I have been asked this a few times, so I thought I would post my response……….
During my time working for a TPM manufacturer, we worked extensively on TPM adoption which seemed to be stagnant with the saturated growth phase of the PC industry. The thought at first was to achieve market adoption of TPM products in the Embedded systems space. Doing so was met with much resistance which were mostly cost related as many times the BOM would be doubled with adding a TPM device. What happened over time was that these markets were driving their own need for trust. This trust was minimal in compared to TCG as the human-User trust center functionality which the PC TPM basis was largely built around was not as relevant.
To make a long story short, what my work and the direction of the industry was moving toward was exactly what my Security Management work on is based on and is precisely what I am advocating with this blog. The needs for the embedded systems market and the Internet of things was to minimalizing trust centers while making them network coordinated. Then adding a eco-system trust model for many devices distributed by both physical network locations and logistic chain or business organization. I see that trust for the next generation will be best suited by groups like tailored Trustworthiness space, (TTS) and other organizations focused on designed-in security, these seem to be more suited to this evolving environment.
The image I displayed here is more accurate to the light weight trust model needed for Trusted Computing in the PC industry. Though currently it does not exist, I believe the market will grow to adopt this type of light weight network trust model. Keep coming back to my blog and help expand this needed area.
If you have suggestions or can help my work in the area, please contact me. Check out my latest article for more content on this.
Link: Why critical infrastructure needs both asynchronous and synchronous components
I think this is interesting. I hadn’t thought of looking at securing entities in the blurring perimeter like this but maybe that is because I think too much about critical devices. Nonetheless, maybe there is a place for them in your security framework. On the other hand it reminds me of an internal corporate network. Assuming there would be layered security inside the trusted network?
Cheryl, what do work do you do with critical devices
I do consider all of the concepts you have presented on your post.
They’re really convincing and can certainly work.
Nonetheless, the posts are very brief for beginners.
May you please prolong them a little from next time?
Thank you for the post.
Many of my topics are very difficult and someone could spend an entire lifetime on each one. I am trying to have a balance of brevity but express the relationship between these complex topics. I would love to see that people have an interest in the topic without providing to much content which overwhelms people which are new to the concepts. Please ask questions regarding any of the areas or any of my post that you do not understand or would like more details about and I will provide more details.
People have voiced concerns that trusted computing could be used to keep or discourage users from running software created by companies outside of a small industry group. Microsoft has received a great deal
Trusted Computing is has been viewed as a negative and kept from large scale adoption because it removes anonymity from human to human transactions. At an earlier place and time when the web was a basically a frontier this attitude was wide spread. Like in the days when Pirates were common place on the seas the time of frontier mindsets gives way to a global acceptance that everyone should have accountability for actions. This comes when everyone collectively gets tired of a free for all attitude. With the growth of unmanned IoT devices and the potential of safety problems society of a whole is getting to that tipping point. It is time to define accountability to the actors of virtual transactions.