Fog nodes are basically installed near edge devices. This mitigate the impact of low latency, location awareness, geographic distribution, etc. Thus, some fog nodes are physically accessible. This is one point where the Trusted Platform (TPM) comes into play as a secured storage. Another crucial part is the establishment of Trust.
A Trusted Platform Module is a secured cryptographic co-processor and communicates commonly with the host system over SPI, i.e., it is physically separated from the main processor. It protects security critical data and is tamper resistant against logical and physical attacks. The TPM security module includes generic functions, security hardware and cryptographic functions. The Hardware Trusted Platform Module (HW-TPM) offers the highest security level and is validated according to FIPS 140-2 Level 2.
The core-concepts of the TPM are (1) TPM binding, (2) Platform Configuration Registers (PCRs), (3) TPM sealing, (4) attestation, and (5) TPM signing.
(1) Due to the protection mechanism of the TPM the key is used inside the TPM, and efficiently protected. Thus, ownership of a TPM corresponds to the ownership of the private key. The key is used for encryption and decryption. Data can therefore be bound to a specific TPM, respectively machine.
(2) In the context of trustworthy devices, the TPM works as a Root of Trust within RAINBOW. For this the TPM offers an essential feature called Platform Configuration Registers (PCR). A PCR is a memory location in the TPM. PCRs hold cryptographically measured software states (one-way hash). They can either be read to report a software state or can be signed to deliver a more secure attestation of the software. Additionally, PCRs can extend the authorization policy to restrict the use of objects.
(3) Sealing combines the benefits of binding and PCRs. Data can be restricted and/or protected to specific devices with specific PCR configurations. For instance, data is opened after the system has booted without manipulations detected.
(4) Especially for RAINBOW the TPM is utilized, beside the protection of security critical data, e.g. key-material, and a RoT-anchor, as a privacy enabler for the integration of privacy preserving protocols called Direct Anonymous Attestation (DAA) and Control Flow Attestation (CFA), which is an advanced feature of the current TPM 2.0. Here, the protocols use special commands from the TPM to enable, at the moment, the most reachable security hedges, e.g., TPM signing, hashing, activate credential. For the attestation part the RAINBOW platform makes use of the TPM’s PCRs. Attestation allows the host to sign a report state for a remote host, decide whether to trust a service or not, and also offers the support for pseudonyms in context of DAA.
(5) Signatures are necessary for authentication of parties within RAINBOW. DAA allows to use privacy preserving signatures. To allow that the key for the signature is well protected the TPM offers a sign operation with a TPM protected key, i.e., the key is to be used inside the TPM only and therefore it is properly protected against logical and physical side-channel attacks.
The Workshop-Partners from WP2 provide insights in a webinar on Feb 22nd, 15-17h (CEST), on how the RAINBOW approach to Fog Computing Security provides trust and provable security.
For RAINBOW, Infineon uses the IRIDIUM SLI/SLM 9670 TPM2.0 (TPM9670 Add-on board for Raspberry Pi). A list of available products can be found under www.infineon.com/tpm.