Whom do you trust? Without secure hardware, the answer is nobody. That's why security was a hot topic at the Embedded Systems Conference (ESC) in Boston last month.
Most developers are becoming aware of the need for security and that security-related hardware is becoming more available. Unfortunately, most are unaware of the needs, requirements, implications, and types of attacks associated with secure communications. It's definitely more than just using SSL (secure sockets layer) for Web browsing.
A number of security vendors displayed their wares at ESC. The Trusted Computing Group also was represented. One of its initiatives, the Trusted Platform Module (TPM), was presented from an architecture and implementation standpoint (Fig. 1). Atmel's AT97SC3201 chip provides a serial, SPI, or I2C interface.
Secure key storage and hardware-based encryption are critical for platform authentication. The TPM support is well beyond the unique identifier found in many processors or BIOSs. Also, most secure system implementations currently assume physical security, but authentication becomes very important as networking applications become more open. This is especially true for wireless networking.
TPM is only a starting point for making transactions and a computer more secure. For example, TPM doesn't implement a secured operating system, which requires a different set of hardware controls like the ability to check the boot code for the operating system. Likewise, it doesn't provide digital rights management (DRM) acceleration. However, TPM can provide the encryption keys necessary for most DRM implementations as well as authentication and encryption support for most security-related subsystems.
The TPM operates in conjunction with the TPM stack (Fig. 2). It enables applications to use the underlying hardware regardless of its source. The Crypto Application Programming Interface (CAPI) provides application support using the Cryptographic Service Provider (CSP) modules. The CSP in turn accesses the TPM hardware through the TCG Software Stack (TSS).
The same kind of functionality is also available through the Public Key Cryptography Standard (PKCS) #11 application programming interface. TPM hardware supports both interfaces.
Atmel isn't the only source of TPM hardware. This hardware is incorporated into products from Intel and will likely be available in some form from most vendors in the future. Authentication will be a fact of life in future designs.
Although TPM was one of the major discussion points at the show, it wasn't the only one. A range of vendors showed off everything from secure middleware to intrusion detection software and hardware. Operating systems continue to gain more security-related features and secure protocol stacks, especially in the mobile arena. (Check out "Getting Embedded in Boston," EiED Online 8830, for more details.)
If you missed the security-related technical sessions at ESC Boston, start checking them out at future shows. Authentication and encryption are the cutting edge, and it will take more than a new protocol stack to provide the kind of support to remain ahead of the competition—and the lawyers.
Trusted Computing Group