Projectdetails
!!Description
De beveiliging van IoT (Internet of Things) gebeurt op verschillende niveaus, gaande van hardware over software tot
netwerkcommunicatie. Het Trusted-IoT project zal vooral focussen op beveiliging op hardware niveau.
Men zal reeds bestaande en nieuwe technieken voor hardware-gebaseerde beveiligingsmodules toepassen en evalueren op
verschillende types van IoT apparaten. Om deze kennis over te brengen naar kleine en grote bedrijven, zullen 4 use-cases uitgewerkt worden: omgevingsmonitoring, onbemande luchtvoertuigen, industriële IoT en mobiele robots. Het project zal trachten om KMO’s (met typisch een beperkt onderzoeksbudget) te sensibiliseren bij het gebruik van IoT toestellen en ze te informeren om deze veiligheid op punt te zetten.
netwerkcommunicatie. Het Trusted-IoT project zal vooral focussen op beveiliging op hardware niveau.
Men zal reeds bestaande en nieuwe technieken voor hardware-gebaseerde beveiligingsmodules toepassen en evalueren op
verschillende types van IoT apparaten. Om deze kennis over te brengen naar kleine en grote bedrijven, zullen 4 use-cases uitgewerkt worden: omgevingsmonitoring, onbemande luchtvoertuigen, industriële IoT en mobiele robots. Het project zal trachten om KMO’s (met typisch een beperkt onderzoeksbudget) te sensibiliseren bij het gebruik van IoT toestellen en ze te informeren om deze veiligheid op punt te zetten.
Project result
The project focused on hardware security for two different types of architectures (RISC-V and ARMv8 microcontroller).
With respect to the ARMv8 architecture, we developed an open-source framework compatible with each TrustZone-enabled ARMv8-M microcontroller, demonstrating the use of TrustZone for an environmental monitoring application. The code is split into a secure and non-secure zone, where veneer functions are used to make the bridge between both. Data is sent encrypted and authenticated from the regular application residing in the non-secure area to a remote server. The secret key used during the encryption is updated on a regular basis with the help of the TrustZone functionalities.
The use case for RISC-V was focused on drones. The purpose of making a drone fly from a single platform (an FPGA) is to illustrate that centralisation could be of added value. Identifying every processor in an end-product, and replacing them by (open source) RISC-V implementations is the first step. Next, these implementations are put on a single FPGA. The demonstrator illustrated that this is something than can be done in practice. The added value of what was achieved lies in attestation. With attestation a check can be done to determine that a device is still in a known and anomaly-free status. With multiple processors, the same amount of attestations needs to executed, whereas having a single platform only requires a single attestation. This provides a better scalable solution that, on top of that, is capable of doing a more thorough attestation.
With respect to the ARMv8 architecture, we developed an open-source framework compatible with each TrustZone-enabled ARMv8-M microcontroller, demonstrating the use of TrustZone for an environmental monitoring application. The code is split into a secure and non-secure zone, where veneer functions are used to make the bridge between both. Data is sent encrypted and authenticated from the regular application residing in the non-secure area to a remote server. The secret key used during the encryption is updated on a regular basis with the help of the TrustZone functionalities.
The use case for RISC-V was focused on drones. The purpose of making a drone fly from a single platform (an FPGA) is to illustrate that centralisation could be of added value. Identifying every processor in an end-product, and replacing them by (open source) RISC-V implementations is the first step. Next, these implementations are put on a single FPGA. The demonstrator illustrated that this is something than can be done in practice. The added value of what was achieved lies in attestation. With attestation a check can be done to determine that a device is still in a known and anomaly-free status. With multiple processors, the same amount of attestations needs to executed, whereas having a single platform only requires a single attestation. This provides a better scalable solution that, on top of that, is capable of doing a more thorough attestation.
Acroniem | VLATETRA6 |
---|---|
Status | Geëindigd |
Effectieve start/einddatum | 1/09/22 → 31/08/24 |
Keywords
- general mathematics
Flemish discipline codes in use since 2023
- Computer system security
- Other computer engineering, information technology and mathematical engineering not elsewhere classified
Vingerafdruk
Verken de onderzoeksgebieden die bij dit project aan de orde zijn gekomen. Deze labels worden gegenereerd op basis van de onderliggende prijzen/beurzen. Samen vormen ze een unieke vingerafdruk.