Trusted Platform Module (TPM)

Trusted Platform Module (TPM)

Why is a Trusted Platform Module (TPM) important?

A Trusted Platform Module (TPM) is a specialised chip on a laptop or desktop computer that is used to safeguard hardware using cryptographic keys.

A TPM is a device that lets users prove their identity and authenticates their device. A TPM can also assist protect against threats such as ransomware and firmware assaults.

To protect Windows-based systems and enforce software licences, a TPM is utilised for digital rights management (DRM).

It also has the capability of storing passwords, certificates, and encryption keys. TPM chips function with any major operating system and are best utilised in combination with other security technologies like firewalls, antivirus software, smart cards, and biometric verification.

A TPM chip serves as a separate processor on a computer’s motherboard. For hardware authentication, cryptographic keys hold Rivest-Shamir-Adleman (RSA) encryption keys specific to the host system

The Endorsement Key is an RSA key pair included in each TPM chip (EK). The pair is kept inside the semiconductor and is not accessible by software.

When a user or administrator gains possession of the system, the Storage Root Key is produced. The TPM generates this key pair using the EK and a password given by the owner.

By hashing essential areas of firmware and software before they are performed, a second key known as an Attestation Identity Key (AIK) secures the device from unwanted firmware and software alteration.

When the system tries to connect to the internet, the hashes are sent to a server, which checks to see if they match the expected values.

The match fails if any of the hashed components has been changed, and the system is unable to connect to the network.

TPM is a phrase that refers to a set of requirements that are relevant to TPM chips. TPM specifications are published and maintained by the nonprofit Trusted Computing Group (TCG).

Trusted Platform Module (TPM)

TPM’s applications and advantages

TPMs have the following advantages:

  • Create, store, and restrict access to cryptographic keys.
  • Utilise metrics that can detect changes to previous setups to ensure platform integrity.
  • Using the TPM’s RSA key, authenticate platform devices.
  • Defend against malware, ransomware, dictionary attacks, and phishing.
  • DRM technology is used to protect digital media rights.
  • Make sure software licences are safe.

What are TPMs and why are they required in Windows?

Trusted Platform Modules are supported by Windows 7, 8, 10, and 11. Microsoft has combined Windows security features with TPM benefits to provide more practical security benefits. TPMs are used by Windows to provide the following security features:

Windows Hello is a biometric identification and access control tool that works with TPM-enabled fingerprint, iris, and facial recognition scanners. Both an EK and an AIK are used.

Dictionary attack defence defends against a brute-force assault that uses every word in a dictionary as a password to break into a password-protected computer network.

  • Logic volumes are encrypted with BitLocker Drive Encryption. BitLocker is different from Microsoft’s Encrypting File System in that it can encrypt the entire drive, whereas EFS can only encrypt individual files and folders. While a computer or hard drive is lost or stolen, the data on the volume is kept private when the computer or hard disc is turned off. Because BitLocker is still vulnerable to cold boot attacks, two-factor authentication is commonly used.
  • TPMs are used to create virtual smart cards, which are equivalent to physical smart cards. They are used for external resource authentication.
  • Measured boot aids in the detection of malware during boot sequences and guarantees that TPM measurements accurately reflect the state of Windows and its configuration settings at startup.
  • Health attestation generates AIK certificates for TPMs and analyses boot data to assess device health.
  • Credential guard isolates credentials using virtualization-based security. To protect keys, TPMs are used.
Trusted Platform Module (TPM)

TPM 2.0 is described.

TCG produced TPM 2.0 to improve Trusted Platform Modules by adding additional functionality. The new algorithm interchangeability feature,

for example, allows TPMs to switch between algorithms if one doesn’t work against a certain threat. TPM 1.2 could only use Secure Hash Algorithm 1 before this.

Basic signature verification was also upgraded with the addition of personal identity numbers, biometric data, and data from the Global Positioning System.

Keys can now be handled for limited and conditional use thanks to improved key management.

TPM 2.0’s new and improved capabilities provide it more versatility, allowing it to be employed in devices with fewer resources.

TPM 2.0 is compatible with new PCs running any version of Windows 10, as well as Windows 11 devices that support TPMs.

TPM implementations of many types

The implementation of the following Trusted Platform Modules differs:

Discrete TPMs are specialised and unique chips. This form of TPM is perhaps the most secure, as they are less likely to contain vulnerabilities and must also provide tamper resistance.

Physical-based TPMs are built into the primary central processor unit (CPU) and incorporate tamper-resistant security methods.

Firmware-based TPMs operate in the trusted execution environment of the CPU. Physical TPM chips are virtually as secure as these TPMs.

TPMs based on software do not provide additional security and are vulnerable to vulnerabilities and external attacks.

A hypervisor provides virtual TPMs by retrieving security codes from virtual machines independently.

TPM’s Background

TCG created TPMs and has continued to update them over time. Version 1.2, which was standardised as International Organization for Standardization/International Electrotechnical Commission 11889 in 2009,

was one notable modification. TCG continues to improve the standard by including new features and upgrades. Version 2.0, the most recent upgrade, was released in 2019.

TPM’s security has been enhanced with the addition of additional features in this version. Version 2.0 is compatible with Windows 10 and just a few Windows 11 versions.

Scroll to Top