Periodic Reporting for period 1 - REWIRE (REWiring the ComposItional Security VeRification and AssurancE of Systems of Systems Lifecycle)
Période du rapport: 2022-10-01 au 2024-03-31
In a highly distributed digital environment, where heterogeneous smart devices operate in collaborative structures, multiple challenges and needs emerge. REWIRE works to deliver a holistic approach for the continuous security assessment and management of IoT devices throughout their entire lifecycle (bootstrapping, commissioning, operation, upgrade) under zero-trust conception. REWIRE’s approach covers both the design-time and run-time phases of the lifecycle of systems. For the design time, REWIRE capitalizes on the security-by-design principle and develops formal verification methods and tools to verify the correctness of open-source software and open standard hardware designs, aiming to attack surface minimization even from the design phase of systems. During runtime, REWIRE delivers dynamic mechanisms for monitoring IoT device trustworthiness through cryptographically verifiable security proofs and efficient attestation. Those developments within our holistic framework that increases cybersecurity situational awareness in heterogeneous IoT environments through auditable security patch management, through software updates, while the framework is further strengthened using AI-based misbehaviour detection solutions. REWIRE’s backbone infrastructure is empowered with an innovative blockchain solution that ensures trust-aware continuous authentication and authorization, secure communication and data sharing, and identity management in IoT ecosystems. Finally, the capacity and applicability of the REWIRE developments are evaluated and validated in realistic critical environments in the Smart Cities, Smart Satellites, and Automotive domains
REWIRE's major contributions are integrated into the framework’s architecture, and are the following:
• Compositional Security at Design-time: As part of the design-time phase, REWIRE ensures the robust system designs through the delivery of the REWIRE formal verification toolchain.
• Zero-touch Onboarding (ZTO): REWIRE ensures autonomous commissioning of devices into networks while maintaining stringent security, privacy, and Trust standards. The ZTO mechanism ensures that only trusted devices, i.e. devices with correct configuration and identity credentials can be onboarded.
• Configuration Integrity Verification with Verifiable Policy Enforcement (VPE): A novel attestation mechanism has been developed to verify the integrity of device configuration and binaries, allowing VPE and the use of verifiable key restriction usage policies
• SW/FW Validation Service: REWIRE has developed a validation service for SW/FW, to detect potential issues before deployment, enhancing the security and reliability of system updates.
• SW Update Protocol: A secure software update protocol with side-channel resistance has been designed, ensuring that the confidentiality and authenticity of updates can be protected even against physical attackers.
• REWIRE Customizable TEE: REWIRE has extended the standard Keystone-based TEE with additional features. These enhancements, integrated with other REWIRE components, support secure runtime operations and augment edge devices.
• Real-time Tracing and Behavioral Attestation: Continuous monitoring and attestation of device behavior ensures real-time security and operational integrity. A new tracer is being designed based on the use of monitoring hooks, aspiring to minimize the overhead footprint on the target device’s system.
• Verifiable Presentations for Auditing and Certification: REWIRE has developed advanced cryptographic protocols, such as the signcryption scheme for the creation of verifiable presentations (VPs) to enable controlled privacy through the selective disclosure of verifiable attributes.
• Advanced cryptographic schemes and Access Control: REWIRE employs attribute-based encryption (ABE) and attribute-based access control (ABAC), along with a robust key management system within its Trusted Execution Architecture.
• Blockchain-based privacy-preserving data sharing and management: REWIRE delivers a BC infrastructure to facilitate secure and privacy-preserving data sharing and management, based on Secure Oracles, Hyperledger Besu, and Fabric Private Chain.
• AI-based Misbehavior Detection: The integration of AI for detecting anomalous events in systems’ operation, enhancing the ability to identify and respond to security threats.
• Continuous and Modular Risk and Trust Assessment: The project implements a dynamic risk assessment framework, allowing for ongoing evaluation and mitigation of potential risks.
• Compositional Security at Design-time: As part of the design-time phase, REWIRE ensures the robust system designs through the delivery of the REWIRE formal verification toolchain.
• Zero-touch Onboarding (ZTO): REWIRE ensures autonomous commissioning of devices into networks while maintaining stringent security, privacy, and Trust standards. The ZTO mechanism ensures that only trusted devices, i.e. devices with correct configuration and identity credentials can be onboarded.
