Periodic Reporting for period 2 - CROSSCON (Cross-platform Open Security Stack for Connected Devices)
Okres sprawozdawczy: 2024-05-01 do 2025-10-31
Any Internet of Things (IoT) deployment, no matter in which application domain is used, healthcare, building automation, automotive, Industry 4.0 etc., comprises devices that differ in terms of resources, capabilities, and resources, in terms of vendor and manufacturer. Most of them are equipped with some protection mechanisms and trust technology (i.e. Arm TrustZone, Intel SGX, Intel TDX, AMD SEV, etc.) but such solutions can hardly interoperate. Moreover, it has been shown over the years, that existing technology suffer from several vulnerabilities due to poor coding, architectural issues, and also the raise side-channels attacks instances.
This heterogeneity creates several interoperability issues that make it very hard or impossible to realize a common trust baseline to build root of trusts across the different devices. Consequently, any realistic IoT deployment nowadays has unprotected devices. They are weak points that attackers can use to easily penetrate the whole system.
CROSSCON aims at extending the protection on the devices that are now unprotected and solving existing interoperability issues enabling the possibility to implement the basic protection and trust mechanisms on any device. This by also leveraging existing trust technology and available hardware features and security extensions and when necessary, strengthening their security. On top of these basic mechanisms, CROSSCON aims also at designing innovative trusted services to the more traditional ones, to address the new security requirements emerging from more powerful hardware and more complex and diverse usage scenarios.
Furthermore, existing trust technology are not open, making it difficult to develop new trusted applications implementing foundational trust services such as integrity checks, secure updates, secure communications, etc. and keeping high the entry point costs for new adopters.
CROSSCON aims at enriching the toolchain available to developers of trusted applications by making it easier to write them once and run them on different hardware, and by increasing considerably their assurance.
This heterogeneity creates several interoperability issues that make it very hard or impossible to realize a common trust baseline to build root of trusts across the different devices. Consequently, any realistic IoT deployment nowadays has unprotected devices. They are weak points that attackers can use to easily penetrate the whole system.
CROSSCON aims at extending the protection on the devices that are now unprotected and solving existing interoperability issues enabling the possibility to implement the basic protection and trust mechanisms on any device. This by also leveraging existing trust technology and available hardware features and security extensions and when necessary, strengthening their security. On top of these basic mechanisms, CROSSCON aims also at designing innovative trusted services to the more traditional ones, to address the new security requirements emerging from more powerful hardware and more complex and diverse usage scenarios.
Furthermore, existing trust technology are not open, making it difficult to develop new trusted applications implementing foundational trust services such as integrity checks, secure updates, secure communications, etc. and keeping high the entry point costs for new adopters.
CROSSCON aims at enriching the toolchain available to developers of trusted applications by making it easier to write them once and run them on different hardware, and by increasing considerably their assurance.
CROSSCON published the final version of the specifications and the reference implementation for an open source, portable, modular, and vendor-independent IoT security stack aiming at solving existing interoperability problems and implementing trust technology that can run on any type of device, enabling its deployment across different devices with heterogeneous embedded hardware architectures, including but not limited, to ARM and RISC-V.
The final release of the CROSSCON Hypervisor was a main landmark for the project, supporting both APU and MCU platforms, and including features like Dynamic VM creation and management, per-VM TEE support, and Multiple-VMM support execution for enhanced flexibility and provisioning.
Another landmark was the final release of the CROSSCON extension primitives to domain specific hardware architectures for improved security of IoT devices by co-designing new hardware/software features that complement the CROSSCON stack by providing additional security for domain specific hardware. The design and release of CROSSCON SoC: a system on chip that can be used together with the CROSSCON stack to provide a RISC-V execution environment for mixed criticality software that needs strong hardware and software isolation; and a TEE-like environment on FPGAs with multiple tenants.
The final release of the novel and high-assurance trusted services, such as the PUF‐based authentication, context‐based authentication, control flow integrity, and behavioural‐based anomaly detection. Regarding low constrained devices, the final release of two bare-metal TEEs to provide essential security features for such devices, such as memory isolation, privilege separation, adapting their isolation model based on the presence or absence of an MPU or PMP.
