Launched TPM with an eye on the quantum computer era (EE Times Japan) --Yahoo! News

Avoid the risk of firmware corruption from malicious attacks

Appearance of OPTIGA TPM SLB 9672 Source: Infineon

@MBDscience That's sad. Someone at our school just left. We both agreed to ring the other if we needed anything. It… https://t.co/6rMXJbdlun

— Dawn 💙 Tue Jul 20 16:59:02 +0000 2021

Infineon Technologies announced on February 21, 2022 that it has developed and started shipping the security solution "OPTIGA TPM (Trusted Platform Module) SLB 9672" to avoid threats to cryptographic technology by quantum computers. It is equipped with a new mechanism for safely updating firmware, making it possible to achieve strong security over the long term. The right is the functional block diagram of SLB 9672 [Click to enlarge] Source: Infineon Various information security measures are required to ensure the confidentiality, integrity, and availability of information. Currently, symmetric encryption methods such as "AES-128" and asymmetric encryption methods such as "ECC-256" and "RSA-3072" are used. However, it is expected that quantum computers will be used for cryptanalysis 10 to 20 years after they become popular. For this reason, with conventional encryption methods, the security effect is halved or deciphered, increasing the possibility that information is at serious risk. In particular, for products with an average product life of more than 10 years, such as automobiles and IoT (Internet of Things) devices, it is necessary to consider countermeasures. The company has always supported a mechanism for updating firmware packages signed with the Elliptic Curve DSA (ECDSA). However, there is a possibility that ECDSA will not be able to adequately respond to attacks using quantum computers. SLB 9672 uses XMSS (Extended Merkle Signature Scheme) to package and securely update firmware protected by PQC (Post Quantum Cryptography). By doing this, it is possible to avoid the risk of firmware destruction even if a malicious attack using a quantum computer is received from the outside. The key length is 192 bits, but it is possible to support 256 bits by updating the firmware. In addition, even if problems such as TPM firmware corruption occur due to various attacks, it is equipped with a "resilience function" that enables restoration in accordance with the NIST SP 800-193 Platform Firmware Resiliency Guidelines. In addition, it implements extended non-volatile memory (capacity is 51 kbytes) for storing additional certificates and encryption keys. In addition, it is fully compliant with the TCG TPM 2.0 rev1.59 specification and has been evaluated and certified for security by the Common Criteria. FIPS 140-2 certification is also being applied for. OPTIGA TPM SLB 9672 is available in two versions. The first is a standardized and certified security solution, "OPTIGA TPM SLB 9672 FW15.xx" for connected devices with Windows environment / ecosystem and PC architecture. The operating temperature range is -40 to 85 ° C. The other is "OPTIGA TPM SLB 9672 FW16.xx" with further enhanced security functions such as AES bulk encryption, TPM unique ID setting, endorsement primary seed (EPS) setting, etc. compared to the FW15.xx version. Is. The operating temperature range has been expanded to -40 to 105 ° C with a view to industrial applications. OPTIGA TPM SLB 9672 PC evaluation board is also available. By connecting to a PC motherboard via the SPI interface, you can integrate with the latest versions of Windows and Linux OS platforms to easily verify TPM-equipped systems.

EE Times Japan