Periodic Reporting for period 1 - CROSSCON (Cross-platform Open Security Stack for Connected Devices)
Reporting period: 2022-11-01 to 2024-04-30
Any Internet of Things (IoT) deployment, no matter in which application domain is used, healthcare, building automation, automotive, Industry 4.0 etc., comprises devices that differ in terms of resources, capabilities, and resources, in terms of vendor and manufacturer. Most of them are equipped with some protection mechanisms and trust technology (i.e. Arm TrustZone, Intel SGX, Intel TDX, AMD SEV, etc.) but such solutions can hardly interoperate. Moreover, it has been shown over the years, that existing technology suffer from several vulnerabilities due to poor coding, architectural issues, and also the raise side-channels attacks instances.
This heterogeneity creates several interoperability issues that make it very hard or impossible to realize a common trust baseline to build root of trusts across the different devices. Consequently, any realistic IoT deployment nowadays has unprotected devices. They are weak points that attackers can use to easily penetrate the whole system.
CROSSCON aims at extending the protection to the devices that are now unprotected and solving existing interoperability issues enabling the possibility to implement the basic protection and trust mechanisms on any device. This by also leveraging existing trust technology and available hardware features and security extensions and when necessary, strengthening their security. On top of these basic mechanism, CROSSCON aims also at designing innovative trusted services to be added to the more traditional ones, to address the new security requirements emerging from more powerful hardware and more complex and diverse usage scenarios.
Furthermore, existing trust technology are not open, making it difficult to develop new trusted applications implementing foundational trust services such as integrity checks, secure updates, secure communications, etc. and keeping high the entry point costs for new adopters.
CROSSCON aims at enriching the toolchain available to developers of trusted applications by making it easier to write them once and run them on different hardware, and by increasing considerably their assurance.
This heterogeneity creates several interoperability issues that make it very hard or impossible to realize a common trust baseline to build root of trusts across the different devices. Consequently, any realistic IoT deployment nowadays has unprotected devices. They are weak points that attackers can use to easily penetrate the whole system.
CROSSCON aims at extending the protection to the devices that are now unprotected and solving existing interoperability issues enabling the possibility to implement the basic protection and trust mechanisms on any device. This by also leveraging existing trust technology and available hardware features and security extensions and when necessary, strengthening their security. On top of these basic mechanism, CROSSCON aims also at designing innovative trusted services to be added to the more traditional ones, to address the new security requirements emerging from more powerful hardware and more complex and diverse usage scenarios.
Furthermore, existing trust technology are not open, making it difficult to develop new trusted applications implementing foundational trust services such as integrity checks, secure updates, secure communications, etc. and keeping high the entry point costs for new adopters.
CROSSCON aims at enriching the toolchain available to developers of trusted applications by making it easier to write them once and run them on different hardware, and by increasing considerably their assurance.
CROSSCON published the first version of the specifications and the reference implementation for an open source, portable, modular, and vendor-independent IoT security stack aiming at solving existing interoperability problems and implementing trust technology that can run on any type of device, enabling its deployment across different devices with heterogeneous embedded hardware architectures, including but not limited, to ARM and RISC-V.
First release of the CROSSCON extension primitives to domain specific hardware architectures for improved security of IoT devices by co-designing new hardware/software features that complement the CROSSCON stack by providing additional security for domain specific hardware. The design and first release of CROSSCON SoC: a system on chip that can be used together with the CROSSCON stack to provide a RISC-V execution environment for mixed criticality software that needs strong hardware and software isolation; and a TEE-like environment on FPGAs with multiple tenants.
First release of two foundational trusted services, one related to two-factors device authentication and the other to Control-Flow Integrity.
All CROSSCON technical results have been released for timely community uptake and feedback and all the code is available at CROSSCON GitHub repository (https://github.com/crosscon).
For the exploitation of the results and their impact, besides disseminating the novelty in scientific journals and international conferences and workshop, CROSSCON promoted activities targeting the most relevant industrial initiatives. Consortium members participated actively in several RISC-V working groups, such as the Hypervisor SIG, Runtime Integrity SIG, Confidential Computing WG to promote CROSSCON innovation in their standardization paths. Participation and outreach to industrial stakeholders was implemented presenting at industrial events such as RISC-V Summit and Embedded World, 2023 and 2024 editions.
First release of the CROSSCON extension primitives to domain specific hardware architectures for improved security of IoT devices by co-designing new hardware/software features that complement the CROSSCON stack by providing additional security for domain specific hardware. The design and first release of CROSSCON SoC: a system on chip that can be used together with the CROSSCON stack to provide a RISC-V execution environment for mixed criticality software that needs strong hardware and software isolation; and a TEE-like environment on FPGAs with multiple tenants.
First release of two foundational trusted services, one related to two-factors device authentication and the other to Control-Flow Integrity.
All CROSSCON technical results have been released for timely community uptake and feedback and all the code is available at CROSSCON GitHub repository (https://github.com/crosscon).
For the exploitation of the results and their impact, besides disseminating the novelty in scientific journals and international conferences and workshop, CROSSCON promoted activities targeting the most relevant industrial initiatives. Consortium members participated actively in several RISC-V working groups, such as the Hypervisor SIG, Runtime Integrity SIG, Confidential Computing WG to promote CROSSCON innovation in their standardization paths. Participation and outreach to industrial stakeholders was implemented presenting at industrial events such as RISC-V Summit and Embedded World, 2023 and 2024 editions.
CROSSCON’s approach is not to design a completely new solution for Trusted Execution Environments forgetting what already exists, but rather the approach was to design a flexible solution based on dynamic virtualization and multiple virtual machine monitors, that can leverage on all what exists, both in terms of software and hardware features, build the parts that are missing and improve those presenting security limitations.
The CROSSCON approach aligns with the vision of establishing trustworthy IoT devices across the IoT infrastructure. This stack will be directly usable by hardware manufacturers, original device manufacturers, application developers, and system integrators, enabling them to build devices and applications with fewer resources, eliminate hardware dependencies, and ensure a consistent and robust security foundation across the entire IoT ecosystem.
Where hardware dependencies exist, CROSSCON use them on its advantage as in the design of a unified interface for hardware primitives needed by trusted services; the secure sharing of hardware accelerators through the entire hardware-software stack.
The CROSSCON approach aligns with the vision of establishing trustworthy IoT devices across the IoT infrastructure. This stack will be directly usable by hardware manufacturers, original device manufacturers, application developers, and system integrators, enabling them to build devices and applications with fewer resources, eliminate hardware dependencies, and ensure a consistent and robust security foundation across the entire IoT ecosystem.
Where hardware dependencies exist, CROSSCON use them on its advantage as in the design of a unified interface for hardware primitives needed by trusted services; the secure sharing of hardware accelerators through the entire hardware-software stack.