New TCG guidance creates low-cost attestation architecture to establish trust in devices
December 2022 by Marc Jacob
Accurately attesting the integrity of a device without a Trusted Platform Model (TPM) has been made possible with the latest Device Identifier Composition Engine (DICE) specification from Trusted Computing Group (TCG).
By 2030, there is expected to be over 30 billion connected devices worldwide. With the growth of the Internet of Things (IoT), complex architectures with challenging security and resource constraints will become commonplace, making an optimal security posture increasingly difficult to establish and maintain. A TPM can help overcome these issues, however not all devices leverage such technology.
To this end, the ‘DICE Endorsement Architecture for Devices’ specification from TCG provides a definitive guide to establish trust within systems and components with and without a TPM. It provides guidelines for devices to integrate cryptographically strong device identity, attest software and security policy, and assist in safely deploying and verifying software updates at near zero cost.
Previous DICE specifications outlined how devices can make authoritative statements to establish device identity, perform measurements and produce the required claims in evidence. With the ‘Endorsement Architecture for Devices’ specification, both aspects of the attestation process are covered, enabling manufacturers to provide manifests and present endorsement values to verifiers in order to successfully complete the reconciliation process.
The latest DICE specification represents the ongoing attempts of TCG to set trusted computing standards within all devices, regardless of whether a TPM has been leveraged.