Like other embedded systems, Industrial IoT design faces a constant stream of threats. As hackers adopt new attacks, developers rush to close security holes. Deployed devices need to update IoT firmware, increasing potential security vulnerabilities. For example, using a simple firmware verification check can leave the software published. In this situation, the developer may expect to be able to query external resources for verification and catch attempts to replace the firmware with hacked code. However, even relatively novice hackers can replace the firmware with code that ignores such verification checks. To secure these vurnerabilities comes Industrial Grade TPM 2.0.
Securing devices with Infineon industrial grade TPM
Infineon Technologies AG has unveiled a new security chip that defines the first TPM (Trusted Platform Module), designed specifically for industrial applications such as industrial computers, servers, industrial controllers and edge gates. The module protects confidential data in connected devices and reduces the risk of leakage of this information due to attacks, e.g. hackers.
The OPTIGA TPM SLM 9670 module protects the integrity of industrial systems and the identity of users using them. The system controls access to sensitive data at key locations in industrial environments, such as an automated factory. It also protects the cloud interface if the network uses one. The security system fully meets the TPM 2.0 standard developed by the Trusted Computing Group and is certified by an independent test laboratory in accordance with the criteria contained in this standard. The new module is meticulously controlled and certified by Infineon. Thanks to its use, it is possible to shorten the time of designing and introducing the device to the market, thanks to the ready security solution in the system.
The TPM system has a lifetime declared as 20 years. It allows programmers to perform firmware updates, which in turn enables them to meet the long-term security requirements in rapidly changing industrial environments. In this way, it can also reduce maintenance costs of industrial equipment thanks to secured remote software updates. The TPM chip will be available in serial production in the second half of 2019.
TPM 2.0 Key Features
- Random Number Generator (RNG) according to NIST SP800-90A
- TPM FW update functionality installed
- 6962 Bytes of free NV memory
- Full personalization with Endorsement Key (EK) and EK certificate
- Up to 3 keys in the volatile memory
- Up to 7 keys in the NV memory
- Up to 8 NV counters
- Support of various cryptographic algorithms:
- RSA-1024 and RSA-2048
- SHA-1 and SHA-256
- ECC NIST P256
- ECC BN256
Security chip implementation in Industrial IoT devices
With knowledge of latest Industrial IoT security measures, the choice of proper end-point conroller or gateway is much easier than you think. Some manufacturers can implement TPM 2.0 security chip in production process, to allow users to generate certification keys after purchase, maximizing security of their installations. TECHBASE offers wide range of solutions, optionally aided with TPM system.
For example, ESP-32 based solution, Moduino X series and eModGATE series products offer the support for such security measures. Read more in Industrial IoT Ecosystem brochure, to understand the importance of reliable and secure hardware for Industrial IoT.