Improved security in open-source and open-specification hardware for connected devices

The quality of hardware and software, notably open source, for IoT and connected devices is improving. However, the restricted environment of many IoT devices does not allow the deployment of more complex protection schemes (e.g. Trusted Platform Modules, Sandboxing applications in managed memory partitions) and similar approaches that often rely on operating system (OS) support to ensure cybersecurity. Open Source designs are frequently used in IoT technology and become more reliable and efficient with the number of developers that deploy them. The management of this large collaborative development environment that Open Source represents is a real cybersecurity challenge.

The aim is to support European trustworthy platforms by methods, tools and technologies that foster a stronger Cybersecurity, which can serve in a variety of connected devices. The proposed action should integrate formal security models and verified and scalable cryptography that can be used in future key system components (operating systems,…).

Proposals should cover one or more of these research activities:

• development of verifiable implementations of cryptographic solutions, authentication schemes, and, as relevant, software libraries that implement them securely in operating systems;
• develop mechanisms to mitigate hardware-related security vulnerabilities
• development of security auditing for connected devices;
• development and advancing of security testing in restricted environments;
• development and advancing of verification methods for secure firmware updates and secure software patching in connected devices;
• development of multi-factor authentication hardware and software solutions.
• development of the security upgrading of the connected devices within the life cycle (bootstrapping, commissioning, operational, upgrade etc.)

The participation of SMEs is strongly encouraged. In this topic the integration of the gender dimension (sex and gender analysis) in research and innovation content is not a mandatory requirement.