The CROSSCON technical results have been released for timely community uptake and feedback through its GitHub repository https://github.com/crosscon(odnośnik otworzy się w nowym oknie) .
The project achieved ambitious use case demonstrators on Device multi-factor authentication, Firmware updates, Commissioning and decommissioning of IoT devices, Remote attestation for agricultural UAVs, and IP Protection for multi-tenancy on FPGA.
Consortium members participated in several RISC-V working groups and industrial events such as RISC-V Summit and Embedded World, established synergies with 16 EU-funded projects, achieved 50+ scientific publications, and contributed to 55 events.
The final release of the CROSSCON Hypervisor was a main landmark for the project, supporting both APU and MCU platforms, and including features like Dynamic VM creation and management, per-VM TEE support, and Multiple-VMM support execution for enhanced flexibility and provisioning.
Another landmark was the final release of the CROSSCON extension primitives to domain specific hardware architectures for improved security of IoT devices by co-designing new hardware/software features that complement the CROSSCON stack by providing additional security for domain specific hardware. The design and release of CROSSCON SoC: a system on chip that can be used together with the CROSSCON stack to provide a RISC-V execution environment for mixed criticality software that needs strong hardware and software isolation; and a TEE-like environment on FPGAs with multiple tenants.
The final release of the novel and high-assurance trusted services, such as the PUF‐based authentication, context‐based authentication, control flow integrity, and behavioural‐based anomaly detection. Regarding low constrained devices, the final release of two bare-metal TEEs to provide essential security features for such devices, such as memory isolation, privilege separation, adapting their isolation model based on the presence or absence of an MPU or PMP.
The CROSSCON technical results have been released for timely community uptake and feedback through its GitHub repository https://github.com/crosscon(odnośnik otworzy się w nowym oknie) .
The project achieved ambitious use case demonstrators on Device multi-factor authentication, Firmware updates, Commissioning and decommissioning of IoT devices, Remote attestation for agricultural UAVs, and IP Protection for multi-tenancy on FPGA.
Consortium members participated in several RISC-V working groups and industrial events such as RISC-V Summit and Embedded World, established synergies with 16 EU-funded projects, achieved 50+ scientific publications, and contributed to 55 events.
CROSSCON’s approach is not to design a completely new solution for Trusted Execution Environments (TEEs) forgetting what already exists, but rather the approach was to design a flexible solution based on dynamic virtualization and multiple virtual machine monitors, that can leverage on all what exists, both in terms of software and hardware features, build the parts that are missing and improve those presenting security limitations.
The CROSSCON approach aligns with the vision of establishing trustworthy IoT devices across the IoT infrastructure. This stack will be directly usable by hardware manufacturers, original device manufacturers, application developers, and system integrators, enabling them to build devices and applications with fewer resources, eliminate hardware dependencies, and ensure a consistent and robust security foundation across the entire IoT ecosystem.
Where hardware dependencies exist, CROSSCON use them on its advantage as in the design of a unified interface for hardware primitives needed by trusted services; the secure sharing of hardware accelerators through the entire hardware-software stack.
The joint innovation between University of Minho and Beyond Semiconductor on a novel TEE solution for next-generation RISC-V MCUs, hardware-enforced software-defined virtualization-based TEEs, that was promoted to a standard RISC-V specification.
The CROSSCON approach aligns with the vision of establishing trustworthy IoT devices across the IoT infrastructure. This stack will be directly usable by hardware manufacturers, original device manufacturers, application developers, and system integrators, enabling them to build devices and applications with fewer resources, eliminate hardware dependencies, and ensure a consistent and robust security foundation across the entire IoT ecosystem.
Where hardware dependencies exist, CROSSCON use them on its advantage as in the design of a unified interface for hardware primitives needed by trusted services; the secure sharing of hardware accelerators through the entire hardware-software stack.
The joint innovation between University of Minho and Beyond Semiconductor on a novel TEE solution for next-generation RISC-V MCUs, hardware-enforced software-defined virtualization-based TEEs, that was promoted to a standard RISC-V specification.