Trusted Computing

Trusted computing describes technologies and suggestions to improve IT security through hardware enhancements and associated software solutions. Several major hardware manufacturers and software providers have joined forces in the Trusted Computing Group (TCG) and are working together to develop concrete strategies for securing systems, networks and applications.

Fraunhofer AISEC is member of the TCG and develops solutions to protect critical data and systems against the growing number of attacks and to ensure compliance with legal regulations through hardware- and software-based security. Therefore, Fraunhofer AISEC bundles compentencies from several fields of expertise.

Expertise

Fraunhofer AISEC offers its experience in Trusted Computing technolgies and provides concepts for design, integration and implementation of security mechanisms. We offer an integrated hardware and software engineering process, as well as the necessary migration of functionality into hardware and software.

 

Selected projects in the field of Trusted Computing

Practical Runtime Attestation for Tiny IoT Devices
seTPM: A secure element-based TPM utilizing Java Card technology
TPM 2.0 Simulator for Linux / TEE
Trusted Connector - IoT Gateway based on Trusted Computing Technologies
Multiplexing TPM Integrity Measurements among Virtual Machines
Integrity Verification with Trusted Computing Technologies

 

For further information please visit https://develop.trustedcomputinggroup.org/  

Practical Runtime Attestation for Tiny IoT Devices

© STMicroelectronics

-

A major challenge in IoT security is to assure the integrity of the firmware running on constrained low-cost devices. A solution to this challenge is provided by a security mechanism called "remote attestation".

Solution

We developed a method based on DICE to securely generate attestation evidence at runtime using only standard CPU features like the MPU and privileged/unprivileged levels of execution in combination with the boot code located in ROM and lock mechanism required by DICE. As a result, our method can immediately be applied to a broad range of popular microcontrollers. At Fraunhofer AISEC, we developed a prototype for the frequently used Cortex-M4-based STM32L476 microcontroller.

Our competences

  • Trusted Computing technologies, especially DICE and RIoT
  • Design and implementation of security mechanisms on MCUs
  • Securing IoT use cases, such as smart home applications or sensor node networks

seTPM: A secure element-based TPM utilizing Java Card technology

© Fraunhofer AISEC

On constrained embedded platforms, a TPM may not be available, but its functionality desired in order to secure a system. To equip such platforms with Trusted Computing technologies, such as remote attestation or sealing, TPM capabilities have to be integrated by different means.

Solution

seTPM is a research project that implements a TPM on a GlobalPlatform secure element utilizing Java Card technology. The highly flexible architecture of seTPM comprises hybrid support for TPM 1.2 and 2.0 specifications on the same secure element, and to even dynamically load further Java Card Applets. This makes it possible to run Trusted Computing-based security protocols while supplying a similar security level as provided by dedicated TPM chips.

Our competences

  • Trusted Computing technologies, especially TPMs
  • Design and implementation of security mechanisms on Secure Elements, like Java Cards
  • Securing systems by integrating secure elements into scenarios where sensitive data is processed

More about this

TPM 2.0 Simulator for Linux / TEE

© Fraunhofer AISEC

The development of system functionalities that require a TPM is often a cumbersome and complex process when making direct use of a dedicted hardware TPM.

Solution

The TPM 2.0 simulator represents a software TPM that can be used with a common TSS. The simulator's source code can be quickly built and launched to emulate a fully functional TPM in software. This is especially useful for testing and prototyping system functionality that makes use of the TPM.

Features

  • Ready-to-use TPM 2.0 based on the public specification of the Trusted Computing Group
  • Suitable for Testing/Prototyping and Integration into a TEE

More about this

Trusted Connector

An IoT Gateway based on Trusted Computing Technologies

© Fraunhofer AISEC

The interconnection and data exchange between distributed stand-alone devices is applied in many scenarios including industrial computing or IoT. The most recent and prominent advances in industrial computing include the growing interconnectivity of devices and the increasing variety of complex applications exchanging data across company domains. In this context, the data becomes a valuable business asset and a trade good. This attracts attention to both attackers in the network and physically present attackers.

Solution

The Trusted Connector is a secure embedded device based on Trusted Computing technologies. We designed the connector as an embedded device that makes a secure boot in combination with a measured boot to be capable of remotely attesting its state to other connectors. In addition, the connector uses the TPM for Full Disk Encryption (FDE) to protect its persistent data from physical adversaries. For runtime integrity, the connector isolates execution contexts into different containers based on virtualization technologies and a hardened Linux kernel. The Trusted Connector is a full-blown technology that also allows for secure remote updates ready for use. The connectors can possibly be part of a complex ecosystem and form a network to exchange data, for instance data acquired by a connector in a manufacturing unit.

Our competences

  • Trusted Computing technologies and concepts, especially TPMs, remote attestation, trusted boot
  • Integration of the Trusted Connector into corporate environments (industrial facilities, IoT gateways, ...)
  • Design and implementation of secure embedded platforms and their application in IoT and industrial use cases

More about this

Multiplexing TPM Integrity Measurements among Virtual Machines

Measuring the integrity of critical operating system components and securely storing these measurements in a hardware-protected Trusted Platform Module (TPM) is a well-known approach for improving system security.

However, currently it is not possible to securely extend this approach to TPMs used in virtualized environments while maintaining the same level of security.

Solution

We investigated how to multiplex integrity measurements originating from arbitrarily many Virtual Machines (VMs) with just a single standard TPM.

In contrast to existing approaches such as Virtual Trusted Platform Module (vTPM), our approach achieves a higher level of security since measurements, once stored, will never be held in software but are fully hardware-protected by the TPM at all times. The experimental results of our proof of concept implementation show the feasibility of our approach.

Our competences

  • Experience in Trusted Computing technologies, such as TPMs and remote attestation, in the context of virtualization
  • Design and implementation of security mechanisms and security protocols to attest the trustworthiness of individual virtual machines

More about this  

Integrity Verification with Trusted Computing Technologies

© Fraunhofer AISEC

While most microkernel-based systems implement non-essential software components as user space tasks and strictly separate those tasks during runtime, they often rely on a static configuration and composition of their software components to ensure safety and security. In our research, we extend a microkernel-based system architecture with a TPM and propose a verification mechanism for a microkernel runtime environment, which calculates integrity measurements before allowing to load (remote) binaries.

Solution

Our approach adopts the main ideas of the Integrity Measurement Architecture (IMA), which has been proposed for Linux-based systems, to a microkernel. In comparison, however, it significantly reduces the Trusted Computing Base (TCB) and allows for a strict separation of the integrity verification component from any rich operating system, such as GNU/Linux or Android, running in parallel.

Our Competences

  • Experience in Trusted Computing technologies, such as TPMs and remote attestation, in the context of microkernel-based systems, such as the Fiasco.OC/L4Re
  • Design and implementation of security mechanisms and security protocols to attest the trustworthiness of remote binaries, e.g. for a secure update use case

More about this