While crashed trains or planes, power plant meltdowns or chemical spills can – and have – occurred as a result of poor security in the Internet of Things, financial gains represent a huge target for attackers and thieves – whether individuals, organized crime or nation-states. Recall the slick casino take-down in Ocean’s Eleven (http://www.imdb.com/title/tt0240772/synopsis), where the video camera overseeing the casino floor gets cleverly hacked so the well-dressed bandits can score a heist?
A recent similar score in Australia shows this is no Hollywood fantasy (http://www.wired.com/2013/03/hackers-game-casino/), as most security pros know. What the security community might not know: these kinds of attacks are preventable with widely available technologies.
Here this week at Embedded Systems Conference Silicon Valley (#ESCSV), TCG is showing a demo that prevents such spoofs and attacks. The demo is based a deployment of IoT sensors and actuators, such as those found in a “smart” building and managed by a cloud-based application, typically a building management application.The server and IoT devices connect over the open Internet. What role does Trusted Computing play? The demo shows how Open SSL authentication commonly used in this environment is extended to require both a valid certificate and an integrity report. Both of those are protected by the TPM, which is included in the security camera and the IoT device; a Cisco router also uses TPM and TCG’s network security protocols with open source software.
What does this mean? Well, fake servers, gateways and sensors are detected and blocked with mutual authentication – the first such instance of this mutual authentication that includes integrity checks that we’ve demonstrated. Infected components are also detected via integrity reports and blocked. And by rooting these checks in a TPM, we are preventing malware from stealing credentials or falsifying an integrity report. Basing this security approach in hardware, we ensure uptime and reliability – critical to the building management.
Learn more about our talk and demo at ESC: http://www.trustedcomputinggroup.org/media_room/events/191
Membership in the Trusted Computing Group is your key to participating with fellow industry stakeholders in the quest to develop and promote trusted computing technologies.
Standards-based Trusted Computing technologies developed by TCG members now are deployed in enterprise systems, storage systems, networks, embedded systems, and mobile devices and can help secure cloud computing and virtualized systems.
Trusted Computing Group announced that its TPM 2.0 (Trusted Platform Module) Library Specification was approved as a formal international standard under ISO/IEC (the International Organization for Standardization and the International Electrotechnical Commission). TCG has 90+ specifications and guidance documents to help build a trusted computing environment.