Architectures and Security in Distributed Systems (E)

Knowledge of computer networks.

Basic knowledge of cryptology and security goals.

Basic knowledge of operating systems including handling the Linux command line; Basic knowledge of Linux and Windows command line commands. Basic ability to write a Linux script.

Basic programming knowledge (C, Java) and the ability to learn another programming language (at least the basics) yourself (e.g. Python, Perl)

The starting point are security requirements for IoT/IIoT systems, which consist of small and micro devices, active and passive communication infrastructure and a complex server landscape in the background system.

Main focus is Trusted Platform Module (TPM) and use cases based on TPM e.g. measured boot, attestation, integrity protection, key management based on TPM

The following content relates to IoT / distributed systems, even if not explicitly stated.

• Trusted Platform Module (TPM);
• Specific security challenges / goals / requirements for IoT / distributed systems
• Specific threats to IoT / distributed systems
• Best practices for IoT security
• Cryptology and cryptological applications in the field of IoT / distributed systems
• Secure Boot; Measured Boot; Trusted Boot; Attestation
• Clear and secure proof of identity for products, processes and machines
• Key management in the field of IoT (including hardware-based solutions)
• Trusted Execution Environments (TEE); TrustZone

The students

• understand the architecture, functionality, and specifications of Trusted Platform
  Modules (TPM).
• Explain the role of TPM in securing computing platforms and embedded systems.
• Describe typical use cases of TPM such as key generation, secure storage, attestation,
  and platform integrity verification.
• Compare TPM 1.2 and TPM 2.0 in terms of capabilities and interoperability.
• Demonstrate how TPM enables Secure Boot, Measured Boot, and Remote
  Attestation.
• Apply TPM-based mechanisms for device identity, anti-tampering, and software trust
  in distributed environments.
• Evaluate the advantages and limitations of TPM in resource-constrained IoT systems.
• Identify the unique security goals (e.g., availability, integrity, scalability) in IoT and distributed environments.
• Analyze the impact of heterogeneity, resource constraints, and network fragmentation on security design.
• Differentiate between Secure Boot, Measured Boot, and Trusted Boot concepts.
• Demonstrate how TPM enforces and supports Measured Boot and Attestation.
• Understand the chain of trust and how it is anchored in TPM hardware
• Explain how TPMs provide cryptographic identity for devices and components.
• Implement mechanisms for device provisioning, certificate-based identification, and secure enrollment.
• Discuss the role of device identity in secure manufacturing and supply chains.
• Understand the principles of key generation, distribution, rotation, and revocation in IoT.
• Use TPMs to securely generate and store cryptographic keys.
• Evaluate different approaches to key protection, including hardware-based (TPM, HSM, SE) and software-based methods
• Understand the concept of Trusted Execution Environments (TEE) and how they isolate sensitive computations.
• Compare TEE technologies such as ARM TrustZone and Intel SGX to TPM-based solutions.
• Discuss complementary use of TEE and TPM for layered security in IoT.

Lecture with exercises on the individual architectures; Lecture and case study on safety in teams of two.

Evaluation of the exercises 10%
Writen exam 90%

For a positive grade, a minimum of 50% of the possible points must be achieved in each part of the examination.

None

Will Arthur, David Challener, Kenneth Goldman:
A Practical Guide to TPM 2.0; Using the Trusted Platform Module in the New Age of Security, 2015
https://doi.org/10.1007/978-1-4302-6584-9
ISBN 978-1-4302-6583-2

Face-to-face event with selected online elements
Compulsory attendance!