White Paper  09/2015
TPM – Trusted Platform
Module
Secure Handling of Data on IPCs
https://support.industry.siemens.com/cs/ww/en/view/109737064
Warranty and liability
Warranty and liability
Note
The Application Examples are not binding and do not claim to be complete
regarding the circuits shown, equipping and any eventuality. The Application
Examples do not represent customer-specific solutions. They are only intended
to provide support for typical applications. You are responsible for ensuring that
the described products are used correctly. These Application Examples do not
relieve you of the responsibility to use safe practices in application, installation,
operation and maintenance. When using these Application Examples, you
recognize that we cannot be made liable for any damage/claims beyond the
liability clause described. We reserve the right to make changes to these
Application Examples at any time without prior notice.
If there are any deviations between the recommendations provided in these
Application Examples and other Siemens publications – e.g. Catalogs – the
contents of the other documents have priority.
 Siemens AG 2015 All rights reserved
We do not accept any liability for the information contained in this document.
Any claims against us – based on whatever legal reason – resulting from the use of
the examples, information, programs, engineering and performance data etc.,
described in this Application Example shall be excluded. Such an exclusion shall
not apply in the case of mandatory liability, e.g. under the German Product Liability
Act (“Produkthaftungsgesetz”), in case of intent, gross negligence, or injury of life,
body or health, guarantee for the quality of a product, fraudulent concealment of a
deficiency or breach of a condition which goes to the root of the contract
(“wesentliche Vertragspflichten”). The damages for a breach of a substantial
contractual obligation are, however, limited to the foreseeable damage, typical for
the type of contract, except in the event of intent or gross negligence or injury to
life, body or health. The above provisions do not imply a change of the burden of
proof to your detriment.
Any form of duplication or distribution of these Application Examples or excerpts
hereof is prohibited without the expressed consent of the Siemens AG.
Security
information
Siemens provides products and solutions with industrial security functions that
support the secure operation of plants, systems, machines and networks.
In order to protect plants, systems, machines and networks against cyber
threats, it is necessary to implement – and continuously maintain – a holistic,
state-of-the-art industrial security concept. Siemens’ products and solutions only
form one element of such a concept.
Customer is responsible to prevent unauthorized access to its plants, systems,
machines and networks. Systems, machines and components should only be
connected to the enterprise network or the internet if and to the extent necessary
and with appropriate security measures (e.g. use of firewalls and network
segmentation) in place.
Additionally, Siemens’ guidance on appropriate security measures should be
taken into account. For more information about industrial security, please visit
http://www.siemens.com/industrialsecurity.
Siemens’ products and solutions undergo continuous development to make them
more secure. Siemens strongly recommends to apply product updates as soon
as available and to always use the latest product versions. Use of product
versions that are no longer supported, and failure to apply latest updates may
increase customer’s exposure to cyber threats.
To stay informed about product updates, subscribe to the Siemens Industrial
Security RSS Feed under http://www.siemens.com/industrialsecurity.
WP TPM (Trusted Platform Module)
Entry-ID: 109737064, V1.0, 09/2015
2
Table of contents
Table of contents
Warranty and liability ................................................................................................... 2
1
Introduction ........................................................................................................ 4
2
The TPM as Trustworthy Instance ................................................................... 5
2.1
2.2
2.3
2.4
2.5
3
Applications ....................................................................................................... 8
3.1
3.2
Secure data storage ............................................................................. 8
Controlled data handling ...................................................................... 9
Conclusion ......................................................................................................... 9
 Siemens AG 2015 All rights reserved
4
Mode of Operation ................................................................................ 5
The foundation of trust ......................................................................... 6
Chains of trust ...................................................................................... 7
Binding of data to purpose ................................................................... 7
Distribution of TPM ............................................................................... 8
WP TPM (Trusted Platform Module)
Entry-ID: 109737064, V1.0, 09/2015
3
1 Introduction
1
Introduction
The security of an IT system is characterized by the

