Representatives of some of the biggest names in computing have been quietly meeting in Toronto this week to discuss some of the smallest but vital intricacies of device security.
The Trusted Computing Group, whose open standards are used to build security chips found in motherboards, routers, switches, smartphones and solid-state drives, is holding one of its tri-annual member’s meetings. The sessions are so private that Joerg Borchert, the TCG’s president and chair, said he couldn’t divulge the agenda of the four-day meet. One reason is some of the work done by TCG is patented.
However, he suggested one focus will be the revision of the TCG’s Trusted Platform Module 2.0 library specification, expected to be presented next year to the International Standards Organization (ISO). The TMP standard is also called ISO 11889. The new revision would be described as 2.0x.
When asked what the biggest challenge his group faces, Borchert said “we don’t have enough time when we are together.”
Its work groups — which include cloud computing, cyber resilient technologies, PC clients, servers, storage, embedded systems, industrial systems and IoT — confer online every two weeks. Three times a year, they hold face-to-face meetings, as they are in Toronto.
“These meetings help facilitate the progress of these complicated standards,” Borchert said.
Everyone, of course, wants a trusted computing device. But in the IT world it means a computing device behaves in expected ways by, for example, making sure programs can’t inappropriately read or write to other applications, can protect against malware and through the use of encrypted certificates will detect unauthorized changes to software.
Chips using the TMP modules allow manufacturers to give solid-state hard drives the ability to be self-encrypting.
Some 100 companies are members of the TCG. On the current board are representatives from Microsoft, Cisco Systems, Intel, Infineon Technologies, AMD, Dell, Hewlett Packard, Hewlett Packard Enterprise, Huawei, IBM, Fujitsu, Juniper Networks and Lenovo.
In addition to leading the TCG, Borchert is also vice-president of chip and card security at Infineon Technologies, which makes trusted module chips. For example, earlier this year it announced a TPM for industrial applications, while last year it announced a module for connected cars.
Since its formation 20 years ago the TCG has created 25 Trusted Platform Modules and published over 100 specifications for advancing best cyber security practices.