The inclusion of secure elements in embedded devices is improving in current available commercial solutions. Some manufacturers offer solutions to protect their products against cybersecurity threats. However, the restricted hardware resources of certain devices (e.g. in the Internet-of-Things context) make unfeasible the adoption of some of these complex protection schemes such as Trusted Platform Modules. The design of a Root-of-Trust (RoT) using low-cost hardware modules is presented in this project as alternative. The RoT is conceived as cornerstone, thus deriving trust for the rest of components that compose the embedded system. The RoT will be designed to be a modular, configurable and adaptable structure, thus leveraging the resources to offer dedicated solutions for each particular application case.
The tendency of open source initiatives for embedded systems has been consolidated with the advent and rapid growth of the RISC-V Instruction Set Architecture (ISA) together with its comprehensive hardware and software ecosystems. However, the open nature of RISC-V ISA is a double edged-sword for security purposes. The flexibility of the instruction set allows the possibility of developing various cryptography-specific extensions or variants of the ISA with the aim of increasing the level of security.
But at the same time, the full-access to many ‘open-hardware’ implementations of the RISC-V ISA could expose them to more vulnerabilities compared to the proprietary world where this information is hidden and protected by strong Intellectual Property rights. Therefore, the development of solutions to foster the security of embedded systems based on this ISA is an open challenge for research community. This project will increase the security of embedded RISC-V systems by incorporating a RoT anchored in the device’s own hardware. This strategy will be also adapted to be used by cores with proprietary ISA, thus allowing to establish a performance comparison between both choices (open and non-open) for embedded systems.
The general objective of the ARES project is to provide hardware solutions to improve the security of embedded systems, designing a hardware RoT that includes cryptographic primitives for secure storage, processing and transmission of data. The building components of the RoT will be Physical Unclonable Functions (PUFs) to generate the identity of the electronic device and generate cryptographic keys as well as entropy sources, and cryptographic primitives for data encryption and decryption. All these elements will include measures to verify its correct behavior and countermeasures to prevent physical attacks. Implementations will be carried out in both FPGA and ASIC technology, using ARM and RISC-V processors, suitable to be used in Internet-of-Things (IoT) technology. For the sake of validation, the project will develop a demonstrator to leverage project advances in a sector as eHealth where security is crucial.
Project PID2020-116664RB-I00 funded by MICIU/AEI /10.13039/501100011033.