TCGの組込みシステム・IoTへの取り組み およ …...•Critical Infrastructure •Cloud...
Transcript of TCGの組込みシステム・IoTへの取り組み およ …...•Critical Infrastructure •Cloud...
© 2015 Trusted Comput ing Group 1
TCGの組込みシステム・IoTへの取り組みおよびTCG参加メリット
December 2015
Version (1 December 2015) 3:46:47 PM
© 2015 Trusted Comput ing Group 2
TCG/TCGストラテジーについて
December 2015
Version (1 December 2015) 3:46:47 PM
© 2015 Trusted Comput ing Group
TCG/TCGストラテジーTCGについて/会員募集: TCG Webのファクトシークをご参照くださいhttp://www.trustedcomputinggroup.org/jp/jrf_in_tcg
http://www.trustedcomputinggroup.org/files/temp/93FD50BC-1A4B-B294-D0332BEF24B54E44/TCG%20JRF%20Fact%20Sheet.pdf
3
2020年に向けてのTCGのビジョン
「小さな機器から大規模ITシステムまで、そして従来のIT機器から現場や日常生活をリッチにする無数のデバイスに至るまで、信頼でき安心・安全な基盤にはTCG技術を採用した国際標準が必須になります!」
TCGストラテジー 3つの柱1. テクノロジー・イノベーション2. 世界規模での展開3. コミュニティの育成
© 2015 Trusted Comput ing Group
TCG ストラテジー1. テクノロジー・イノベーション
• 組込みシステムへの展開 (車載、IoT、ネットワーク)
• プラットフォームの拡大 (PC、サーバー、モバイル、クラウド、インフラ)
• 各種インダストリーへの展開 (金融・医療)
• インターフェースの簡素化
2. 国際規模での展開
• SDK/インターフェイスの展開• 認証の推進• 大規模展開をサポートする標準化• 様々な暗号のサポート• ISO化されたTPMの健全な維持
3. コミュニティの育成
• TCGメンバー募集• いろいろな組織へのTCG技術の展開• 他の国際標準化団体へのリエゾンの派遣• いろいろな重要な団体との協業
4
© 2015 Trusted Comput ing Group
1.a) IoT に関する取り組み
• TPMのIoTデバイスでの有効性の一例 TPMによる機器認証と健全性の検証可能性 応用例
• 実働しているIoTデバイスのリモートでの定期点検• サイバー攻撃が懸念されるエリアでのIoT機器の「信頼」性向上
• TCGの取り組み 最近の公開技術情報(2013-2015)
• IoT関連情報を公開しています。詳細はWebで。
“TCG Guidance for Security IoT”
技術部会での活動• TCG技術を使ったIoTシステムのデモ作成• “TCG Guidance for Securing IoT”の推進• ソフトウェア・ファームウェアのセキュアなアップデート技術の開発• リソース制約がある様々なIoT機器の実装ガイドの作成
5
© 2015 Trusted Comput ing Group
1.b) 車載に関する取り組み• TPM仕様をベースに、車載組み込みシステムで要求される仕様の
制定 仕様策定での最初のユースケース(今後拡張予定)
• ソフトウェアのインストール・更新, リモート・サービス, テレマティクス・サービス
対象としている機能• Attestation (認証), 過酷な環境での信頼性, 柔軟な暗号鍵管理
• TCGの取り組み 最近の公開技術情報(2013-2015)
• IoT関連情報を公開しています。詳細はWebで。
技術部会での活動• “TPM2.0 Library Profile for Automotive-Thin”のプロテクション・プロファイルの定義
• “Library profile for Automotive-Thin” / “for Automotive-Rich” をサポートしたTSS(Software Stack)の定義
6
© 2015 Trusted Comput ing Group
1.c) ネットワーク機器に関する取り組み
• ネットワーク機器へTCG技術の応用を検討中ルーター、スイッチ、ワイヤレス・アクセスポイント、ポート増強機器、ファイヤーウォールなど 要求仕様と実際とのギャップの検証からスタート
• 実ネットワーク機能• バーチャル・ネットワークの機能 (下記を含む)
– SDN: Software-defined Networking
– NFV: Network Functions Virtualization
• TCGの取り組みA. “A Networking equipment protection guidance”
• TCGや他の団体が制定しているガイドを参照しながら、いかにネットワーク機器を守るかを総合的に記述しているガイド。実際と要求とのギャップに関しては、必要な仕様を今後策定する。
B. 今後の予定• ネットワーク機器用のTPMでのPCR (Platform Configuration Register)の使い方の定義• ネットワーク機器用で最小限必要なTPM2.0仕様の定義• 現在のネットワーク環境でのTPMを利用したリモートの機器認証の方法の定義
7
© 2015 Trusted Comput ing Group 8
TCG’s Embedded System and IoT Focus
and the Value of TCG Membership
December 2015
Version (1 December 2015) 3:46:47 PM
© 2015 Trusted Comput ing Group 9
The Trusted Computing Group
December 2015
Version (1 December 2015) 3:46:47 PM
© 2015 Trusted Comput ing Group
Who is TCG? : Mission
The Trusted Computing Group (TCG) is a not-for-profit
organization formed to develop, define and promote open vendor-neutral, global
industry standards, supportive of a hardware-based root of
trust, for interoperable trusted computing platforms.
