The stakes with IoT devices are a lot higher than with average smart phone or notebook. While they are mostly in the possession of the owner, IoT devices will be deployed and almost exclusively operated in potential hostile environments and will have to defend itself against physical online or offline attacks. This means that their design, manufacturing and operation has a lot more in common with locked down gaming consoles where security, integrity and attestation has to be build into the core of the device. Microsoft is working in the Trusted Computing Group (TCG) to define a new security foundation called Device Identity Composition Engine (DICE) that can be bound in hardware to give even tiny 32bit MCUs strong attestable cryptographic identities. This talk will focus on how these devices are manufactured, provisioned, deployed, operated and serviced in the real world and how the underlying security becomes a key differentiator for the entire solution.
Beyond that we will take a look at how it will also enable Trusted Execution in IoT devices that not only guarantee proper execution of computetasks, but also includes IO operations aka. Trusted Cyber Physical Systems (TCPS). Microsoft is currently prototyping devices and services to showcase how integrity down to the physical level gives the operator the power to determine his policies independent of the device and software manufacturer and cloud operator.
About Stefan Thom
As a Microsoft employee of 15 years Stefan Thom has spent all of his time on securing platforms and creating strong device identities using TPMs, Secure Elements and other trusted execution technologies. Stefan is a patent holder on 37 established key technologies like SecureBoot, BitLocker, Device Health Attestation and Virtual Smart Card, to just to name a few. After building a strong hardware attestation infrastructure for XBoxOne, he is now focused on bringing tangible security guarantees to that out-of-control beach party that is “The Internet Of Things” to spare the consumers, the industry and OEMs the nasty looming hangover that all these insecure and unprotected devices will undoubtedly cause in the years to come.