DPA Publication: Security by Design: Trusted Computing

The objective of the paper is to raise awareness of the potential of trusted computing and to provide guidance for procurement and end-to-end lifecycle management of computers for use in environments where confidentiality and integrity are important business requirements.

The paper provides a basic understanding of what Trusted Computing is, and in particular the capacity of the Trusted Platform Module (TPM) to significantly enhance the security and integrity of devices, systems and networks.

The TPM has been developed by an independent standards group the “Trusted Computing Group” (TCG) and is not based on any one company's proprietary hardware or software. CESG has been involved with the TCG for several years developing the trusted computing standards and has produced guidelines on TPM applications.

The central recommendation of this paper is that where computing devices are for use in environments where confidentiality and integrity are important business requirements - and Trusted Platform Modules (TPMs), are available within the device - they should be switched on.

Key points/developments:

  • Over 600 million TPMs are deployed in end point devices (mostly laptops and desktop devices) from a variety of manufacturers, and the number is increasing daily. TPMs will appear in mobile and network devices in the near future, extending trust and bringing greater control and accountability into increasingly complex and international information infrastructures.
  • TPMs are incorporated in the standard builds of many PCs, many laptops and some mobile devices at no additional cost and are available for use. TPM usage to date has not been widespread; however product manufacturers are offering options to use this functionality.
  • The US DoD recently mandated that TPMs be switched on. This decision will influence international allies and industry partners, including global supply chains, to do the same.