Periodic Reporting for period 1 - Resilient Trust (Resilient Trust- Trusted SMEs for Sustainable Growth of Europeans Economical Backbone to Strengthen the Digital Sovereignty)
Reporting period: 2023-10-01 to 2024-09-30
The internet of things (IoT) drives the datafication of our everyday life. Then, the IoT offers high automation potential, enabling us to improve people's live and compensate for societal problems such as the ageing population, missing high skilled labour across Europe or the efficiency limits of current production capabilities.
IoT 5.0 an Artificial Intelligence (AI) assisted Internet of Things, could even more benefit society, as the devices could learn how to provide more value. But the ubiquitous connectivity comes at a cost. Security levels have to rise tremendously to ensure a network stays secure and safe. This security effort is a burden for small and medium sized enterprises. This is especially dangerous as a single corrupted device can allow an attacker the exploitation of the entire network of connected devices.
Consequently, RESILIENT TRUST focuses on end-to-end security of IoT processing chains with a focus on exploitation for SMEs. It aims developing specialized hardware and software to establish TRUST in-between a network and RESILIENCE against attacks.
The long-term vision of Resilient Trust is to support SMEs activities, to secure their entire supply chain, in order to boost SMEs capabilities to develop secure and safe Cyber-Physical Systems. The partners of the microelectronics industry focus on creating integrity and identity in the lower levels of the chain for warranting RESILIENCE and TRUST. The hardware and software developments are performed for four application cases.
IoT 5.0 an Artificial Intelligence (AI) assisted Internet of Things, could even more benefit society, as the devices could learn how to provide more value. But the ubiquitous connectivity comes at a cost. Security levels have to rise tremendously to ensure a network stays secure and safe. This security effort is a burden for small and medium sized enterprises. This is especially dangerous as a single corrupted device can allow an attacker the exploitation of the entire network of connected devices.
Consequently, RESILIENT TRUST focuses on end-to-end security of IoT processing chains with a focus on exploitation for SMEs. It aims developing specialized hardware and software to establish TRUST in-between a network and RESILIENCE against attacks.
The long-term vision of Resilient Trust is to support SMEs activities, to secure their entire supply chain, in order to boost SMEs capabilities to develop secure and safe Cyber-Physical Systems. The partners of the microelectronics industry focus on creating integrity and identity in the lower levels of the chain for warranting RESILIENCE and TRUST. The hardware and software developments are performed for four application cases.
2.3.1 Work Package 1: Requirements /Specifications
The objectives were to:
· Analyze the state of the art of IC development and secure firmware updates
· Describe attacker profiles and possible threats they could exploit and what risks they pose
· Analyze the supply chain infrastructure and main actors (entities) involved
This WP set out to start identifying two main aspects for each Use Case: the system requirements, and the security requirements. To identify the system requirements, the hardware (HW) and software (SW) components in scope for each Use Case were identified, to create the system requirements. On the other hand, threats were identified which should be considered, what vulnerabilities they could exploit, what kind of attacker could exploit them, and what controls should be put in place to prevent them.
Put together, these created the security requirements. At that point, both types of requirements could be put together to create the final HW and SW architectures of each Use Case, taking into consideration necessary security measures to counteract the threats and prevent vulnerabilities from the supply chain as well. Beyond the Use Case architectures, this WP also identified lifetime security management practices to put in place throughout the lifecycle of the integrated circuit (IC), and any Blockchain implementation to ensure the immutability of the data or its origins.
In RESILIENT TRUST, with four different Use Cases, it is not possible to create one unified architecture. Therefore, each partner contributed to the above-described aspects for the Use Case(s) that they are directly involved in. In this way, the subsequent technical WPs have the requirements and specifications finalized to start working on the design and implementation of the software and hardware aspects necessary to then be demonstrated in each Use Case.
2.3.2 Work Package 2: RF attack detection & mitigation: Chip-level Architecture, Design, and EDA Methodologies
The main objective is to develop all the needed hardware IPs necessary for the RF attack detection and mitigation demonstrator. It is composed of four sub-task and the contribution for each partner in each sub-tasks is described in the following paragraphs.
The first task is dedicated to RF Front-End Spectrum Monitoring Architecture definition.The main objective of this task is to design and develop this data collection and monitoring architecture called front-end spectrum monitoring architecture. It provided the report D2.1: Definition of system architecture for RF front-end where each architecture for each use case was depicted.
It is then followed by the development of the building block which is included in Task 2.2. In this task building blocks will be first described and then designed. Some exchanges between the use cases will be possible in this activity since all the partners agreed to focus on the same 22FDX FD-SOI technology from Global-Foundries. Some building blocks are already well started.
The following task is dedicated to AI hardware accelerator for RF Signal classification and malicious attacks detection. In this task, the main objective is to develop the on-chip AI hardware accelerator for RF signal classification and malicious attack detection. It is thus a key role in the project. It is planned in this task that prototyping on an FPGA platform will be tested first before the actual ASIC implementation. During this first year, the activity mainly focus on setting up simulation in order to be able to develop and evaluate the required algorithms.
The last task is dedicated to RF attack mitigation solutions, a topic complementary to the previous ones.
