Descripción del proyecto
It is common wisdom that security is only as strong as the weakest link in a chain. However, identifying the chain and its weak links is a huge challenge, even more so for open-source hardware aimed at the Internet of Things (IoT), industrial IoT and critical infrastructure. Most of these devices operate in constrained environments, with limited energy budgets and routinely lack essential security and privacy guarantees.
The primary goal of the ORSHIN project is to create a generic and holistic methodology, which we call the ‘trusted life cycle’ to develop and manage connected devices based on open-source hardware. We identified a chain of six essential phases: Design, Implementation, Evaluation, Installation, Maintenance, and Retirement. The life cycle will specify how to translate abstract security goals (e.g., build a secure IoT product) into security policies for the phases, and further into concrete security requirements for the building blocks of the product (e.g., use 128-bit keys).
Using this holistic view, ORSHIN will address critical links, corresponding to three important expected outcomes mentioned in the call, to reduce the security threats associated with open-source connected devices:
1. We will propose new models of security properties in order to extend formal verification to the secure, open-source hardware realm.
2. To enable effective security audits of open-source hardware and embedded software, we will develop practical, fast, and hardware-augmented testing techniques.
3. We will create secure and privacy-preserving protocols for intra-device and inter-device communication to provide secure communication and authentication methods for connected devices.
These ambitious objectives, leading to open-source demonstrators at TRL4, are proposed by an international consortium with complementary experience, consisting of four high-tech SME’s in collaboration with two excellent academic partners and one important European semiconductor company.