itsowl-TT-TPM: TPM-Initialisierung zur eindeutigen Geräteidentifikation
In intelligently networked systems, security plays a major role. For example, future technical systems should communicate with other technical systems worldwide in cyberspace. Without mutual authentication and secure data transfer between these systems, attacks such as copying know-how are easily possible. Device identities based on TPM chips can serve as a basis for secure networking of technical systems. Device identities provide, among other things, the following uses:
- Plagiarism and manipulation protection
- Avoidance of accidents through confusion of equipment
- Establishment of a protected communication channel for remote maintenance
- Protection of configuration and programming against manipulation
- Binding usage licenses to devices
Other protocols and software layers, for example, for intelligent networking, as designed in the QP "Intelligent Networking", can build on this device identity to enable secure communication.
In the project itsowl-TT-TPM, the required initialization process for a device identity based on Trusted Platform Modules (TPM) was designed and integrated into the production process of the transfer provider, as well as implemented as an example for a demonstrator. The demonstrator also has the firmware of two existing devices with built-in TPM modified to securely store the private keys of device identities. To establish the required certificate infrastructure for issuing the device identities, a concept for the operation of a certificate authority (CA) was developed, which specifically takes into account the requirements of the transferee.