By 2030, more than 24 billion Internet of Things (IoT) devices will have entered our cities, 工作场所和家庭, Transforma Insights称. 多年来, I have been working to make sure that these devices have a healthy immune system so that they can defend against malicious attacks. 这要从信任的根源开始. Without it, there is no way to determine the security of the system and every component around it. This opens the door for potential vulnerabilities. With every vertical market responsible for creating safe and secure devices-from smart home devices to satellite networks-there are building blocks that need to be assembled in the design and development stages of these devices. IT developers face many challenges when striving towards this, but there are some key lessons they can follow to be successful.
如果我要开发一个新的IT平台, my first priority would be to make sure that my IoT device and any accessories, components or parts have all of the necessary mechanisms in place to implement a Device Identifier Composition Engine (骰子) 和 Trusted Platform Module (TPM).
底层硬件:体系结构
This is the most important consideration. 第一个, the subcomponents of the device 和 chip makers – which make up the device or firmware – need to be customized so that they can be compliant with 骰子 and run measurements. They also need to be able to communicate with the TPM in a secure fashion. 在做其他事情之前, it is critical to make sure these subcomponents have the required capabilities. This is the only way to ensure secure communication paths to each of the subcomponents to evaluate the level of trust in the system.
例如, a chip inside a device will need to be measured for its integrity and needs a path to allow the measurement and communication to take place. Not all components that need to measure and establish trust on the platform have that ability.
If you get stuck with the subcomponent suppliers, have dependencies on other subcomponents or find out that the provider cannot provide the subcomponent with the basis to interact with the 骰子 or TPM, then you have a large security gap in the device. This will make all security on the device mute. It would be like locking the front door and all the windows but leaving the back door open.
根据我的经验, not all subcomponent providers are driving Trusted Computing Group (TCG) standards into their products. 然而, adoption is accelerating 和re are many more subcomponent providers that are not only aware of 骰子 and TPM but are also using them. 然而, there are just a few providers that have not done so yet, which is why it is important to check before doing anything else.
权衡三角
When choosing which alternative provider that implements TCG standards to use, it is important to remember that it may come as a trade-off with price. You may get more features, but it may cost you more. 通常, this trade-off means that if you gain more security, 你会在另一个特性上损失性能. This is something to expect and be prepared for. Most people are willing to make a trade-off if they get additional security, as the costs and consequences of not having security are not even worth considering against the benefits of everything else.
下一个安全级别
Once components can handle integrity measurements and communications around security, then you can advance to the next level and establish a root of trust on a hardware platform.
Then you need to find a way to enable the software side of the device. Start by choosing which operating system and architecture—whether that is Windows or Linux—that you want to communicate with the hardware to make use of the 骰子 and TPM.
Once you have verified that the hardware is trustworthy, it may help to read up on the 骰子 和 cyberresilient 集成前的规范 TPM软件栈 (TSS)利用可以做的事情.
编者按: For further insights on this topic, read 托尔斯滕Stremlau’s recent Journal article, “A Trusted Secure Ecosystem Begins With Self-Protection” ISACA杂志,第4卷,2021年.
别忘了,澳门赌场官方软件可以 免费获得CPE 来自ISACA期刊的测验!