10
© 2015 Trusted Comput ing Group
Who is TCG?
The Trusted Computing
Group (TCG) is an international
industry standards group
focused on Trusted
Computing since its founding in
2003.
11
• The TCG membership develops technical specifications.– Specifications are
published when completed, and free to access.
• TCG publicizes the specifications and references member implementations as examples of use.
© 2015 Trusted Comput ing Group 12
Marketing
Work Group
Board of Directors
AdminTechnical Committee
Public
Relations
Events
Marketing
Support
Certification
Program
Committee
Japan
Regional
Forum
Security Evaluation
Infrastructure
Embedded Systems
Trusted Platform Module (TPM)
PC Client
Trusted Network Communications (TNC)
Mobile Platform
Storage
TCG Software Stack
(TSS)
Virtualized Platform
Server
Greater
China
Regional
Forum
Solutions Work
Groups
Trusted Mobility
Solutions
Trusted Multi-tenant Infrastructure
Trusted Computing
Group Organization
Structure(2015 August)
Compliance
Internet of Things
Vehicle Services
(Automotive)
Network
Equipment
Root of Trust
for
Measurement
KeyBlue Box: Chairs Appointed by Board
Teal Box: Chairs Nominated by WG,
Appointed by Board
Black Box: Resources Contracted by TCG
© 2015 Trusted Comput ing Group 13
Marketing
Work Group
Board of Directors
AdminTechnical Committee
Public
Relations
Events
Marketing
Support
Certification
Program
Committee
Japan
Regional
Forum
Security Evaluation
Infrastructure
Embedded Systems
Trusted Platform Module (TPM)
PC Client
Trusted Network Communications (TNC)
Mobile Platform
Storage
TCG Software Stack
(TSS)
Virtualized Platform
Server
Greater
China
Regional
Forum
Solutions Work
Groups
Trusted Mobility
Solutions
Trusted Multi-tenant Infrastructure
Compliance
Internet of
Things
Vehicle
Services
(Automotive)
Network
Equipment
Root of Trust
for
Measurement
Focus for Today:
Embedded
System and IoT
Trusted Computing
Group Organization
Structure(2015 August)
© 2015 Trusted Comput ing Group
TCG: Membership
14
Total Membership including Commercial, Liaison, Invited Experts and Government participants: 100+ MEMBER ORGANIZATIONS
Promoters:
Contributors:
Adopters:
Current Membership List Available:
http://www.trustedcomputinggroup.org/
about_tcg/tcg_members
© 2015 Trusted Comput ing Group 15
Trusted Computing Group Strategy
© 2015 Trusted Comput ing Group
TCG Vision for 2020
“TCG Enabled” internationally standardized technology is
globally accepted and expected as the foundation for trust
in systems ranging from the most complex large-scale computing
platforms to small scale dedicated devices, from traditional IT to the factory floor to the myriad devices
which enrich our daily lives
16
© 2015 Trusted Comput ing Group 17
2015/’16 TCG Strategy: 3 Pillars
• Technology
Innovation
• Global Adoption
• Community
Development
© 2015 Trusted Comput ing Group
Drive new areas of Standardization– Embedded Systems Verticals
• Automotive
• Internet of Things
• Network Equipment/SDN
– Computing Platform Resiliency
• Critical Infrastructure
• Cloud
• PC/Server/Mobile
– Application & Industry Verticals (e.g. Financial, Healthcare)
– Simplification for Ease of Use/Adoption
18
Technology
Innovation
Anticipating and
Responding to…Emerging Threats
Emerging Technologies
Emerging Market Segments
© 2015 Trusted Comput ing Group 19
Global
Adoption
Focus on
Foundations
Enabling…Global Flexibility
Development & Use
• Promote TCG-enabling Interfaces/SDKs
• Encourage Certification as necessary
• Develop Standard Methods for Mass Provisioning
• Crypto Agility for Application-Specific Crypto needs (& address other global requirements)
• Maintenance of the TPM specification as an ISO/IEC publication (through the JTC 1 Publicly Available Specification Submission Process)
© 2015 Trusted Comput ing Group 20
Community
Development