The objectives were to:
· Analyze the state of the art of IC development and secure firmware updates
· Describe attacker profiles and possible threats they could exploit and what risks they pose
· Analyze the supply chain infrastructure and main actors (entities) involved
This WP set out to start identifying two main aspects for each Use Case: the system requirements, and the security requirements. To identify the system requirements, the hardware (HW) and software (SW) components in scope for each Use Case were identified, to create the system requirements. On the other hand, threats were identified which should be considered, what vulnerabilities they could exploit, what kind of attacker could exploit them, and what controls should be put in place to prevent them.
Put together, these created the security requirements. At that point, both types of requirements could be put together to create the final HW and SW architectures of each Use Case, taking into consideration necessary security measures to counteract the threats and prevent vulnerabilities from the supply chain as well. Beyond the Use Case architectures, this WP also identified lifetime security management practices to put in place throughout the lifecycle of the integrated circuit (IC), and any Blockchain implementation to ensure the immutability of the data or its origins.
In RESILIENT TRUST, with four different Use Cases, it is not possible to create one unified architecture. Therefore, each partner contributed to the above-described aspects for the Use Case(s) that they are directly involved in. In this way, the subsequent technical WPs have the requirements and specifications finalized to start working on the design and implementation of the software and hardware aspects necessary to then be demonstrated in each Use Case.
2.3.2 Work Package 2: RF attack detection & mitigation: Chip-level Architecture, Design, and EDA Methodologies
The main objective is to develop all the needed hardware IPs necessary for the RF attack detection and mitigation demonstrator. It is composed of four sub-task and the contribution for each partner in each sub-tasks is described in the following paragraphs.
The first task is dedicated to RF Front-End Spectrum Monitoring Architecture definition.The main objective of this task is to design and develop this data collection and monitoring architecture called front-end spectrum monitoring architecture. It provided the report D2.1: Definition of system architecture for RF front-end where each architecture for each use case was depicted.
It is then followed by the development of the building block which is included in Task 2.2. In this task building blocks will be first described and then designed. Some exchanges between the use cases will be possible in this activity since all the partners agreed to focus on the same 22FDX FD-SOI technology from Global-Foundries. Some building blocks are already well started.
The following task is dedicated to AI hardware accelerator for RF Signal classification and malicious attacks detection. In this task, the main objective is to develop the on-chip AI hardware accelerator for RF signal classification and malicious attack detection. It is thus a key role in the project. It is planned in this task that prototyping on an FPGA platform will be tested first before the actual ASIC implementation. During this first year, the activity mainly focus on setting up simulation in order to be able to develop and evaluate the required algorithms.
The last task is dedicated to RF attack mitigation solutions, a topic complementary to the previous ones.
In the first year of Resilient Trust, the major part of the time was dedicated to the precise definition of the needs, of the specification and of the architecture.
In this first year, we also worked on new generation of chips are in progress, permitting to address a large choice of RF communication protocols (multi-standard Transceiver). In parallel of the progress on the design, the attack surface for the analog, mixed-signal, and RF functions of the envisioned chip is analysed. The considered attack are notably piracy and counterfeiting attack scenarios, performed for example by the foundry or a reverse engineer.
Moreover, possible security solutions were defined and specified for the analogue RF interfaces (RF-Link, Sensor-Interface) for the located attack interfaces. The design of the security solutions might require some extensions to a standard EDA design platform (e.g. semi-automated RF-testbench concept). The security solutions so far address the reduction of substrate coupling, the reduction of EM emissions, the reduction of power consumption, decoupling of supply lines to the outside, and differential circuit technology with strong symmetry.
For the drone detection use case, a precise analysis of drone communication signals was carried out, and an innovative methodology to access the effectiveness of the jamming signal in stopping the drone was implemented.
We also studied the use of the PUF ring oscillator (RO) to secure the CI against false copies and to generate a secure key based on a random number.
We worked on the definition of an ultra low powerspectrum monitoring architecture. The objective was to be able to develop a low power solution enabling the possibility of having a distributed network of sensing nodes. This functionality is limited to area with a small density of base station which are considered as blocker for spectrum sensing system.
In this first year, we also worked on new generation of chips are in progress, permitting to address a large choice of RF communication protocols (multi-standard Transceiver). In parallel of the progress on the design, the attack surface for the analog, mixed-signal, and RF functions of the envisioned chip is analysed. The considered attack are notably piracy and counterfeiting attack scenarios, performed for example by the foundry or a reverse engineer.
Moreover, possible security solutions were defined and specified for the analogue RF interfaces (RF-Link, Sensor-Interface) for the located attack interfaces. The design of the security solutions might require some extensions to a standard EDA design platform (e.g. semi-automated RF-testbench concept). The security solutions so far address the reduction of substrate coupling, the reduction of EM emissions, the reduction of power consumption, decoupling of supply lines to the outside, and differential circuit technology with strong symmetry.
For the drone detection use case, a precise analysis of drone communication signals was carried out, and an innovative methodology to access the effectiveness of the jamming signal in stopping the drone was implemented.
We also studied the use of the PUF ring oscillator (RO) to secure the CI against false copies and to generate a secure key based on a random number.
We worked on the definition of an ultra low powerspectrum monitoring architecture. The objective was to be able to develop a low power solution enabling the possibility of having a distributed network of sensing nodes. This functionality is limited to area with a small density of base station which are considered as blocker for spectrum sensing system.