Secure Elements DICE & TPM

From IIW

Secure Elements DICE and TPM

Wednesday 5C

Convener: Alan Viars

Notes-taker(s): Alan Viard

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps: Trebuchet 11

TPM 2.0 Notes

Level Setting: What is a TPM?

A Security Co-Processor

Public Private Key Operations
Key Creation
Key signing
Key exchange
Non-Volatile Storage
Access protected
Symmetric encryption
HMAC operations
Limited symmetric encryption

Purely Passive

It does NOT monitor your system

Level Setting: What is a TPM?

Two Questions

Why was the Specification upgraded from 1.2?

Over 1 Billion served

Why do I care?

How can I make use of TPMs to solve my current problems?

Why the Change from 1.2?


TPM 1.2 was built around SHA-1
The algorithm was embedded in all structures
There wasn’t room enough to simply change to SHA256


TPM 1.2 had grown “organically” after 1.1b
It was unnecessarily complicated

Ease of use

TPM 1.2 was hard to use
Complexity of authorization

New Functionality

Algorithm flexibility
Unified Authorization
Fast Key loading

Why Use a TPM 2.0?

Problems that can be solved/ameliorated with TPMs

Poor entropy leading to weak keys
Supply chain risks / Counterfeit hardware
Keeping bad guys off of your internal network
Keeping malware infected hardware off of your internal network
Massive password database releases
Multi-factor authentication
Email Security
FIPS certified / Common criteria certified encryption engines
Securing your root certificates
Merging physical and logical controls

For more information:

(Free download)

For more information