Intel Platform Trust Technology: Cutting Edge Security for Low-Power Systems
Posted on May 1, 2020
There was a time when a strong password and good antivirus software were all you needed to keep your computer safe. Nowadays, hackers can break into the most secure systems, using viruses to infect even the Master Boot Record itself.
While that might not be much of an issue for personal computers (top hackers usually aren’t that interested in your personal files) it is a grave threat for website servers and computing systems deployed in the field across various industrial applications.
To safeguard a computing system’s core data – the firmware and operating system files – a technological solution called Trusted Platform Module (TPM) was devised.
But what exactly is TPM? How does it relate to Intel Platform Trust Technology (PTT)? And most importantly of all, what does it mean for the embedded computing industry?
Let’s find out.
An Introduction to Trusted Platform Module
How do you deal with a hacker (or a virus) that has gained access to the lowest levels of a computer’s memory? If malicious elements can interfere with even the most fundamental code of the firmware and the operating system, there is little that can be done from the software side.
That is where a Trusted Platform Module comes in. TPM is a microprocessor chip with a digital signature baked in at manufacturing. It is tamper-proof, and cryptographically secure, which means that hackers are going to have a hard time breaking into it.
But how does it work?
Basically, the TPM is soldered right onto your motherboard. Every time the system boots, it verifies the integrity of the rest of your hardware as well as the fundamental parts of the system code and prevents the system from booting if it is found to be compromised.
It does so by the use of unique cryptographic key etched into the hardware itself, which is used to encrypt (and decrypt) the contents of your hard drive down to the low-level operating system code. This cryptographic encryption is impossible to crack without the original key, which makes it impossible for any hacker to make changes into the system code without user permission.
Understanding Intel Platform Trust Technology
While a Trusted Platform Module is a wonderful way of securing a computer system against low-level attacks, it has one major shortcoming. Since it requires the installation of a whole new microprocessor chip with its own memory and energy requirements, it is not well suited to smaller computers like tablets or embedded PCs that need to be more efficient.
As a result, the computing solutions used in most commercial applications cannot take advantage of the security advantage granted by a TPM.
To overcome this problem, Intel has developed the Platform Trust Technology. PTT implements the cryptographic verification algorithms of a hardware-based Trusted Platform Module within the system firmware itself, negating the need for additional memory or processing power for simple authentication checks.
Keep in mind that this ‘root of trust’ still remains tamper-proof, as Intel puts in place a unique cryptographic key within each silicon chip at manufacture which cannot be altered externally.
The Advantages of Platform Trust Technology
The widespread adoption of the Trusted Platform Module is held back by the need for a separate chip with its own memory and power requirements. Embedded computers such as fanless industrial PCs and rugged computers have a small footprint and cannot accommodate the additional drain on its resources.
Intel Platform Trust Technology parcels the features of a TPM into the core Intel chip itself, removing the need for any additional hardware. This means that even the most low-power processors can secure their data and boot record using PTT.
The greatest advantage of PTT over TPM, thus, is that it is infinitely scalable. Be it tablet PCs or embedded computers; every system can implement PTT right out of the box. Consequently, you no longer need to choose between a more secure system or a more cost-effective one.
Hackers have only grown more skilled with time, learning to bypass the protections of traditional antivirus software by going directly for the intrinsic system data itself. Earlier, the only method of protecting your systems from such attacks was to install a Trusted Platform Module on each computer, which is prohibitively expensive for a large-scale setup. However, Intel Platform Trust Technology provides an energy and space conscious alternative without compromising security.