• Configuration Integrity Verification with Verifiable Policy Enforcement (VPE): A novel attestation mechanism has been developed to verify the integrity of device configuration and binaries, allowing VPE and the use of verifiable key restriction usage policies
• SW/FW Validation Service: REWIRE has developed a validation service for SW/FW, to detect potential issues before deployment, enhancing the security and reliability of system updates.
• SW Update Protocol: A secure software update protocol with side-channel resistance has been designed, ensuring that the confidentiality and authenticity of updates can be protected even against physical attackers.
• REWIRE Customizable TEE: REWIRE has extended the standard Keystone-based TEE with additional features. These enhancements, integrated with other REWIRE components, support secure runtime operations and augment edge devices.
• Real-time Tracing and Behavioral Attestation: Continuous monitoring and attestation of device behavior ensures real-time security and operational integrity. A new tracer is being designed based on the use of monitoring hooks, aspiring to minimize the overhead footprint on the target device’s system.
• Verifiable Presentations for Auditing and Certification: REWIRE has developed advanced cryptographic protocols, such as the signcryption scheme for the creation of verifiable presentations (VPs) to enable controlled privacy through the selective disclosure of verifiable attributes.
• Advanced cryptographic schemes and Access Control: REWIRE employs attribute-based encryption (ABE) and attribute-based access control (ABAC), along with a robust key management system within its Trusted Execution Architecture.
• Blockchain-based privacy-preserving data sharing and management: REWIRE delivers a BC infrastructure to facilitate secure and privacy-preserving data sharing and management, based on Secure Oracles, Hyperledger Besu, and Fabric Private Chain.
• AI-based Misbehavior Detection: The integration of AI for detecting anomalous events in systems’ operation, enhancing the ability to identify and respond to security threats.
• Continuous and Modular Risk and Trust Assessment: The project implements a dynamic risk assessment framework, allowing for ongoing evaluation and mitigation of potential risks.
REWIRE significantly advances the SOTA by integrating innovative solutions and methodologies that enhance the security, reliability, efficiency and trustworthiness of IoT and embedded devices ecosystems. REWIRE incorporates a security-by-design approach in systems design stages, building a modern formal verification toolchain, which verifies the correctness of vital protocols and ensures that the final SW/HW co-designs meet the overarching design requirements. On runtime phase REWIRE offers innovative mechanisms to secure the entire lifecycle management of systems, delivers a trust-aware ZTO mechanism which incorporates evidence that advocates the secure state of devices instead of solely validating identity-related attributes. REWIRE also pioneers an attestation mechanism to verify the integrity of device configurations during their operational phase further supported by a VPE, ensuring that a valid and verifiable policy will always regulate the attestation process.
In addition, REWIRE utilizes and further extends the state-of-the-art Keystone TEE in multiple ways. REWIRE offers new services, such as Crypto Key management capabilities in the Security Monitor, TEE state migration, TEE-based software updates, and fundamental extensions that enable trusted-untrusted world secure openSBI-based communication. Current update protocols often lack such robust defenses and do not consider that IoT devices that are left unattended can be manipulated by physical attackers. Finally, REWIRE fosters SOTA through blockchain-based privacy-preserving data sharing and management, as it is the first of its kind to offer an innovative blending of secure oracles, Hyperledger Besu and Fabric Private Chain, which enable the privacy-preserving execution of smart contracts using confidential computing.
In addition, REWIRE utilizes and further extends the state-of-the-art Keystone TEE in multiple ways. REWIRE offers new services, such as Crypto Key management capabilities in the Security Monitor, TEE state migration, TEE-based software updates, and fundamental extensions that enable trusted-untrusted world secure openSBI-based communication. Current update protocols often lack such robust defenses and do not consider that IoT devices that are left unattended can be manipulated by physical attackers. Finally, REWIRE fosters SOTA through blockchain-based privacy-preserving data sharing and management, as it is the first of its kind to offer an innovative blending of secure oracles, Hyperledger Besu and Fabric Private Chain, which enable the privacy-preserving execution of smart contracts using confidential computing.