Periodic Reporting for period 1 - SPIRS (SECURE PLATFORM FOR ICT SYSTEMS ROOTED AT THE SILICON MANUFACTURING PROCESS)
Berichtszeitraum: 2021-10-01 bis 2023-03-31
IoT and ubiquitous/pervasive computing are shaping our world where smart devices enter every aspect of our everyday life. The evolution of our interconnected society brings multiple layers of cloud, edge computing, and Internet of Things (IoT) platforms that continuously interact with each other. The boom of digitalization demands infrastructures to develop functional engineering solutions in a short time. However, advanced security and privacy-enhancing technologies are required to build a more secure digital world.
The “Secure Platform for ICT Systems Rooted at the Silicon Manufacturing Process” (SPIRS) EU-funded project addresses innovative approaches to provide security and data privacy to future Information and Communications Technology (ICT) elements. This project encompasses the complete design of a SPIRS platform, which integrates a dedicated hardware Root of Trust (RoT) and a RISC-V processor core with the capability of offering a full suite of security services. The hardware RoT in SPIRS is the source of trust for the entire system that is built over it. The security of software components (execution environment, boot process, applications) relies on identifiers, random numbers, and cryptographic functions that are provided by the RoT. Furthermore, the potentiality of the SPIRS platform is leveraged to support privacy respectful solution and remote attestation mechanisms to enable trusted communication channels across 5G infrastructures and the respective management domains. Therefore, the main goal of the SPIRS project is to establish chains of trust rooted in the silicon manufacturing process for ICT systems, and apply them in improving the supply chain for networked infrastructures.
The “Secure Platform for ICT Systems Rooted at the Silicon Manufacturing Process” (SPIRS) EU-funded project addresses innovative approaches to provide security and data privacy to future Information and Communications Technology (ICT) elements. This project encompasses the complete design of a SPIRS platform, which integrates a dedicated hardware Root of Trust (RoT) and a RISC-V processor core with the capability of offering a full suite of security services. The hardware RoT in SPIRS is the source of trust for the entire system that is built over it. The security of software components (execution environment, boot process, applications) relies on identifiers, random numbers, and cryptographic functions that are provided by the RoT. Furthermore, the potentiality of the SPIRS platform is leveraged to support privacy respectful solution and remote attestation mechanisms to enable trusted communication channels across 5G infrastructures and the respective management domains. Therefore, the main goal of the SPIRS project is to establish chains of trust rooted in the silicon manufacturing process for ICT systems, and apply them in improving the supply chain for networked infrastructures.
All the tasks have been developed following the initial work plan detailed in the Description of Action (DoA). This is a summary of the work performed during the first period of the project per each technical Work Package (WP):
1. WP2: A preliminary version of the hardware components of the Root-of-Trust (RoT) were provided at Month 15 (M15). A demo to show its correct functionality is described in Deliverable D2.1. Experimental setups for power/ EM attacks against were operative at M18. First results of SCA analysis over RoT components were obtained at M18.
2. WP3: The system specifications were defined to build a customized Trusted Execution Environment (TEE) at M6 (deliverable D3.1). A first prototype of the TEE was ready at M18 as described in the deliverable D3.2. Development of a library to bear privacy respectful audit trails for identifying security threats and monitor performance.
3. WP4: Functional and non-functional requirements were described at M14. A first description of a Trusted Network Environment for Devices (TNED) including software design highlighting the security and privacy aspects were provided at M18 (deliverable D4.1).
4. WP5: A first delivery of the SPIRS platform with all components of the RoT and a secure version of the RISC-V core (SPRITZ) at M18 (deliverable D5.1). ASIC tapeout of a lightweight RoT was ready at M18 (deliverable D5.2).
5. WP6: A detailed plan for the testing and validation activities for three use cases was provided at M12.
Four demonstrators linked to deliverables D2.1 D3.2 D4.1 and D5.1 are available to show the first results of the project.
