Page 1 of 1
In the summer of 2006, the Army mandated that all computers it acquires will have a chip on the processor board that is dedicated to performing security function known as Trusted Platform Module (TPM). While talking about the industry with several users and suppliers this month, they were saying that the Army is going to stop giving waivers this year to that requirement. That motivated me to learn more about TPM and its impact, since I’ve seen this feature called out in some—but not all—product news releases that have been coming across my desk.
In September of 2011, Jeff Child stated the following in his column: “For several years anti-tamper technology has been required in all new military programs per the 5000-series directives from the U.S. DoD. In the language of DoD Directive 5200.39, the mission of anti-tamper in electronic design is to deter (or delay) reverse engineering of critical program information (CPI), defined as ‘information, technologies, or systems, which, if compromised, would degrade combat effectiveness, shorten the expected combat-effective life of a system, or alter program direction.’ For the past several years, system developers have been able to get waivers allowing them to use anti-tamper ICs in their systems. But some predict that within five years, those waivers will no longer be given.” Those timing predictions may now be a little too generous.
Developed by the Trusted Computing Group (TCG), TPM conforms to the group’s standard specifications. TCG was founded in 2003 to produce industry-standard, vendor-neutral specifications for hardware and software security that will work across multiple platforms. The group has 120 industry members. For this type of security to be meaningful, it has to be universal and based on standards, otherwise what you have are fragmented solutions and it’s impossible for IT managers to have a comprehensive security strategy. TPM alone only addresses some of the more basic security issues; networking and joint operation issues are more complex and require additional hardware or software.
The Intel TPM module-AXXTPME3 chip (Figure 1) is a hardware-based security device that addresses the problem of providing integrity for the boot process and increased data protection. In conjunction with the TPM, Intel also offers another piece of hardware, the Trusted Execution Technology (TXT), which is a hardware extension to their processors and chipsets that further enhances tamper resistance. Full detailed information on TPM and TXT can be found in the Intel Trusted Platform Module Hardware User’s Guide. And I’m not going to attempt to address it here.
A Trusted Platform Module (TPM) is a hardware-based security device designed to provide integrity for the boot process and increased data protection.
The Army’s interest and support for the TPM came from the fact that the TCG was an open standard for both hardware and software, and was supported by a large number of key industry suppliers and users. One of the major reasons the Army has provided waivers willy-nilly is that they have not implemented all the software, network and joint operation requirements to take advantage or even utilize TPM. Impending reduction or elimination in providing waivers indicates that some of the Army’s problems have been resolved. System product developers that have implemented TPM in their designs may be at an advantage. Companies like Adlink, General Micro Systems, Kontron and Trenton Systems have highlighted the TPM feature in several of their product releases. If the Army is in fact leading the way for implementing TPM throughout all of the DoD and other government agencies, then we may soon not only see TPM featured on all new computing systems products but also other enhancements to expand security.