For inquiries about GlobalPlatform or website assistance, contact secretariat@globalplatform.org.
Security Task Force
The Security Task Force is chaired by Olivier Van Nieuwenhuyze from STMicroelectronics. All GlobalPlatform members are eligible to participate in this group, as well as approved non-member government agencies.
Mission
The Security Task Force defines GlobalPlatform’s security philosophy and its contribution to the security landscape.
It works closely with the Crypto Sub-Task Force to monitor new trends in cryptography and examine new algorithm proposals, providing a list of algorithms and protocols based on academic publications and known organizations. This is in addition to supporting the SESIP Committee on its mission to drive the adoption and recognition of the Security Evaluation Standard for IoT Platforms (SESIP) methodology as a worldwide, multi-vertical scheme for IoT security evaluation.
Objectives
- Engage and collaborate with external security organizations to ensure that security requirements from a broad range of use cases and market sector are brought into GlobalPlatform.
- Advise the GlobalPlatform technical committees in security philosophies, cryptography, certification and applicability.
- Facilitate collaboration with government agencies and their security experts to define market requirements.
- Identify and classify secure technologies for the Internet of things (IoT).
- Maintain and update GlobalPlatform’s cryptographic algorithm recommendations table, through the crypto sub-task force.
Current Priorities
- Engage ENISA on the alignment of security levels and cybersecurity certification frameworks.
- Define how to combine GlobalPlatform technology and TPM technology (or other equivalent library).
RoT Requirements
The definitions and requirements paper enables original equipment manufacturers (OEMs) and service providers (SPs) to create, implement and use a Root of Trust (RoT) to protect their devices and services.
Introduction to GlobalPlatform RoT (English)
An introduction to GlobalPlatform's RoT Definitions and Requirements video explain what RoT is and why GlobalPlatform created the technical document.
Deploying and Protecting Digital Services with Chains of Trust
Created by GlobalPlatform’s Security Task Force, this business publication explains the importance of designing devices and services with security at the core.
GlobalPlatform promotes cross industry discussion to identify and address market requirements
Crypto Sub-Task Force
GlobalPlatform promotes cross industry discussion to identify and address market requirements
Mission
The purpose of the Crypto sub-task force is to evaluate and provide recommendations on the cryptographic mechanisms used in GlobalPlatform technology, to ensure high levels of security as cryptography trends and technologies evolve.
Objectives
- Analyze and report on relevant trends in cryptographic development for new markets and new use cases, as well as trends in cryptographic standardization and policies.
- Evaluate cryptographic algorithms and protocols, and suggest improvements/modifications to GlobalPlatform when appropriate
- Identify new cryptographic algorithms and protocols to be considered by GlobalPlatform
- Provide analysis and recommendations on specific cryptography topics.
- Collaborate with external industry groups and organizations, through the GP liaison process, in order to better understand and gather functional and technical requirements.
Current Priorities
- Examine hybrid crypto approaches starting with TLS, to be able to recommend a version in the near future that is acceptable with SE (and TEE) constraints, including collaboration with the GlobalPlatform IoTopia Task Force to understand impact for size-constrained embedded devices.
- Progress work on hybrid post-quantum cryptography (PQC), including a plan for the integration of new algorithms published security standards bodies including National Institute of Standards and Technology (NIST).
xBOM (Bill of Materials) Sub-Task Force
The xBOM Task Force is chaired by Laurent Sustek of STMicroelectronics. All GlobalPlatform members are eligible to participate in this group.
Purpose
The purpose of the xBOM ([x] Bill of Materials) Sub–Task Force within the Security Task Force is to analyze the impact and provide guidance about deployment of various bills of materials.
Scope
- To look at the impact of the deployment of BOM typically SBOM (Software Bill of Material), HBOM (Hardware Bill of Material), CBOM (Crypto Bill of Material).
- To clarify software transparency and assurance concept – what software is present in a device and what assurance can be associated.
- To provide guidance such as:
- Consistent means to produce, consume and exchange, software transparency and assurance information
- Improvement of interoperability of software transparency and assurance of data exchange
- To open new collaboration with impacted markets such as Telecom, Medical Device Industry, and Automotive
- If needed, to define requirement for technology development / specifications
- To provide guidance on the Device LifeCycle (DevSecOps):
- Risk analysis: provide guidance and practices for threats and impact assessment
- Vulnerabilities evaluation
- To work with the SESIP Committee on CRA Conformance:
- Provide templates and guidance in liaison with SESIP
In order to evolve current technology, the group will collaborate with the Software Attack Expert Sub-Task Force, the TES Committee, the SESIP Committee, and external organizations such as IETF EAT, IETF CoSWID, IETF suit, Confidential Computing Consortium, OWASP, and Linux Foundation.
The expected audience for guidance can include any software producers, consumers, and can include i.e., U.S. regulators associated with those industries i.e., FCC, NHTSA, FDA.
Interested in joining the Security Task Force?