1. WP2: A preliminary version of the hardware components of the Root-of-Trust (RoT) were provided at Month 15 (M15). A demo to show its correct functionality is described in Deliverable D2.1. Experimental setups for power/ EM attacks against were operative at M18. First results of SCA analysis over RoT components were obtained at M18.
2. WP3: The system specifications were defined to build a customized Trusted Execution Environment (TEE) at M6 (deliverable D3.1). A first prototype of the TEE was ready at M18 as described in the deliverable D3.2. Development of a library to bear privacy respectful audit trails for identifying security threats and monitor performance.
3. WP4: Functional and non-functional requirements were described at M14. A first description of a Trusted Network Environment for Devices (TNED) including software design highlighting the security and privacy aspects were provided at M18 (deliverable D4.1).
4. WP5: A first delivery of the SPIRS platform with all components of the RoT and a secure version of the RISC-V core (SPRITZ) at M18 (deliverable D5.1). ASIC tapeout of a lightweight RoT was ready at M18 (deliverable D5.2).
5. WP6: A detailed plan for the testing and validation activities for three use cases was provided at M12.
Four demonstrators linked to deliverables D2.1 D3.2 D4.1 and D5.1 are available to show the first results of the project.
This is a list of potential impacts:
Impact 1: Improved market opportunities for the EU vendors of security components.
Impact 2: Increased trust both by developers using/integrating ICT components and by the end-users of IT systems and services.
Impact 3: Protect the privacy of citizens and trustworthiness of ICT.
Impact 4: Acceleration of the development and implementation of certification processes.
Impact 5: Advanced cybersecurity products and services will be developed improving trust in the Digital Single Market.
Impact 6: The use of more harmonized certification schemes will increase the business cases for cybersecurity services as they will become more reliable.
Impact 7: Validation platforms will provide assessments with less effort compared with nowadays and assure a better compliance with relevant regulations and standards.
To achieve the above-mentioned impacts, the SPIRS project offers:
1. Hardware-plus-software integrated security mechanisms supporting different scenarios (impact 1).
2. Applicability to real security solutions (impact 1).
3. Primitives for integrated hardware-software security by design (impact 2).
4. Integrity verification of different connected devices and ICT services (impact 2).
5. Auditing enablers availability (impact 3).
6. Privacy regulatory compliance (impact 3).
7. Enablers for agile security certification (impact 4).
8. New connected device and service enablers (impact 5).
9. Analysis of license terms (impact 5).
10. Business models for secure connected devices and new cybersecurity services (impact 6).
11. Definition and adoption of open source and use of standards interfaces (impact 7).
Impact 1: Improved market opportunities for the EU vendors of security components.
Impact 2: Increased trust both by developers using/integrating ICT components and by the end-users of IT systems and services.
Impact 3: Protect the privacy of citizens and trustworthiness of ICT.
Impact 4: Acceleration of the development and implementation of certification processes.
Impact 5: Advanced cybersecurity products and services will be developed improving trust in the Digital Single Market.
Impact 6: The use of more harmonized certification schemes will increase the business cases for cybersecurity services as they will become more reliable.
Impact 7: Validation platforms will provide assessments with less effort compared with nowadays and assure a better compliance with relevant regulations and standards.
To achieve the above-mentioned impacts, the SPIRS project offers:
1. Hardware-plus-software integrated security mechanisms supporting different scenarios (impact 1).
2. Applicability to real security solutions (impact 1).
3. Primitives for integrated hardware-software security by design (impact 2).
4. Integrity verification of different connected devices and ICT services (impact 2).
5. Auditing enablers availability (impact 3).
6. Privacy regulatory compliance (impact 3).
7. Enablers for agile security certification (impact 4).
8. New connected device and service enablers (impact 5).
9. Analysis of license terms (impact 5).
10. Business models for secure connected devices and new cybersecurity services (impact 6).
11. Definition and adoption of open source and use of standards interfaces (impact 7).