Mocana Corp., provider of mission-critical security solutions for industrial control systems and the Internet of Things (IoT), announced on Wednesday support for Trusted Platform Module (TPM) 2.0 to enable device manufacturers to more easily build products that meet the highest standards for cybersecurity.
Used to secure billions of computer hardware and financial systems, TPM technology uses a unique secret key embedded into a microchip or firmware. With Mocana, IoT device manufacturers can more easily secure storage, communications, firmware updates and containerized applications.
TPM is an international standard for a secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys. TPM was conceived by the Trusted Computing Group (TCG), a computer industry consortium, and was later standardized by International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) in 2009 as ISO/IEC 11889.
Mocana’s support of TPM 2.0 for IoT and industrial devices include support for advanced ciphers including Elliptic Curve Cryptography (ECC), and 256 and 512-bit Secure Hash Algorithms (SHA) 2; separates owners for the TPM Endorsement Key (EK) for signing/attestation from the Storage Root Key (SRK) with support for Endorsement Hierarchies (EH) and Storage Hierarchies (SH); and provides seeding and reseeding of a non-deterministic pseudorandom number generator with an entropy source internal to the TPM’s cryptographic boundary to ensure a high degree of randomness for key generation.
The offering is optimized for embedded systems running Windows or Linux-based operating systems; and delivers multi-vendor support for TCG TPM 1.2 and 2.0 specification from Infineon, Nuvoton and STMicro. The solution also meets the requirements for US NIST 800-63B AAL3, the highest level of authentication assurance, and support Proof of Possession of a secret for both Certificate Management over CMS (CMC) and the Enrollment of Secure Transport (EST).
The offering also secures storage by delivering support for use of certified TPM keys for the encryption of data at rest; support for use of TPM keys for both asymmetric and symmetric key generation for SSL/TLS and IPsec; support for use of TPM keys to ensure devices are trusted before firmware is updated; and ensures the trustworthiness of containerized applications using remote attestation.
Mocana’s implementation of the TPM 2.0 standard has garnered broad industry support.
“As the pace of cyber attacks on IoT and industrial systems increases, there is a critical need for stronger security on IoT devices,” said Srinivas Kumar, vice president of engineering, Mocana. “TPM technology has been used broadly to prove the identity of a computer or financial transaction device. We are now enabling the latest TPM 2.0 feature set on IoT devices, which will significantly reduce the effort for our customers to leverage the technology and avoid reading the more than 3,000 pages of TPM technical documentation.”
“Mocana is making it easier to implement to TCG’s TPM 2.0 specification so that IoT applications and devices can be secured using a strong form of authentication assurance,” said Thorsten Stremlau, marketing co-chair of Trusted Computing Group (TCG). “Billions of devices use hardware-based TPMs for enterprise systems and financial systems. We are thrilled that Mocana is making it easier for developers to leverage the benefits of TPM to secure IoT devices.”
“Cyber security is becoming a critical and mandatory component in industrial IoT. Given ABB’s breadth of offerings in the market, we were looking for a security stack which could address requirements across a diverse landscape of end points. Mocana TrustPoint addresses these needs seamlessly while keeping us Industrial Internet Consortium (IIC) endpoint security compliant,” said Satish Gannu, chief security officer, ABB. “Mocana helped us to use TPMs for identity proofing for authentication and to enhance the security of storage, communications, and containerized applications.”
“Mocana’s implementation of the TPM 2.0 specification enables industrial and IoT device manufacturers to leverage the many features of TPM 2.0 to ensure devices are trustworthy,” said Steve Hanna, senior principal, Infineon. “Infineon and Mocana are committed to making it easier to incorporate TPMs into industrial and IoT devices to improve safety and reliability.”