How to Enable DICE and TPM for Optimal Security

Thorsten Stremlau
Author: Thorsten Stremlau
Date Published: 30 December 2021

By 2030, more than 24 billion Internet of Things (IoT) devices will have entered our cities, workplaces and homes, according to Transforma Insights. For years, I have been working to make sure that these devices have a healthy immune system so that they can defend against malicious attacks. This begins with a root of trust. Without it, there is no way to determine the security of the system and every component around it. This opens the door for potential vulnerabilities. With every vertical market responsible for creating safe and secure devices-from smart home devices to satellite networks-there are building blocks that need to be assembled in the design and development stages of these devices. IT developers face many challenges when striving towards this, but there are some key lessons they can follow to be successful.

If I were to develop a new IT platform, my first priority would be to make sure that my IoT device and any accessories, components or parts have all of the necessary mechanisms in place to implement a Device Identifier Composition Engine (DICE) and the Trusted Platform Module (TPM).

The Underlying Hardware: Architecture
This is the most important consideration. First, the subcomponents of the device and the chip makers – which make up the device or firmware – need to be customized so that they can be compliant with DICE and run measurements. They also need to be able to communicate with the TPM in a secure fashion. Before doing anything else, it is critical to make sure these subcomponents have the required capabilities. This is the only way to ensure secure communication paths to each of the subcomponents to evaluate the level of trust in the system.

For example, a chip inside a device will need to be measured for its integrity and needs a path to allow the measurement and communication to take place. Not all components that need to measure and establish trust on the platform have that ability.

If you get stuck with the subcomponent suppliers, have dependencies on other subcomponents or find out that the provider cannot provide the subcomponent with the basis to interact with the DICE or TPM, then you have a large security gap in the device. This will make all security on the device mute. It would be like locking the front door and all the windows but leaving the back door open.

In my experience, not all subcomponent providers are driving Trusted Computing Group (TCG) standards into their products. However, adoption is accelerating and there are many more subcomponent providers that are not only aware of DICE and TPM but are also using them. However, there are just a few providers that have not done so yet, which is why it is important to check before doing anything else.

The Trade-Off Triangle
When choosing which alternative provider that implements TCG standards to use, it is important to remember that it may come as a trade-off with price. You may get more features, but it may cost you more. Usually, this trade-off means that if you gain more security, you lose performance on another feature. This is something to expect and be prepared for. Most people are willing to make a trade-off if they get additional security, as the costs and consequences of not having security are not even worth considering against the benefits of everything else.

The Next Level of Security
Once components can handle integrity measurements and communications around security, then you can advance to the next level and establish a root of trust on a hardware platform.

Then you need to find a way to enable the software side of the device. Start by choosing which operating system and architecture—whether that is Windows or Linux—that you want to communicate with the hardware to make use of the DICE and TPM.

Once you have verified that the hardware is trustworthy, it may help to read up on the DICE and the cyberresilient specifications before integrating the TPM Software Stack (TSS) to make use of what can be done.

Editor’s note: For further insights on this topic, read Thorsten Stremlau’s recent Journal article, “A Trusted Secure Ecosystem Begins With Self-Protection” ISACA Journal, volume 4, 2021.

Don't forget—Members can earn free CPE from ISACA Journal quizzes!

ISACA Journal