Trustworthy Platforms

Platform integrity and secure device identity

Modern IT systems are increasingly based upon the results of dynamically distributed computing tasks. Each involved device plays a crucial role for the security and safety of the overall system. Not only may these devices be widely distributed and belonging to different stakeholder, but also they may even reside directly in the hands of a potential adversary. Examples for such systems range from embedded automotive control units over stolen laptops to local network infrastructure components (managed switched) or even remote cloud data centers. The long-standing concepts of perimeter-based security architectures with well-defined trust boundaries, as used in IT security up to now, has long been outgrown by the reality of today's needs. Even on single devices, multiple (potentially untrusted) third-party applications are integrated and interact with each other. Such interactions occur inside smart-phones as well as in virtualized cloud data centers and, in the future, even within smart factories and other critical infrastructures.

To address these arising challenges it is necessary to reliably assess the identity and integrity of each involved entity and provide strong means for data secrecy and privacy. The research group Trustworthy Platforms provides the knowledge and technologies required for establishing these qualities of trust in modern system architectures. These solutions range from hardware-based trust anchors (such as Trusted Platform Modules) over modern OS isolation mechanisms to the design and integration of trustworthy applications and protocols. With its ten-year background in the area of Trusted Computing and active contribution in the relevant standardization bodies, Fraunhofer SIT has assembled the necessary knowledge and experience to be one of the leading experts in this field. Through active collaboration with a variety of research and industrial partners, Fraunhofer SIT develops technologies and solutions suited for the needs of trustworthy computing. The portfolio includes especially:

  • TPMs for PC-Clients, Servers, Embedded Systems and the Internet of Things
  • HSM and TPM integration conception for Embedded Systems and the arising Internet of Things
  • Software Stack and Middleware design and implementation
  • Fraunhofer SIT TPM Software Stack 2.0
  • Trusted Execution Environments; e.g. Microkernels and lightweight compartmentization
  • Protocol integration and development for trust establishment and configuration / identity assessment
  • Trustworthy application design and system architecture specification

Furthermore, Fraunhofer SIT runs a Trustworthy Platforms Lab to develop proof of concept solutions and to analyses Trusted Computing based concepts and implementations. Based on the development toolsets specifically for TPM 2.0 systems, the lab provides solutions for the most recent technologies in this field.