Broaden TCG’s
Impact and
Engage Other
Communities
• Membership /Development Recruitment
– Improve & Clarify Membership Value Proposition
– Improve TCG Organization Efficiency
– Enable member effectiveness and improve satisfaction
– Add members in “Innovation” areas
• Global Community Outreach
– Public and Private Sector
• Liaisons w/other Standards (Global)
– Leverage & Multiply our efforts
• Participation in/with key development communities including verticals
© 2015 Trusted Comput ing Group 21
TCG’s Embedded System and IoT Focus
December 2015
Version (1 December 2015) 3:46:47 PM
© 2015 Trusted Comput ing Group 22
Internet of Things
Purpose & Scope
Show value of Trusted Computing for IoT including providing capabilities
to IoT Devices for establishing device identity and device integrity:
• Use security hardware to protect unique device identity
• Compare firmware and hardware integrity information to expected
state for establishing trust (in conjunction with identity)
Enabling:
• Audit of IoT device deployments via identity and vetted software
inventory
• Improvement in IoT device trustworthiness in a connected
environment where remote software based attacks are expected
© 2015 Trusted Comput ing Group 23
Internet of Things
Recent Publications/Resources
A. TCG: Guidance for Securing IOT Using TCG Technology
(14Sept2015)
B. TCG: Architect’s Guide: IOT Security (July2015)
C. TCG: Architect’s Guide: Industrial Control Systems (ICS)
Security Using TNC Technology (Oct2013)
D. TCG: Architect’s Guide: Cybersecurity (Oct2013)
© 2015 Trusted Comput ing Group 24
Internet of Things
Guidance for Securing IOT Using TCG Technology
• Establish and Protect Device Identity
• Protect Against Malware Infection
• Protect Against Hardware Tampering
• Protect Data at Rest
• Consider Device Resale or Decommissioning
• Use Cryptographic Protocols
• Consider Provisioning
• Protect Audit Logs
• Support Remote Manageability
• Accommodate Legacy Hardware
© 2015 Trusted Comput ing Group 25
Internet of Things
Workgroup Projects Snapshot
A. Create Demos of IoT Use Cases benefited
by Trusted Computing (for U.S. RSA Conference ‘16)
B. Promote the use of the “TCG Guidance for Securing IoT”
Document
C. Develop Secure Software and Firmware Update process for IoT
devices
D. Create Implementation Guidance for different classes of IoT
Devices (such as limited resource devices, etc.)
Contact for more information: [email protected]
© 2015 Trusted Comput ing Group 26
Vehicle Services (Automotive)
Purpose & Scope
Develop the necessary Trusted Computing specifications to support
an integrated framework for a wide range of embedded computing
applications for Vehicle Architectures.
Scope: Automotive (also Avionics/Maritime)
Initial Use Cases:
– Software Updating/Installation
– Remote Services
– Telematics Services
Capability Considerations:
– Attestation
– Severe Environment Reliability
– Flexible (Crypto) Key Mgmt.
© 2015 Trusted Comput ing Group 27
Vehicle Services (Automotive)
Recent Publications/Resource
A. TCG: TCG TPM 2.0 Automotive Thin Profile (16March2015)
B. TCG: FAQ Trusted Computing Group and Automotive Security
(19March2015)
C. TCG: Securing Auto Data: A Demonstration of a Secure Remote
Firmware Update with a Trust Platform Module (TPM) for the
Vehicle ECU (April2015)
D. TCG: Secure Embedded Platforms with Trusted Computing:
Automotive and Other Systems in the Internet of Things Must Be
Protected (June2012)
© 2015 Trusted Comput ing Group 28
Vehicle Services (Automotive)
Workgroup Projects Snapshot
A. Complete a Protection Profile of TPM 2.0 Library Profile for
Automotive-Thin. This Library Profile is currently published at
version v1.0. (Schedule: 3/2016)
B. Create a companion TSS (Software Stack) standard of Library
Profiles for Automotive-Thin and for Automotive-Rich.
