EURIM Trusted Computing Subgroup

Back to main IG page

Terms of Reference

Background

End point devices, (desktops, laptops and mobile devices) are being manufactured to include Trusted Computing (TC) technologies, based on open standards developed by the Trusted Computing Group (TCG).  Trusted Platform Module (TPM) is a major TCG standard.

TPM is a computer chip (microcontroller) that can securely store artefacts used to authenticate the platform (your PC, laptop or mobile). These artefacts can include passwords, certificates, or encryption keys.  This enables the identity of the end point device to be established and verified against a list of assets authorised to connect to systems. The purpose is to mitigate malicious attacks via non-authorised devices connecting to systems.

Authentication (i.e. the ability to validate the identity of something or somebody in an electronic environment) is essential for any trusted relationship in cyberspace.   TPMs support device authentication and enable other functions such as person authentication, digital signing and device health measurement (to know a device has not been subverted or hacked).  Thus a business can be confident it is only connecting to known devices.

Over 600 million TPMs are deployed in end point devices (mostly laptops, computers and self-encrypting drives (SEDs)) from a variety of manufacturers, and the number is increasing.  TPMs will appear in mobile and network devices in the near future, extending trust and bringing greater control and accountability into increasingly complex and international information infrastructures. 

The use of TPM is considered a major weapon in reducing cybercrime and fraud, which rose to an estimated €500bn across Europe in 2010 and was over $1 trillion worldwide. Whilst TPMs are widely deployed, they are not yet widely used.  However, market adoption will increase as more governments’ procurement regulations mandate TPM in devices.  The US DoD recently mandated that TPMs be switched on, which will influence international allies and industry partners, including global supply chains, to do the same. 

The UK has the opportunity to be an early adopter, thereby meeting several HMG strategy policy objectives and benefitting the nation.

Objective of the Working Group

The Working Group has three objectives to produce:

• Procurement Guidelines such that end point devices can be purchased to a defined standard which will enable the TPM to be utilised

• End point configuration management and deployment of TPM technologies, to ensure the integrity and security of End point devices including

• Device Enrolment Guidelines that support the accreditation of end point devices that are already  deployed  as well as those to be  purchased or connected in the future

• Device Authentication and Attestation Guidelines for assuring devices which connect to systems.

Working Group Sub-Streams

There will be two sub-streams of activity; Procurement, and End Point Lifecycle Management.

Each sub-stream will include representatives from EURIM members and observers from relevant government departments, including CESG.

Procurement

This sub-group will create a two page set of guidelines to support the purchase of end point devices with inbuilt Trusted Computing technologies. The guidelines will cover the standards with which the TPM will need to be compliant. These standards will be ‘open’ such that the purchaser is not locked into any proprietary technology.  The guidelines should:

1. Identify the classes of devices which contain TC technologies

2. Provide justification guidelines for the acquisition of TC technologies, including identification of the potential benefits;

3. Identify minimum acceptance criteria for devices containing TC technologies.

This group will also include an observer from Buying Solutions.

End Point Lifecycle Management

This sub-group will create guidance on how to enrol, verify, attest, deploy, configure, use and revoke TC technologies for maximum end point security. This should be succinct guidelines to support the formal enrolment, registration, verification and attestation of end point devices connecting to systems and how it can be configured into the device lifecycle management. This will include a process template, standards for compliance and accreditation guidelines.

Deliverables

As it is envisaged these sets of guidelines will be incorporated into other documents as appropriate, as well as being circulated by EURIM.

The template will be standard for all three sets of guidelines; Introduction, Background, Purpose, Guidelines, Standards, Benefits, Information Assurance/Accreditation Issues and References.

Forthcoming Meetings

Recent Meetings & Papers

Date	Description	Papers
05 Apr 12	Trusted Computing Subgroup Meeting	Summary Report
08 Mar 12	Trusted Computing Subgroup Meeting	Summary Report
16 Feb 12	Trusted Computing Subgroup Meeting	Summary Report
17 Jan 12	Trusted Computing Group meeting to review guidance on the procurement and use of trusted computing products and services for applications which are expected to communicate only with known devices	Summary Report
13 Dec 11	Initial planning meeting on Trusted Computing	Summary Report