More security in the network: Joint project develops open and certifiable sensor platform for IoT applications

A growing number of people are equipping their home or work environment with IoT components such as smart meters, temperature sensors or cameras. This has many advantages: smart meters allow for cost-effective electricity tariffs optimized to the actual consumption; electricity, and CO₂ can be saved thanks to intelligent control of heating or air conditioning; surveillance cameras and fire detectors provide additional security. However, there are significant security concerns. For one thing, the use of IoT technologies usually involves private and sensitive data. For another, the devices are sometimes installed in security-critical locations (e.g., intelligent door locks). At the same time, there is a lack of adequate security standards. This circumstance is due not only to the tremendous cost pressures but also the absence of standardization in this field. Incidents such as the leak of private live videos at an American security technology manufacturer underscore the urgency of this issue.

Collaboration partners aim for standardized IoT security architecture

This is where the SASPIT project (Safe and Secure Sensor Platform for IoT), funded by the German Federal Ministry of Education and Research (BMBF) with approximately 3.3 million euros, comes into play. In this project, a consortium of industry and research partners, coordinated by the DFKI research department Cyber-Physical Systems, is working on an open and standardized IoT sensor platform. In addition to DFKI, the consortium includes Thermokon Sensortechnik GmbH, Infosim GmbH & Co KG, TÜV Informationstechnik GmbH, Mixed Mode GmbH, Ingenics Digital GmbH, PHYSEC GmbH, RheinMain University of Applied Sciences and Ruhr University Bochum with its chairs for Security Engineering and for Digital Communication Systems. The project's results will be illustrated through demonstrators in the field of home or office automation.

"The planned sensor platform is intended to serve as the basis for a standardized security architecture for IoT systems. To this end, we are looking at all levels of system design and investigating measures at various stages of the value chain to increase trustworthiness all the way to a certifiable system. We are looking forward to an interesting project with competent partners that will help people to enjoy the benefits of smart devices with a good conscience," says project manager Prof. Dr. Christoph Lüth from DFKI's Cyber-Physical Systems research department.

Project harnesses the advantages of open source systems

During the development of the platform, the SASPIT partners will release as many results as possible as open source (both hardware and software) to ensure reusability for other market participants. This also brings a high level of flexibility for end users who are not restricted to a specific manufacturer when choosing devices. The design of the processors specialized for the Smart Home context is based on the RISC-V architecture. This open hardware architecture offers an independent and cost-effective alternative to the major chip manufacturers and is seen as a key to Germany's and Europe’s digital sovereignty, especially in times of semiconductor supply bottlenecks. For the RISC-V processors, which are enhanced with sensors and actuators, the partners are developing a generic, open-source software architecture. This way, a complete system of intelligent IoT sensors is created, which can be combined as platform nodes into networks to intelligently and securely connect, for example, entire rental apartment complexes. For this purpose, a suitable management infrastructure will be implemented to ensure the confidentiality of data on individual nodes.

Guaranteed data security in design and after delivery

To protect personal data, the partners implement specialized cryptographic components and encryption techniques and devise measures to harden them against physical attacks. The fundamental objective is to consider successful verification and certification in both software and hardware development and to create the necessary prerequisites. This contrasts with existing IoT solutions for the home sector, which do not currently require certification and thus may be potentially insecure. Furthermore, the partners employ innovative radiation analyses to ensure the security of the sensors even after manufacturing, during the delivery process, and in operation. In this process, a distinctive radiation signature, applied directly to the circuit board, detects any alterations made to a device after delivery.

DFKI performs verification using virtual RISC-V prototype

The DFKI research department Cyber-Physical Systems, headed by Prof. Dr. Rolf Drechsler, contributes to SASPIT its extensive expertise in the field of system design with a focus on security, correct function, and reliability, particularly for RISC-V based systems. In addition to project coordination, DFKI is responsible for end-to-end verification of the sensor platform to ensure its functional correctness and resilience against attacks. For this purpose, a virtual prototype developed by the researchers and adapted to the platform is employed, allowing for easy implementation of test cases and verification of the system prior to its physical implementation. To achieve this, the prototype can be enhanced with virtual peripheral devices such as sensors or actuators. It is also possible to directly connect real existing hardware.

SASPIT is funded from May 1, 2023, until April 30, 2026, by the German Federal Ministry of Education and Research (BMBF) in the research framework program on IT security "Digital. Sicher. Souverän." under grant number 16KIS1852K.

More information: 
SASPIT website: http://saspit.cs.hs-rm.de/