New TCG guidance creates low-cost attestation architecture to establish trust in devices
December 13, 2022 – Accurately attesting the integrity of a device without a Trusted Platform Model (TPM) has been made possible with the latest Device Identifier Composition Engine (DICE) specification from Trusted Computing Group (TCG).
By 2030, there is expected to be over 30 billion connected devices worldwide. With the growth of the Internet of Things (IoT), complex architectures with challenging security and resource constraints will become commonplace, making an optimal security posture increasingly difficult to establish and maintain. A TPM can help overcome these issues, however not all devices leverage such technology.
To this end, the ‘DICE Endorsement Architecture for Devices’ specification from TCG provides a definitive guide to establish trust within systems and components with and without a TPM. It provides guidelines for devices to integrate cryptographically strong device identity, attest software and security policy, and assist in safely deploying and verifying software updates at near zero cost.
“The TPM is a vital tool for ensuring the integrity of a device, however the vast majority of devices being used across the world do not contain one”, said Chairman of the DICE Work Group, Dennis Mattoon. “With this new specification, manufacturers are provided the tools they need to provide the endorsements required to verify and attest the information received from a device and establish trust where previously it was difficult to do so.”
Previous DICE specifications outlined how devices can make authoritative statements to establish device identity, perform measurements and produce the required claims in evidence. With the ‘Endorsement Architecture for Devices’ specification, both aspects of the attestation process are covered, enabling manufacturers to provide manifests and present endorsement values to verifiers in order to successfully complete the reconciliation process.
The latest DICE specification represents the ongoing attempts of TCG to set trusted computing standards within all devices, regardless of whether a TPM has been leveraged.
More to explore
For more information about DICE Attestation Architecture, please visit the Trusted Computing Group website. https://trustedcomputinggroup.org/work-groups/dice-architectures/
Proactive International PR
Trusted Computing Group
TCG is a not-for-profit organization formed to develop, define and promote open, vendor-neutral, global industry specifications and standards, supportive of a hardware-based root of trust, for interoperable trusted computing platforms. More information is available at the TCG website, www.trustedcomputinggroup.org. The organization offers a number of resources for developers and designers at https://develop.trustedcomputinggroup.org/.
Follow TCG on Twitter and LinkedIn.