availability,

integrity and

confidentiality
of the information that are processed by it. However, this security is threatened by
many risks.
As soon as a computer communicates with its environment and exchanges data
via its interfaces, there is the possibility that these interfaces get in contact with
malware, such as viruses, Trojans or worms. This can happen, for example, via a
network when processing emails, loading a webpage from the Internet or also
when copying project data of USB sticks.
Once this malware managed to get onto the computer without being detected by
antivirus software, it is only a small step for the malware to do execute.
 Siemens AG 2015 All rights reserved
Sabotage by hackers or carelessness when dealing with sensitive information can
also have a negative effect on the security of the system. This could, for example,
lead to the loss of system availability and production control. Danger to life and
limb or generally causing economic damage is also conceivable.
Particularly for SCADA control stations or PC-based automation plants the
following question is significant: How can the security of a system like the one of an
IPC be improved? IPCs often store data that should not leave the company.
The data security can be improved by suitable access control mechanisms. This
can be achieved, for example, by preventing the execution of malware in the first
place. For this purpose, the trustworthiness and integrity of each program has to be
checked by a reliable instance before starting it.
This reliable instance has to be active very early on, since malware does not only
manipulate the firmware of computers on the level of user programs or operating
systems but already the firmware of computers.
This is where the TPM concept starts. The TPM has the function of the trustworthy
instance here.
The TPM is often designed in the form of an additional chip on the board of the
computer. However, it can also be integrated into the existing components, such
as, for example, a controller for peripheral devices.
Figure 1-1
TPM
WP TPM (Trusted Platform Module)
Entry-ID: 109737064, V1.0, 09/2015
4
2 The TPM as Trustworthy Instance
2
The TPM as Trustworthy Instance
2.1
Mode of Operation
Tasks of the TPM
In order to enable working in a trustworthy environment and to secure handling of
data on IPCs, the TPM offers the following functions.

Securing the identity of the IPCs and its integrity
Has my IPC been manipulated or was it replaced without being noticed?

Encrypting and decrypting of data
Can only authorized people access, process and use data?
Interaction with operating system
Basic functions (identity, key management) are processed by TPM directly. More
complex requirements, such as, for example, the maintenance of the guidelines for
using and editing files are covered by the interaction of TPM and operating system.
 Siemens AG 2015 All rights reserved
Figure 2-1 Trusted Platform
TPM
1
1
Encrypting and decrypting

2
2
Digital signing


Identity
Each TPM receives a unique signature when it is manufactured via which its
identity can be determined. In view of the fact that the TPM is an integral part of the
PC hardware, the identity of the entire IPC can therefore also be detected.
Integrity
In order to protect from manipulation by replacing hardware or firmware, the TPM
has functions with which the state of the system can be determined. To do this, the
TPM uses checksums from individual hardware and software components and
compares them with reference values that were internally saved in the TPM. Only
the TPM itself has access to these reference values. The replacement of one
component leads to a discrepancy of the checksum of the component and the
checksum saved in the TPM. This can stop the further execution and use of the
WP TPM (Trusted Platform Module)
Entry-ID: 109737064, V1.0, 09/2015
5
2 The TPM as Trustworthy Instance
component. However, if the checksums match, the respective component can be
executed. (See chapter 2.2 “The foundation of trust” and chapter 2.3 “Chains of
trust”)
Secure key management
The TPM furthermore enables the creation of cryptographic keys in accordance
with the public-key procedure and its storage in a particularly protected memory
area within the TPM. This memory can only be read and written by the TPM. This
protects the data from unauthorized access from outside.
Protected runtime environment for TPM algorithms
The TPM furthermore provides a number of functions for cryptographic data
processing. This enables the signing, encryption and decryption of data and also
the creation of new keys.
These functions and their algorithms take place within the TPM in a protected
runtime environment in the hardware of the TPM. This therefore prevents
manipulation from outside.
2.2
The foundation of trust
 Siemens AG 2015 All rights reserved
Introduction: Creating a trustworthy working environment
From starting a PC and until working with an application, several steps are
necessary.

