Modern cyber-attacks are often sophisticated and relentless in their continual efforts to seek out vulnerabilities in modern technology-based solutions. At the same time, new market segments like the Internet of Things (IoT), are driving innovative architectures and creating solutions with challenging power, security, resource, and other constraints. These constraints make an optimal security posture more difficult to create and maintain. For systems with a Trusted Platform Module (TPM), the TCG TPM brings many practical and flexible security benefits. However, not all systems and components have TPMs or similar silicon-based capabilities.
The DICE Architectures Work Group is exploring new security and privacy technologies applicable to systems and components with or without a TPM. The goal is to develop new approaches to enhancing security and privacy with minimal silicon requirements. Even simple silicon capabilities combined with software techniques can establish a cryptographically strong device identity, attest software and security policy, and assist in safely deploying and verifying software updates. These are all valuable security enhancing capabilities.
The DICE Architectures Work Group approach holds promise to enhance security and privacy on systems with a TPM and provide viable security and privacy foundations for systems without a TPM. The work group is focused on requirements, use cases, security/privacy benefits, and end-to-end solutions for software architectures and APIs, based on the Device Identifier Composition Engine specification (public review version available here). Some work group member companies may separately publish open source projects to complement the output from the TCG work group and promote adoption of these technologies in the marketplace.
|Hardware Requirements for a Device Identifier Composition Engine|
|Implicit Identity Based Device Attestation|
|Foundational Trust for IoT and Resource Constrained Devices|
SENIOR SOFTWARE DEVELOPMENT ENGINEER, MICROSOFT; WORK GROUP CHAIR
Dennis Mattoon is a Senior Software Development Engineer for Microsoft Research. Dennis has previously represented Microsoft on TCG efforts including the D-RTM specification, development of the TPM 2.0 reference implementation, and was responsible for Microsoft partner enablement/adoption of TPM 2.0. Dennis also maintains the TPM Software Stack from Microsoft Research (https://github.com/Microsoft/TSS.MSR) and worked with the TSS work group in TCG during its development. Dennis has most recently been part of the Microsoft Research team responsible for RIoT, the Robust IoT security framework (http://aka.ms/RIoT).