Trusted Computing Group Releases Network Equipment Security Guidance

TCG Members Infineon Technologies and Juniper Networks Demonstrate
How to Secure Network Equipment with TPM at Mobile World Congress

Computing Group
(TCG) today announced new guidance and an architects
guide to secure
network equipment
. At Mobile World Congress Feb. 26-March 1, TCG
members Infineon
and Juniper
will demonstrate these recommendations in Stand 6C4, Hall 6.

Recent attacks such as CherryBlossom and Marai have exposed some
networks and data, resulting in significant data loss and impact to
business. TCG’s new
guidance and architects guide
, developed with input from network
equipment makers and their suppliers, offer designers and developers of
network equipment, including routers, switches and firewalls, specific
recommendations and best practices to secure against compromise. Strong
hardware security enabled by the Trusted
Platform Module
(TPM) ensures that equipment is tamper-resistant and
protected against a variety of attacks.

The Mobile
World Congress demo
will showcase the Juniper Networks® SRX320
Services Gateway
protected with the Infineon
. The TPM prevents physical and logical tampering of the
router and securely stores an encrypted hash. If the router
configuration is updated but not authorized, the router will not boot,
thereby preventing a potential attack. This is just one of the 12 use
cases described in the guidance document. The companies also will
discuss implementation of the guidance and TPM in a webcast
on Feb. 21, 2018.

TCG recognizes that network equipment is shipped as a closed embedded
system with security provided by the unit as a whole; equipment must
boot and operate without manual intervention; and the equipment itself
typically should not have the ability to hide or mask its own identity.
As with many embedded and industrial systems, network equipment
typically has a long life cycle. Recommendations offered by TCG and
members include:

  • Devices should use a TPM as a hardware-based root of trust
  • Devices should provide a cryptographic device identity based on IEEE
    802.1AR and use the TPM to protect keys. Cryptographic identity can
    provide a reliable way to identify remote devices for applications
    involving device management, configuration and authentication
  • The TPM can be used to protect confidential data, such as VPN keys in
    network equipment
  • TPM-based attestation can offer assurance to the integrity of software
    running on network equipment
  • Use of the TPM’s random number generator can enhance the strength of
    cryptographic protocols by providing additional entropy

Implementing these recommendations can raise the bar for network
equipment security and substantially increases the difficulty for
attackers who want to undermine this security.

About TCG

TCG (@TrustedComputin) is a not-for-profit organization that develops,
defines and promotes open, vendor-neutral, global industry standards,
supportive of a hardware-based root of trust, for interoperable trusted
computing platforms. More information about TCG is available at
Follow TCG on Twitter and
on LinkedIn.

Brands and trademarks are the property of their respective owners.

Tweet this: See new way to secure network equipment blocking attacks,
malware, protecting data #TPM #MWC18 @TrustedComputin @Infineon
@JuniperNetworks Stand 6C4, Hall 6


PR Works, Inc.
Anne Price, +1-602-330-6495