| Project Detail |
Trusted life cycle for secure devices based on open-source hardware
The EU-funded ORSHIN project aims to build connected OSH devices, such as (I)IoT ones, taking advantage of unprecedented opportunities provided by open-source hardware. The project will specify a novel and dependable methodology to develop, maintain and decommission OSH devices which we call trusted life cycle. The project will research new formal verification models and tools to protect OSH devices from critical threats such as side-channel and fault injection vulnerabilities. ORSHIN will investigate novel security testing procedures for OSH devices, including hardware-assisted firmware testing and silicon-level auditing techniques. The ORSHIN team will develop novel and robust protocols pivoting on OSH blocks to provide essential and beyond-essential security and privacy guarantees for inter-device and intra-device communication. The ORSHIN outcomes will be demonstrated with prototypes involving actual OSH devices.
It is common wisdom that security is only as strong as the weakest link in a chain. However, identifying the chain and its weak links is a huge challenge, even more so for open-source hardware aimed at the Internet of Things (IoT), industrial IoT and critical infrastructure. Most of these devices operate in constrained environments, with limited energy budgets and routinely lack essential security and privacy guarantees.
The primary goal of the ORSHIN project is to create a generic and holistic methodology, which we call the ‘trusted life cycle’ to develop and manage connected devices based on open-source hardware. We identified a chain of six essential phases: Design, Implementation, Evaluation, Installation, Maintenance, and Retirement. The life cycle will specify how to translate abstract security goals (e.g. build a secure IoT product) into security policies for the phases, and further into concrete security requirements for the building blocks of the product (e.g. use 128-bit keys).
Using this holistic view, ORSHIN will address critical links, corresponding to three important expected outcomes mentioned in the call, to reduce the security threats associated with open-source connected devices:
1. We will propose new models of security properties in order to extend formal verification to the secure, open-source hardware realm.
2. To enable effective security audits of open-source hardware and embedded software, we will develop practical, fast, and hardware-augmented testing techniques.
3. We will create secure and privacy-preserving protocols for intra-device and inter-device communication to provide secure communication and authentication methods for connected devices.
These ambitious objectives, leading to open-source demonstrators at TRL4, are proposed by an international consortium with complementary experience, consisting of four high-tech SME’s in collaboration with two excellent academic partners and one important European semiconductor company. |
