Modern cyber-attacks are often sophisticated and relentless in their continual efforts to seek out vulnerabilities in modern technology-based solutions. At the same time, new market segments like the Internet of Things (IoT), are driving innovative architectures and creating solutions with challenging power, security, resource, and other constraints. These constraints make an optimal security posture more difficult to create and maintain. For systems with a Trusted Platform Module (TPM), the TCG TPM brings many practical and flexible security benefits. However, not all systems and components have TPMs or similar silicon-based capabilities.
The DICE Architectures Work Group is exploring new security and privacy technologies applicable to systems and components with or without a TPM. The goal is to develop new approaches to enhancing security and privacy with minimal silicon requirements. Even simple silicon capabilities combined with software techniques can establish a cryptographically strong device identity, attest software and security policy, and assist in safely deploying and verifying software updates. These are all valuable security enhancing capabilities.
The DICE Architectures Work Group approach holds promise to enhance security and privacy on systems with a TPM and provide viable security and privacy foundations for systems without a TPM. The work group is focused on requirements, use cases, security/privacy benefits, and end-to-end solutions for software architectures and APIs, based on the Device Identifier Composition Engine specification (public review version available here). Some work group member companies may separately publish open source projects to complement the output from the TCG work group and promote adoption of these technologies in the marketplace.