Our society is continuously demanding more and more intelligent devices, along with network infrastructures and distributed services that make our daily lives more confortable. This revolution has also reached the industrial sector, transforming traditional factories into smart factories, with the objective of enhancing supply chain and manufacturing. However, the frantic adoption of Internet of Things (IoT) technologies in multiple application domains has led to widespread implementations without a deep analysis about the vulnerabilities that IoT devices are exposed to.
SPIRS addresses innovative approaches to provide security and data-privacy to future Information and Communications Technology (ICT) elements.
SPIRS encompasses the complete design of a platform, so-called SPIRS platform, which integrates a hardware dedicated Root of Trust (RoT) and a processor core with the capability of offering a full suite of security services. Furthermore, the SPIRS platform will be able to leverage this capability to support privacy-respectful attestation mechanisms and enable trusted communication channels across 5G infrastructures and the respective management domains.
RoT is implemented in hardware with a dedicated circuitry to extract a unique digital identifier for the SPIRS platform during its entire lifetime. A silicon CMOS Physical Unclonable Function (PUF) is used to derive the device’s identity, exploiting tiny variations in CMOS manufacturing process. The RoT also integrates attack resistant cryptographic hardware cores that incorporate countermeasures, so minimizing the vulnerability against side-channel (SCA) and fault injection (FA) attacks, and increasing the performance of the approach in terms of timing and power consumption. The security of the core is reinforced with the implementation of a mutual authentication scheme between the RoT and the embedded software. To build a complete solution, the project also features a Trusted Execution Environment (TEE), secure boot, and runtime integrity. Furthermore, resilience and privacy protection are major concerns in this project, and it endeavours to the design of a decentralized trust management framework targeted to minimize the impact of Single Point of Failure (SPOF) risks and achieve adequate security and privacy trade-offs. To facilitate the tasks of validation and testing, the SPIRS platform is conceived as an open platform that can easily integrate other IP modules and facilitates upgrades.
The SPIRS project goes beyond the construction of the SPIRS platform and it provides solutions to integrate it in the deployment of cryptographic protocols and network infrastructures in a trustworthy way, leveraging the RoT provided by the platform. This includes the implementation of chains of trust using the physical identity, also known as trust anchor, derived from the PUF suitable for remote and direct anonymous attestation, and its integration with network orchestration mechanisms endorsing security and privacy protection in edge and cloud infrastructures. The SPIRS project will extend existing open-source network orchestration frameworks to demonstrate the applicability of these trust anchors and attestation procedures in the development of IoT network gateways building a Trusted Network Edge Device (TNED). In addition, the ambition of the project is to ease the design of secure and privacy-friendly IoT architectures by developing a hardware design integration framework. This framework will bring flexibility to the design of the SPIRS architecture, will automate its validation and participate to the continuum of the chain of trust from the hardware up to the network.
SPIRS platform can be integrated in applications and services for multiple sectors. To validate this, the project plans to demonstrate its results considering two different scenarios: Industry 4.0 and 5G networking.
