Cybersecurity is taking a huge stride forward, as the Trusted Computing Group (TCG) today released its TPM 2.0 Library specification Revision 1.59 – providing necessary updates to the previously published TPM specification to combat the growing sophistication of cybersecurity threats worldwide.
The challenges facing the cybersecurity industry are unprecedented, with technological advances creating a greater risk than ever before as newer threats evolve and emerge. The NotPetya malware attack in 2017 demonstrates the severity attacks can have; global logistics and shipping firm Maersk became critically affected and worldwide damage to other organizations totaled US $10 billion. According to Gartner, global spending for protecting software and systems from attacks is forecasted to reach US $133.7 billion in 2022, highlighting the need for new ways of tackling them.
The newest version of the TPM 2.0 specification is an essential tool that developers and manufacturers can utilize in their fight against cyberthreats to safeguard devices not just from conception of the product, but throughout their lifecycle. It provides enhancements for authorization mechanisms, extends the availability of the Trusted Platform Module (TPM) to new applications allowing for more platform specifications to be built, simplifies management, supports additional cryptographic algorithms and provides additional capabilities to improve the security of TPM services.
One of the newest features is the Authenticated Countdown Timer (ACT) which enables a way of regaining control of a compromised machine by configuring a TPM ACT that restarts a platform when it reaches zero. This is hugely beneficial for remotely managed IoT devices with a TPM. If the device is determined as healthy by a cloud management service, the cloud can cryptographically create a ticket that adds more time to the ACT, preventing healthy systems from being restarted. However, if the device is deemed infected, it will not obey instructions to start recovery. At this point, the ACT will eventually reach zero and force a restart – allowing for boot firmware to kick in with recovery.
The latest specification also includes a new x509Certify command which simplifies access to TPM functions in cryptography. This allows a TPM to use internal keys to make statements about other keys by signing x509 certificates about them. This ensures secure communications with another party and is more recognizable for people not used to working with TPMs and more used to working with x509 certificates.
In addition, an Attached Component API command facilitates the secure transferring of a TPM object to an externally attached device such as a Hardware Security Module (HSM) or self-encrypting device, providing more security. By doing this, TPM 2.0 authorization mechanisms can be combined with the performance power of an HSM. Added support for symmetric block cipher MACs and AES CMAC is also built in, aiding with integration between TPMs and low capability devices with encryption.
Trusted Computing Group published its initial TPM 2.0 Library Specification as an International Standard in 2015, through the International Organization for Standardization. TCG will apply for the features in this latest revision to also achieve the same status as a global standard, by starting a new submission to ISO at the end of this year.