TCG has published an Architect’s Guide to implement security in the IoT, Architects Guide: IoT Security. This guide demonstrates using widely available and implemented industry standard solutions for a secure IoT infrastructure.

More details and recommendations on the role of trust and industry standards and implementations are detailed in the TCG Guidance for Securing IoT.

TCG suggests that this can be accomplished by answering two simple questions:

• Who are you? This is answered by the use of security hardware to protect a unique identity

• Can I trust you? This is based on gathering integrity information about the firmware and hardware on the device and comparing gathered information to expected information.  If they match, then the device can be trusted.  If they do not, then some unknown party has modified the device and it can no longer be trusted.

The intention is to make it possible for a deployment of IoT devices to organize themselves into closed networks based on mutual recognition of both identity and integrity.  Devices that cannot provide a recognized identity and a valid integrity report are unable to communicate with devices that are part of the closed community.  This approach

• Enables compliance and audit of deployments of IoT devices by providing hardware-protected information about the identity and software inventory for every device in the network

• Creates a fundamental improvement in the security and trustworthiness of IoT deployments faced with software-based attacks over TCP/IP networks.

To support this approach, IoT devices should have a hardware root of trust like a TPM. Such a hardware root of trust can support strong device authentication, measured boot, and remote attestation. For details on how these techniques work, see the TCG Architect’s Guide for Cybersecurity.

For the foreseeable future, most IoT devices will not have a hardware root of trust like a TPM.  To deal with this legacy, we support the deployment and use of IF-MAP Metadata for ICS Security.  This standard supports a gateway architecture for IoT deployments, making it possible to establish secure and trusted communications for devices that do not have roots of trust. For information on this solution, see the TCG Architect’s Guide for ICS Security.