Conferences and supporting programme
TPM 2.0 for Enhanced Security in Software Updates of Industrial Systems
Industry 4.0 enhances the communication and data exchange between devices in a smart factory. As a result, the amount of connected devices increases - offering opportunities for attacks on such devices, communication channels and stored data. The challenges are the enhanced functionalities and the complexity of the software in the devices, which also extends the possibilities of security issues and bugs. This can be improved with frequent remote software updates, which address bugs and consider latest known threats. These updates also need a high level of protection in order to prevent misuse and threats on the deployment of the updates. The problem for a system with a security bug is the protection of the cryptographic keys, which are required for a deployment of an update. These keys need to be stored and managed in a secure environment, which is separated of the main software of the devices. Such a secure environment is the Trusted Platform Module (TPM), which is a standardized technology to increase the security in devices and to protect cryptographic keys and data with a high security level. The TPM 2.0 is the latest Trusted Computing technology, which provides modern algorithms, easier integration of cryptographic functions and the crypto-agility concept. Crypto-agility is important for industrial devices, as they have a long lifetime and therefore require a smooth transition to new upcoming algorithms in the future. The presentation provides a short introduction in the new functionalities of the TPM 2.0 standards and their application in industrial devices. The focus is on the protection of a remote software update process, which uses the TPM as key storage and the policies for the protection of the key usage. The system setup with a TPM 2.0 is described, which applies security functionalities to enhance the protection of the software update and to validate the executed software in the device. The Enhanced Authorization concept is presented, which provides new and flexible methods to remotely control the allowed software in industrial devices even from the trusted backend systems. Furthermore the TCG is shortly presented with the current developments for embedded and industrial devices.
--- Date: 01.03.2018 Time: 2:00 PM - 2:30 PM Location: Conference Counter NCC Ost