Given the benefits of TPM security, it's surprising that TPM chips aren't more widely used or appreciated.
What many security pros may not realize though is that an underused defense tool has been sitting right under their noses for years: the trusted platform module (TPM).
Published by the international industry standards group Trusted Computing Group (which includes the likes of Microsoft, Intel and Hewlett-Packard), the TPM specification details what is essentially a secure cyrptoprocessor that can store cryptographic keys. TPM is published under the ISO/IEC standard 11889, though TPM 2.0 is currently under development and is expected to be FIPS 140-2 or 140-3 certified. Unlike many other infosec defense options, TPM is built into many of today's endpoint computing devices, which provides a variety of benefits and potential pitfalls.
In this tip, we'll detail the TPM specification, what benefits enterprises can expect from TPM security and the potential downsides of the specification.
Improving enterprise security with TPM devices
Millions of today's devices -- from computers to mobile phones and even automotive systems -- contain a trusted platform module cryptoprocessor. These secure integrated circuits, usually installed on a device's motherboard, provide hardware-based cryptographic and security-related functions, such as system integrity checks, disk encryption and key management, all at machine speed.
The TPM's primary role is to enable robust device security using secure, validated encryption keys. At the heart of TPM functionality is the endorsement key, which is an encryption key that is burned into TPM hardware during production. The private portion of the endorsement key is never released outside of the TPM or exposed to any other component, software, process or person. Another critical key, the storage root key, is also stored within the TPM; it's used to protect TPM keys created by other applications so that they can only be decrypted by the TPM via a process called binding as it locks data to the device. Unlike the endorsement key, the storage root key is created when a TPM device is initialized for the first time or a new user takes ownership.
As a TPM uses its own internal firmware and logic circuits for processing instructions, it's safe from software-based attacks against the operating system, meaning it can provide improved protection for any processes that need encryption services. Full disk encryption applications, such as Microsoft's BitLocker Drive Encryption and WinMagic's SecureDoc, use TPM, while keys associated with fingerprint and smart card readers used in two-factor authentication can be stored in the TPM chip.
Apart from the secure generation and storage of cryptographic keys, a TPM can also record the state of a system via a mechanism called Platform Configuration Registers (PCR). This allows the TPM to offer a pre-boot system integrity check, also known as remote attestation, which is a powerful data protection tool. By storing data encryption keys in the TPM along with a reference to a specific PCR state, data can be effectively sealed. The keys are only unsealed and released once the state of the system is validated against the stored PCR values, ensuring that systems can only be accessed if specific hardware or software conditions are met.
Remote attestation can also be used to self-heal a system. For example, when a Google Chromebook is powered on, the TPM measures the BIOS. If there is a mismatch between this measurement and the PCR values, the Chromebook rolls back to the last known trusted state before continuing to boot, greatly reducing the risk that data on a device can be compromised by physical theft or a software attack.
The unique endorsement key of TPM devices also means that it can be used to authenticate a device rather than a user. This functionality can be combined with any 802.1x-compatible network policy enforcement points such as firewalls, switches and routers to provide hardware-based authentication. Wireless and virtual private networks can also be configured to perform hardware-based authentication. Using security services at the hardware level provides better protection than a software-only mechanism; a 2012 report by the Aberdeen Group Inc. found organizations using this form of authentication to create a hardware root of trust had 50% fewer security incidents. Given the benefits of TPM security, it's surprising that TPM chips aren't more widely used or appreciated.
TPM is not a cure-all
As with even the best information security methods, TPM is not free from drawbacks. For example, although digital rights management (DRM) is not the intended use of TPM, some users have privacy concerns because it can be used to provide powerful DRM and software license enforcement to lock content to a specific machine and identify user activity. The main drawback for enterprises is that TPM-based authentication ties a user to a single computer by storing keys in the TPM chip on that endpoint. This makes multiple device use (e.g., hot-desking) impractical, so instead many enterprises use third-party software for disk encryption, particularly when the additional security provided by TPM is not required.
From the editors: Where TPM lives
Microsoft was one of the key founding members of the Trusted Computing Group, and as a result, the trusted platform module is fully utilized in various Microsoft Windows platforms, including Windows 8 and Windows Server 2012. A TPM is also required to make full use of BitLocker.
It's also worth remembering that TPM is designed to provide secure storage for keys, which means data is only protected when at rest, not during use. Once unsealed, data is in the clear; although TPM can store pre-run time configuration parameters, it cannot control malware that gets executed once a device has finished booting. Keys are also vulnerable while in use during encryption and decryption operations, an issue which has been demonstrated using a cold boot attack. The other problem with TPM -- as is the case with any PKI encryption -- has been key management. Key management is always complex, and is even more so with TPM; it requires integrating TPM key management with a broader enterprise encryption management program and minimizing the complexities TPM adds to day-to-day system support tasks like lost or forgotten authentication credentials or applying software patches that change an endpoint's default state.
Like any other security control, TPM has drawbacks that can cause potential problems for enterprises, so not surprisingly it's most effective when used in conjunction with other existing endpoint controls, like multifactor authentication, network access control, and malware detection.
What's next for TPM?
As for the future of TPM devices, between the release of products from vendors like Wave Systems and TPM being implemented as a core component of Microsoft Windows 8 and Windows Server 2012, security adoption is likely to increase, especially as key management will become less of an administrative headache. In fact, Microsoft already requires a TPM chip on any device running Windows 8, including phones and tablets, as well as servers running Windows Server 2012, providing just the sort of boost to adoption that TPM needs to become a ubiquitous security presence. As more enterprises aim to provide built-in security without inconveniencing the user, TPM will likely continue to grow and become more influential.
About the author:
Michael Cobb, CISSP-ISSAP, is a renowned security author with more than 15 years of experience in the IT industry and another 16 years of experience in finance. He is founder and managing director of Cobweb Applications Ltd., a consultancy that helps companies secure their networks and websites and achieve ISO 27001 certification. He co-authored the book IIS Security and has written numerous technical articles for leading IT publications. Michael is also a Microsoft Certified Database Administrator and a Microsoft Certified Professional.
This was first published in August 2013