“TPM capabilities represent a shift against today's attackers who are embedding rootkits beneath the notice of today's software-based security solutions,” Kittleson says. “We found TPM works very well for our high-assurance platforms.”
In a demo, a simulated attack on a TPM-protected device at the NSA stopped malware from spreading out of a virtual machine onto a host system. Researchers demonstrated a failed attestation when an infected device tried to connect. In that case, access was denied, and an alert sent to the mobile management administrator as the authentication server detected changes in the registry.
Despite this success, TPM is only in use among a “miniscule amount of devices” used across the vast defense network supported by the NSA, says Kittleson.
Adoption of Windows 8 and the upgrade of the key management infrastructure should help speed adoption across the Defense Department networks and other organizations supported by the NSA. It should also propel the Barnabas operation into full adoption.
While deployments may seem slow at this time, the licensing costs of TPM modules are declining, and interoperability standards are improving, say experts. This market penetration, combined with new risks introduced as mobile endpoints continue to proliferate, means it is only a matter of time before the use of TPM technologies becomes more common than not, both Syed and Kittleson say.
“The real driver is mobility,” ETA's Kay adds. “If every device is a potential attack point, we need to protect those endpoints with hardware-based security.”
TPMs...and applying standards
Critical control systems running power, water and industrial operations most often run on legacy Windows and Unix systems that, due to the sensitive nature of the system's processes, are difficult to upgrade and change.
“The big challenge in the industrial control systems environment is how do you add new security, like Trusted Platform Modules (TPMs), without impacting the operations of these critical systems?” says Steve Hanna, distinguished engineer at Juniper Networks, and chair of The Trusted Computing Group's (TCG) Trusted Network Connect working group.
Most organizations running control systems work around this by implementing multi-directional gateways to protect these systems from being directly accessed by systems elsewhere on the network.
TCG applied this same concept through its IF-MAP protocol embedded in these unidirectional security gateways to communicate information across industrial control systems. IF-MAP ensures that legacy systems are only talking to approved security gateways that have been positively identified by the TPM chips embedded in them. It also supports encryption of data passing through them.
“Security requirements have moved beyond PCs and laptops to all types of new embedded devices – printers, video scanners, cars, manufacturing and industrial control systems,” Hanna says. “Standards are the only hope for interoperable security for these devices.”