TPM and trust in the new Industrial Internet Security Framework
November 01, 2016
With the goal of enabling and accelerating the industrial Internet of Things (IIoT), the Industrial Internet Consortium (IIC) has placed security high...
With the goal of enabling and accelerating the industrial Internet of Things (IIoT), the Industrial Internet Consortium (IIC) has placed security high on its must-do list. The consortium’s September 2016 Industrial Internet Security Framework (IISF) provides a common security framework that addresses security issues in IIoT systems. Trusted Platform Module (TPM), is highlighted in that document as a key technology.
The IISF is not purely a technical document. Rather, the IISF starts with the business viewpoint, considering how IIoT security can help an organization achieve its goals by managing risks. By defining IIoT security risks, assessments, threats, metrics, and performance indicators, the IISF helps business managers protect their organizations. Each organization must continually assess the risk that it is facing due to IIoT security and decide how much of this risk it is willing to accept and how much to avoid or mitigate through countermeasures.
The IISF explains how trustworthy IIoT systems are built on five characteristics: safety, reliability, resilience, security, and privacy. These characteristics are interlinked, as poor security can impact the safety, reliability, resilience, and privacy of the overall system. The IISF catalogs the building blocks needed to create a trustworthy IIoT system.
The IISF specifically calls out the value of the Trusted Computing Group’s (TCG’s) TPM in building trustworthy IIoT systems. One of the most fundamental building blocks identified by the IISF is the need to establish a root of trust in each endpoint, a solid foundation upon which to build a secure system. The TPM is identified as an exemplary way to establish a hardware root of trust, providing a hardened and isolated hardware component for essential security operations such as strong authentication. The IISF recognizes the TPM’s unique status as an open standard (ISO/IEC 11889:2015), an implementation technique, and a discrete hardware chip, providing the strongest level of security commercially available for an endpoint root of trust.
Continuing its systemic approach to IIoT security, IISF reviews the role of security in the supply chain and throughout the system and product lifecycle. Separating the responsibilities for IIoT security into component builders, system builders, and operational users, the IISF points out that to ensure end-to-end security, operational users must assess the level of trustworthiness of the complete system.
The trust provided by the TPM is not just relevant at the component level but rather is essential to helping system builders and operational users establish confidence in the authenticity and integrity of components and systems, building up trust in their areas of responsibility.
[Figure 1 | The interaction and responsibilities of component builders, system builders, and operational users to ensure system trust.]
When international standards are available, the IISF bases its recommendations on those standards. For example, the IISF discussion of device identity points out that ISO/IEC 29115:2013 requires a tamper-resistant hardware root of trust (HRoT) such as TPM for its highest level of protection. IEC 62443, ISO/IEC 24760-1, and Industrie 4.0 include similar requirements stating, “in the case of digital identity, a secure identity is a certificate protected by an HRoT such as the TPM.”
The IISF is establishing a common understanding and expectation for IIoT security across the ecosystem, from customers and regulators through owners and operators, system builders and component builders.