid-state drive (SSD). DICE will securely generate cryptographic keys inside the SSD and provide strong device authentication to protect against supply chain attacks, as well as attestation to prevent any firmware tampering.
Where can I find more information on DICE?
Interested in an overview of the solutions for other devices? See What is a Root of Trust?
Membership in the Trusted Computing Group is your key to participating with fellow industry stakeholders in the quest to develop and promote trusted computing technologies.
Standards-based Trusted Computing technologies developed by TCG members now are deployed in enterprise systems, storage systems, networks, embedded systems, and mobile devices and can help secure cloud computing and virtualized systems.
Trusted Computing Group announced that its TPM 2.0 (Trusted Platform Module) Library Specification was approved as a formal international standard under ISO/IEC (the International Organization for Standardization and the International Electrotechnical Commission). TCG has 90+ specifications and guidance documents to help build a trusted computing environment.