Security Is No Secret At ESC Boston

Oct. 28, 2004
Whom do you trust? Without secure hardware, the answer is nobody. That's why security was a hot topic at the Embedded Systems Conference (ESC) in Boston last month. Most developers are becoming aware of the need for security and...

Whom do you trust? Without secure hardware, the answer is nobody. That's why security was a hot topic at the Embedded Systems Conference (ESC) in Boston last month.

Most developers are becoming aware of the need for security and that security-related hardware is becoming more available. Unfortunately, most are unaware of the needs, requirements, implications, and types of attacks associated with secure communications. It's definitely more than just using SSL (secure sockets layer) for Web browsing.

A number of security vendors displayed their wares at ESC. The Trusted Computing Group also was represented. One of its initiatives, the Trusted Platform Module (TPM), was presented from an architecture and implementation standpoint (Fig. 1). Atmel's AT97SC3201 chip provides a serial, SPI, or I2C interface.

Secure key storage and hardware-based encryption are critical for platform authentication. The TPM support is well beyond the unique identifier found in many processors or BIOSs. Also, most secure system implementations currently assume physical security, but authentication becomes very important as networking applications become more open. This is especially true for wireless networking.

TPM is only a starting point for making transactions and a computer more secure. For example, TPM doesn't implement a secured operating system, which requires a different set of hardware controls like the ability to check the boot code for the operating system. Likewise, it doesn't provide digital rights management (DRM) acceleration. However, TPM can provide the encryption keys necessary for most DRM implementations as well as authentication and encryption support for most security-related subsystems.

The TPM operates in conjunction with the TPM stack (Fig. 2). It enables applications to use the underlying hardware regardless of its source. The Crypto Application Programming Interface (CAPI) provides application support using the Cryptographic Service Provider (CSP) modules. The CSP in turn accesses the TPM hardware through the TCG Software Stack (TSS).

The same kind of functionality is also available through the Public Key Cryptography Standard (PKCS) #11 application programming interface. TPM hardware supports both interfaces.

Atmel isn't the only source of TPM hardware. This hardware is incorporated into products from Intel and will likely be available in some form from most vendors in the future. Authentication will be a fact of life in future designs.

Although TPM was one of the major discussion points at the show, it wasn't the only one. A range of vendors showed off everything from secure middleware to intrusion detection software and hardware. Operating systems continue to gain more security-related features and secure protocol stacks, especially in the mobile arena. (Check out "Getting Embedded in Boston," EiED Online 8830, for more details.)

If you missed the security-related technical sessions at ESC Boston, start checking them out at future shows. Authentication and encryption are the cutting edge, and it will take more than a new protocol stack to provide the kind of support to remain ahead of the competition—and the lawyers.

Atmelwww.atmel.comIntelwww.intel.comTrusted Computing Groupwww.trustedcomputinggroup.org
About the Author

William G. Wong | Senior Content Director - Electronic Design and Microwaves & RF

I am Editor of Electronic Design focusing on embedded, software, and systems. As Senior Content Director, I also manage Microwaves & RF and I work with a great team of editors to provide engineers, programmers, developers and technical managers with interesting and useful articles and videos on a regular basis. Check out our free newsletters to see the latest content.

You can send press releases for new products for possible coverage on the website. I am also interested in receiving contributed articles for publishing on our website. Use our template and send to me along with a signed release form. 

Check out my blog, AltEmbedded on Electronic Design, as well as his latest articles on this site that are listed below. 

You can visit my social media via these links:

I earned a Bachelor of Electrical Engineering at the Georgia Institute of Technology and a Masters in Computer Science from Rutgers University. I still do a bit of programming using everything from C and C++ to Rust and Ada/SPARK. I do a bit of PHP programming for Drupal websites. I have posted a few Drupal modules.  

I still get a hand on software and electronic hardware. Some of this can be found on our Kit Close-Up video series. You can also see me on many of our TechXchange Talk videos. I am interested in a range of projects from robotics to artificial intelligence. 

Sponsored Recommendations

Comments

To join the conversation, and become an exclusive member of Electronic Design, create an account today!