Trusted Computing Group and Juniper
Guy Fedorkow, June 26, 2015
The Trusted Computing Group held one of its Members meetings June 16-18 in Edinburgh, UK, and I was pleased to be able to attend, to participate in the work of the Technical Committee.
From the web site http://www.trustedcomputinggroup.org/,
The Trusted Computing Group (TCG) is a not-for-profit organization formed to develop, define and promote open, vendor-neutral, global industry standards, supportive of a hardware-based root of trust, for interoperable trusted computing platforms.
While TCG has quite a few activities in play, the group is best known for development of the Trusted Platform Module (TPM), a function often implemented as a small chip that serves as a “Root of Trust” for all sorts of devices that incorporate computers, ranging from phones to laptops to Internet-scale routers, offering assurance that software loaded on the device is authorized and authentic, and that machines protected by TCG technology are resistant to so-called Advanced Persistent Threats, or various kinds of attacks that cause the device to run code modified by attackers.
The details can get daunting, but a key goal for systems protected by a TPM is to offer assurance that each software module loaded, starting from the lowest-level reset code, through to the operating system and applications, can be checked for authenticity against the signatures or fingerprints issued by the manufacturer of that software. The TPM technology also is used to guard secrets like cryptographic keys that may be used by the device to prove its identity, or to protect data stored in the device against unauthorized theft or modification.
The Members meeting is an opportunity for representatives of the 80+ member companies to get together and work on standards and other documents related to TCG technology.
Technical activities at the TCG are broken down to Work Groups, each of which develops specifications or documents for specific aspects of TCG technology. TCG also oversees committees for marketing activities, and has a Board of Directors (Juniper’s Seth Ross is a member of the Board) to oversee the operation.
The Work Group that develops the requirements for the TPM chip itself is working on new optional features and errata now that TPM2.0 is approved, but other WGs are also very active. Here are some of the Work Groups relevant to networking equipment:
- TSS, the group that defines the OS-level software stack for using the TPM is still busy with TPM2.0 software library definition. These libraries are important in hiding some of the complexity of the low-level TPM management, presenting a more uniform device-independent view.
- The PC Client WG defines how to use the TPM in a conventional PC or laptop architecture. This covers a wide range of topics from how the device is connected to the PC bus, to how software is to configure it and use cryptographic keys and the Platform Configuration Registers, the part of the TPM that records initial software configurations. BIOS, loader and OS developers would follow the PC Client WG docs to program the TPM. During this meeting, the group was working to converge on the TPM I2C physical interface.
- One group that’s important for anyone making embedded systems like routers is the Infrastructure Work Group (IWG). The TPM has a myriad of capabilities for managing cryptographic keys, with specialized restrictions for each; this group defines which keys should be used for what, and how to “provision” the TPM, i.e., how to configure the various cryptographic keys needed to prove the identify and configuration of each device. This is directly relevant for embedded system vendors such as Juniper, as manufacturers will want to add keying material to uniquely identify characteristics of their products.
- No activity is complete without Virtualization, so there’s a Work Group specifying a “Virtual TPM”. Unlikely as this sounds, network equipment users are already asking about this; as virtualization is introduced, the question immediately arises as to how an application running in a virtual machine can identify itself securely. Or to be more specific, when a router’s control plane is running in a VM, a virtual TPM, by leveraging an underlying physical TPM, may be the only way to confirm that it’s controlling the router it says it is…
- Trusted Network Communications (TNC) is the WG that develops the technology for secure network connect for endpoints such as laptops and phone, by reporting endpoint status to a network gateway for access control. TNC is not directly dependent on the TPM, but at the June meeting, there was a demo of “mutual attestation”, i.e., two devices using the TNC protocol to exchange system status (such as PCR values) to prove to one another that they had not been hacked.
- There’s a Work Group called Embedded Systems, which seeks to expand the use of TPM beyond the conventional PC architecture, driven by interest in the Internet of Things. Security experts have been pointing out for some time the risks of a wide array of ‘smart’ devices that can be hacked (e.g., a Smart Stove hacked to turn on gas, wait 30 min, turn on ignitor), so EmSys is working on extending TCG integrity-checking to IoT. While the popular press may equate Internet of Things with network-connected refrigerators, in the TCG context, Embedded Systems cover a wide range, from a thermostat to an industrial robot, with networking equipment on the list too.
That observation has lead TCG to form a new group to define the use of TCG technology specifically in networking equipment, chaired by TCG members HP and Huawei, with the first document edited by Juniper (that would be me).
At the June meeting, there were two half-day sessions for the Network Equipment group, with the goal of identifying security-related use-cases in networking equipment, recommending how TCG security technology can be used, and identifying any gaps unique to networking gear. Although the initial document is expected to be “informative”, i.e., advice on how to use the existing TCG standards, rather than “normative”, with the force of formal specifications, quite a few networking equipment manufacturers are already involved, and users of networking gear will likely inquire about compliance on topics such as reliable device identification and other topics that may be included.
Juniper is an active supporter of TCG and contributor to the effort to apply TCG technology to securing Networking Equipment, to enhance the security of our customers’ networks.