Loading and processing the BIOS (or UEFI)

Loading and starting the operating system, initializing the hardware

Starting the application
For all these steps the TPM is used and ensures the integrity of the respective
component.
Figure 2-2
BIOS
TPM
BOOT
TPM
Operating
system
TPM
Application
TPM
Trustworthy instance
The TPM is the trustworthy instance on which the following instances can be set up
in order to also be considered trustworthy. This is also called core root of trust. A
computer that has integrated and enabled a TPM, can therefore be used for tasks
that require such a trust in the identity and integrity of the computer.
WP TPM (Trusted Platform Module)
Entry-ID: 109737064, V1.0, 09/2015
6
2 The TPM as Trustworthy Instance
Trusted Computing Platform
Checking of the hardware and the software that is running on it creates a
trustworthy platform, the so called trusted computing platform. Prerequisite is that
the components enable integrity checks and work together with the TPM.
2.3
Chains of trust
If the TPM is enabled it will receive measured values and signatures of the
individual components, one after the other, which will be compared with the
previously saved values.
Figure 2-3 Measured Boot / Trusted Boot
 Siemens AG 2015 All rights reserved
Measurement & transferring control
Application
OS
…
BOOT
BIOS
If the two values match, it can be assumed that the integrity of the components is
uncompromised and that they work as is to be expected. Following a successful
check, the next component is executed. This way it is possible, based on the core
root of trust, to execute trustworthy software instances, one after the other, right up
to the application level.
2.4
Binding of data to purpose
The binding of data to a certain purpose in the form of a security policy is called
binding. The process to restrict the use of data by a security policy is called
sealing.
In combination with a trustworthy operating system the TPM makes sure that this
security policy is observed.
WP TPM (Trusted Platform Module)
Entry-ID: 109737064, V1.0, 09/2015
7
3 Applications
Figure 2-4 Security Policy
Binding / Sealing
 Siemens AG 2015 All rights reserved
Security Policy
2.5
Distribution of TPM
The Trusted Computing Group (TCG) is a combination of several renowned
manufacturers – among them Intel, Cisco, Microsoft and Infineon. The TCG has
specified such a trustworthy instance in detail in the form of the Trusted Platform
Modules (TPM) in October 2003. The former version 1.2 of the specification has by
now been revised several times and version 2.0 exists since March 2013.
3
Applications
3.1
Secure data storage
Disk encryption
With the help of the TPM and the key saved therein, the operating system can now
encrypt, for example, a hard disk. The data is fixed to the physical hardware, this
means that in the event of theft of the hard disk, the data cannot be read without
the TPM.
If system data or recipes are saved on removable storage media (for example USB
hard disks), they can only be reused on this IPC.
The bit locker function on the Windows operating system, for example, enables an
encryption of the data. The key for encrypting and decrypting the data as well as
the algorithms used, are located in a protected area within the TPM.
Hard drive is also synonymous for SSD and other data memory.
WP TPM (Trusted Platform Module)
Entry-ID: 109737064, V1.0, 09/2015
8
4 Conclusion
3.2
Controlled data handling
The TPM as control module can also ensure that the security policy is observed by
the cryptographic process. The creator of the data provides it with additional
information regarding its permitted use.
This may be the case, for example, in case of recipes/system parameters to have
the right to open them but not to change or copy them. Or that for example
machine data can only be viewed by a certain group of persons after previous
authentication.
4
Conclusion
A TPM, as trustworthy instance enables a series of application scenarios for secure
data processing. It takes on the secure saving of keys and makes the execution of
programs possible after previous verification. This can prevent the execution of
malicious code.
 Siemens AG 2015 All rights reserved
In the industry this provides a security advantage because manipulation of
hardware and software can be prevented. PC-based automation plants and
operating/SCADA systems can become securer.
With the help of security guidelines the processing of data can be restricted by the
creator of data. This prevents the unauthorized handling of this data which further
adds to the security of the entire system.
WP TPM (Trusted Platform Module)
Entry-ID: 109737064, V1.0, 09/2015
9