Tuesday, November 12, 2013

5 functions of TPM you did not know about



TPM or Trusted Platform Module is a hardware piece - or say a chip - that stores encryption keys and sensitive data, and provides encryption services. It is still the most secure way to store sensitive data. There is no simple way to read out data from these chips. Only some industry hacking experts could read out some information from these chips with 9 months of work on the chip (known as Tarnovsky crack). That means the chip has to be in possession of the cracker. Otherwise it is bullet-proof (However, Tarnovsky cracked a 2010 modell, and the crack does not work anymore on the new chips)

What does these chips do? 

  1. Protect secrets
    It works as an electronic safe for sensitive data.
  2. Can create, store and manage keys
    Creates it's own unique encryption keys on production, so these chips are unreproducable.
  3. Perform cryptographic functions
    It works as a black box, gets the plain information, and gives the encrypted information back.
  4. Provide unique keys
    It can produce severl unique encryption keys during its operation too
  5. Protect itself against attacks
    Detects any physical attempt to read out its content (oscilloscope, electro-microscope etc.) and destorys the sensitive data immediately


Sounds good. Several solutions use TPM technology to provide integrity of systems - servers, laptops or any devices - for example Microsoft BitLocker Drive Encryption. These systems are still secure, because if the TPM chip is removed - otherwise it can not be investigated in any way-, the system stops working, which is noticed immediately - or at least during the next 9 months.

However, if you use TPM technology to encrypt communication on the fly - for example to encrypt VoIP calls-, than you are 100% secure. If the TPM is stolen or lost, the communication is stopped. You can get another TPM with other unique encryption keys :-)

Takeaway
Secure communication encryption solutions always include a unique hardware piece, preferable a cryptochip or TPM chip. Softwares are physically unable to protect any sensitive information, including encryption keys. Take this into consideration when you choose a secure mobile communication solution for your company...

Bonus: http://prezi.com/i_dlwntjy1jt/5-functions-of-secfone-cryptochip/

Please click +Google or share on Facebook if you found this article interesting.

1 comment:

  1. This is interesting information about TPM. I didn't knew this uptil now. Mobile devices are such intricate systems and works that many of us don't even know what they can hold and do.

    ReplyDelete