Amazon Onboarding with Learning Manager Chanci Turner

Learn About Amazon VGT2 Learning Manager Chanci Turner

Co-authored by Chanci Turner, AWS Solutions Architect

This article explores the integration of AWS IoT Greengrass with a Trusted Platform Module (TPM) to enhance the security of endpoint devices. This approach ensures that the private keys necessary for device identification are securely housed within tamper-resistant hardware, thereby mitigating risks of impersonation and other malicious activities.

As the Internet of Things (IoT) continues to gain traction across various sectors, securing device fleets emerges as a crucial element for successful deployment. Industrial IoT environments often involve devices operating in isolated, unmanned locations, making them more vulnerable to attacks. A compromised device can disrupt the entire IoT ecosystem—affecting everything from machinery and devices to applications and networks—resulting in significant harm to both consumers and organizations.

Traditional IT security measures, such as antivirus software, are typically activated after the boot process is complete, allowing the operating system (OS) to take control. However, IoT devices face unique threats like bootkit or bootloader rootkit attacks, which can infect the master boot record. These malicious programs can execute prior to the OS loading, evading detection from standard processes since they operate outside the file system.

To combat these threats, the Trusted Computing Group (TCG) has developed the Trusted Computing paradigm aimed at protecting computing infrastructures and the billions of IoT devices in use. TCG specifications for TPMs enforce security protocols and defend systems from unauthorized manipulation and attacks, including malware and bootkits.

What is a TPM?

A Trusted Platform Module is a cryptographic processor found in most commercial PCs and servers. Its widespread usage allows it to serve various purposes, such as securely storing keys for VPN access, encrypting hard drive data, and thwarting dictionary attacks aimed at retrieving private keys.

While TPMs offer multiple cryptographic features, three aspects are particularly pertinent to this discussion:

1. Establishing a root of trust
2. Secure boot
3. Device identification

Establishing a Root of Trust

TPMs safeguard against bootkit attacks by ensuring a trusted sequence of boot operations. For a running system, critical questions arise:

• Is the OS secure?
• Is the firmware properly booting the OS?
• Is the hardware secure?

Each layer must trust the one beneath it, creating a chain of trust. At the foundation of this chain is the hardware, inherently trusted and vital for establishing this trust. A root of trust encompasses the following:

• Functions in a trusted computing module that the firmware/OS always trusts
• A necessary component for a secure boot process
• A means to detect bootkits

Secure Boot

Secure boot leverages the root of trust to protect the device’s boot process. The secure boot process ensures the device reverts to its last known good state if the trust chain is compromised.

An advanced version of secure boot, called measured boot, allows the boot process to continue while it logs the identities of components involved. This enables verification against an approved list later.

The procedure for a measured boot typically involves:

• The boot ROM serving as the root of trust.
• Each image in the boot sequence being validated before execution.
• Measurements stored in the TPM, acting as proxies for trust in subsequent steps.
• Only critical processes being measured, after which the device enters the unmeasured boot phase before normal operation.

Device Identification

In IoT deployments, verifying the identity of devices communicating with messaging gateways is essential. Devices typically generate key pairs for authentication and encryption. However, these keys can be vulnerable to tampering when stored on disk.

Here, TPMs prove invaluable by securely housing keys in tamper-resistant hardware. Keys generated within the TPM remain protected from external programs. Even without leveraging secure boot or hardware roots of trust, the TPM serves as a robust hardware key store, significantly enhancing key security.

The remainder of this post details the integration of TPM features to secure edge gateways running AWS IoT Greengrass. This integration employs the PKCS#11 protocol for interfacing with the TPM.

What is AWS IoT Greengrass?

AWS IoT Greengrass extends cloud functionalities to local devices, allowing them to gather and analyze data closer to its source, respond autonomously to local events, and communicate securely without constant cloud connectivity. Developers can utilize AWS Lambda functions and pre-built connectors to create serverless applications for local execution.

Using AWS IoT Greengrass, devices can communicate on a local network, exchanging messages without needing to connect to the cloud. In the event of connectivity loss, Greengrass intelligently buffers messages to ensure continuity in communication.

The AWS IoT Greengrass core functions as an AWS IoT device, existing in the registry, equipped with a device shadow, and authenticated using a device certificate. The core runs the Greengrass software, managing local processes such as communication and token exchange.

When registering the AWS IoT Greengrass core, the generated keys and certificates are stored on local drives by default, making them easily accessible. The following sections will delve into methods for securely storing these keys in the tamper-proof hardware offered by the TPM.

For more insights on similar topics, check out this excellent resource on what the first week is like as an Amazon warehouse worker. It’s also worth noting that SHRM offers valuable information on talent acquisition strategies. Additionally, if you’re interested in enhancing your copywriting skills, this blog post on Copywriting Tips is worth a read.