Insight Series: Trusted Platform Services – Establishing Trust Between Devices and Service Providers
By Jeremy O'Donoghue, TPS Comittee Chair
TPS Committee Chair, Jeremy O’Donoghue, provides his insights on how GlobalPlatform’s work on Trusted Platform Services (TPS) is enabling greater trust between connected devices and service providers
As the IoT expands, and the number of devices connecting to digital services rises, the ability of a service provider to establish the trustworthiness of a device, quickly and effectively, becomes increasingly important. From a device maker’s perspective, products need to be easily identified to simplify the process of connecting to services.
In a fragmented ecosystem, manufacturers want to design their devices so they can connect to as many services, in as many different ecosystems as possible. Creating a solution to securely connect to multiple service providers can be expensive, however through the work of GlobalPlatform’s TPS committee, a standardized approach is possible.
The difficulty facing OEMs
For original equipment manufacturers (OEMs) trying to minimize the cost and time it takes to develop and launch products, security is often seen as a barrier. With global and local regulations tightening on IoT devices and financial solutions, it is increasingly difficult for developers and device makers to understand and meet the required security levels. This is particularly true for those who do not have the resources to train or hire employees with security expertise, and who focus on rapid innovation for their products.
Security considerations go further than the initial launch of a connected product. To comply with upcoming regulations, devices must be managed throughout their lifecycles. Failure to take this into account can lead to costly security failures down the line, adding to the cost burden on manufacturers.
The set-up and management process should be very simple, but it is often a daunting task for unskilled consumers. Industrial users looking to make the move to Industry 4.0, by connecting more and more devices to their IT infrastructures, generally have the skills but rarely the time and resource to connect individual devices to every service provider. A similar issue applies to enterprises looking to reduce infrastructure maintenance costs using connected sensors and actuators (such as connected light bulbs and locks) in their buildings.
This is where the work of GlobalPlatform’s TPS committee comes in, to simplify both device design for manufacturers and connecting and management processes for end-users.
GlobalPlatform’s approach to establishing trust between devices and service providers
TPS APIs offer device makers and developers the secure design upon which to build their solutions, founded on a Root of Trust (RoT). A RoT enables digital services to be bound to a physical on-device ‘trust anchor,’ with attestation making the process of connecting and protecting services simpler and more cost effective.
For a device to connect to a cloud platform, on which it can access multiple services and applications, a Chain of Trust must be established. Chains of Trust allow device manufacturers and service providers to offer secure digital services while ensuring device integrity and security, alongside end-user privacy. Starting with a secure RoT, the Chain of Trust acts as an end-to-end secure communication between the service and the device. Products can then generate data that is authenticated by the device and protected ahead of management in the IoT network’s cloud server.
For a device to reap the benefits of connectivity, it must be able to prove to a network that it is trustworthy, so the relying partner (whether that is a network, cloud provider or a service provider), can be confident of a device’s identity and purpose. This process of attestation is most effective when a device has a secure environment that can provide cryptographically signed proof that there is no evidence of tampering.
To make this technology even more universal, GlobalPlatform is collaborating with the Trusted Computing Group to integrate its security components.
Standardization as a platform for innovation
IoT has enormous potential to improve the lives of end users and business operations. While security is one of many considerations for device makers, it is undoubtedly a vital one. For connected services to truly enrich the way we interact with the world around us, a secure Chain of Trust is an important first step.
Using TPS APIs anchored in a RoT from a GlobalPlatform-standardized secure component (Secure Element, Trusted Execution Environment, and secure MCU), simplifies device connectivity by increasing the trustworthiness of devices. Through this approach, OEMs can create universal solutions, enabling their connected devices to securely access a full range of cloud and web-based services, maximizing the potential of IoT.
Find out more about the work of GlobalPlatform’s TPS Committee here.