Contacts for more information: [email protected]
© 2015 Trusted Comput ing Group 29
Network Equipment
Purpose and Scope
Apply Trusted Computing benefits to secure network equipment such
as routers, switches, wireless access points, port extenders, firewalls,
etc. Identify any gaps needing further development.
Develop detailed recommendations while considering:
• Physical network functions
• Virtual network functions
– Including software-based services
• Software-defined Networking (SDN)
• Network functions virtualization (NFV)
© 2015 Trusted Comput ing Group 30
Network Equipment
Workgroup Projects Snapshot
A. Develop a networking equipment protection guidance document. This is a
comprehensive document describing what can or must be done to protect
networking equipment and providing references to TCG or other industry
guidance where available. Where gaps are discovered, create
specifications to close those gaps for networking.
B. Potential follow-up documents/specifications include the following:
1. Platform Configuration Register (PCR) usage (which may evolve to networking
equipment platform specifications)
2. TPM 2.0 minimum profile for network equipment
3. TPM-based attestation and remote attestation integration (into the existing
environment)
Contacts for more information: [email protected]
© 2015 Trusted Comput ing Group 31
Trusted Computing Group Membership
© 2015 Trusted Comput ing Group 32
Available Levels of Membership**
– Contributor: Highest Value/All Benefits**
$15,000/year
– Associate: Solution Workgroups$10,000/year
– Adopter:* RAND Obligation & Compliance Program Value$7,500/year
TCG Membership Levels/Value Proposition
*Small Adopter level available for entities of less than 100 employees
**Note: Promoter Membership level with Director privileges by Board invitation only
© 2015 Trusted Comput ing Group 33
Contribute to Specs &
Vote to ensure your
needs are met
Recommended: Contributor Level Membership
© 2015 Trusted Comput ing Group 34
Recommended: Contributor Level Membership
Vote to ensure your
needs are met
Early
Specification
Access
enabling……Leadership
Product
Development
© 2015 Trusted Comput ing Group 35
Vote to ensure your
needs are met
Recommended: Contributor Level Membership
Full Community
Participation
& Maximized Learning via
Workgroups and Solutions Teams
(incl. Japan/China Regional Forums)
© 2015 Trusted Comput ing Group 36
Vote to ensure your
needs are met
Recommended: Contributor Level Membership
Demonstrate
Thought
Leadership to
Customers……Assume
TCG
Leadership
Roles
© 2015 Trusted Comput ing Group 37
– RAND Licensing Benefits/
Obligation from/to Members
– Compliance/Certification
Program Participation
– Participation in Marketing Programs
(such as RSA), PR and events
Baseline Benefits (all membership levels):
© 2015 Trusted Comput ing Group 38
Marketing Program
Benefits
• TCG technology
product demos
at Tradeshows
• Press Release
Participation
• PR and Media
Opportunities
• Speaking
Opportunities
© 2015 Trusted Comput ing Group 39
Contributor Benefits Recap:• Contribute to Specs and
Vote to ensure your needs are met
• Early Access to Specs for product work
• Full Community Participation and Maximized Learning
Opportunities (including Greater China and Japan
Regional Forums)
• Demonstrate Thought Leadership to your Customers
(including access to formal TCG Workgroup leadership
roles)
© 2015 Trusted Comput ing Group 40
TCG
Membership
Benefits
At-a-Glance
Via Workgroups
(for Workgroups)
RAND Licensing Benefits/
Obligation from/to All Members
RAND Licensing Benefits/
Obligation from/to All MembersRAND Licensing Benefits/
Obligation from/to All Members
© 2015 Trusted Comput ing Group 41
Adopter Benefits
• Significant Baseline Benefits with:
– Meeting Participation (Limited to Plenary Sessions)
Associate Benefits
• Significant Baseline Benefits with:
– Partial Community & Meeting Participation
• Currently for Cloud and Mobile Solutions
(Additional Solutions Groups expected)
• Plenary Sessions General Meeting Participation
© 2015 Trusted Comput ing Group 42
mailto: [email protected]
© 2015 Trusted Comput ing Group 43
http://www.trustedcomputinggroup.org/join_now