講演概要:
近年、グローバルなサプライチェーンのリスクが急速に増加しており、その対策が喫緊の課題となっています。この背景を受けて、TCGやIETFではコンピューティングデバイスのサプライチェーンリスクに対応するための国際規格やガイドラインの整備が進められています。
今回、サプライチェーンセキュリティを具現化する技術である、RFC9334 RATS (Remote Attestation Procedures)やTCG Platform Certificateについて、その概要や仕組みを、デモの説明を交えてご紹介します。本技術はハードウェアセキュリティ機能を実装したコンピューティングデバイスの安全性を、サプライチェーンを通して検証可能とする技術であり、効果的なセキュリティ対策を目指す企業にとって、大変興味深い内容となっています。
講演者:
 |
小林 宰 / Tsukasa KOBAYASHI TCG日本支部メンバー; 日本電気株式会社 テクノロジーサービスソフトウェア統括部 ディレクター |
小林氏は、入社以来、通信系組み込みソフトウェア開発、無線通信技術開発、IoTセキュリティ領域の製品開発を担当し、現在はトラストサービスのビジネス開発に従事。昨今はTrust Computing Group(TCG)日本支部(JRF)が主催するイベント等で、TPMやその他TCG技術の社会実装や普及に向けて活動を展開する。
[English]
Leading Edge of Supply Chain Security: Remote Attestation with Hardware Security Technology, Platform Certificate Overview
Abstract: In recent years, global supply chain risks have been rapidly increasing, and countermeasures to address these risks have become an urgent issue. In response to this circumstance, the TCG and IETF have been developing international standards and guidelines to address supply chain risks of computing devices.
In this presentation, we will introduce RFC9334 RATS (Remote Attestation Procedures) and TCG Platform Certificate, technologies that enable the substance of supply chain security, with an overview and explanation of how they work, along with a demonstration. These technologies enable verification of the safety of computing devices with hardware security functions through the supply chain, and are of great interest to companies striving to implement effective security measures.
Biography: Mr. Tsukasa Kobayashi is a Director of Technology Services Software Division at NEC Corporation. Since joining NEC, he is in charge of communications embedded software development, wireless communication technology development, and product development in the IoT security area, and is currently engaged in business development of trust services. In recent years, he has been working for social implementation and dissemination of TPM and other TCG technologies at events organized by the Trust Computing Group (TCG) Japan Chapter (JRF).
Membership in the Trusted Computing Group is your key to participating with fellow industry stakeholders in the quest to develop and promote trusted computing technologies.
Standards-based Trusted Computing technologies developed by TCG members now are deployed in enterprise systems, storage systems, networks, embedded systems, and mobile devices and can help secure cloud computing and virtualized systems.
Trusted Computing Group announced that its TPM 2.0 (Trusted Platform Module) Library Specification was approved as a formal international standard under ISO/IEC (the International Organization for Standardization and the International Electrotechnical Commission). TCG has 90+ specifications and guidance documents to help build a trusted computing environment.