You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
ORSHIN: Open-source ReSilient Hardware and software for Internet of thiNgs
ORSHIN: Open-source ReSilient Hardware and software for Internet of thiNgs
How to design embedded and connected devices taking advantage of open source hardware (and software)
About
It is common wisdom that cyber security is only as strong as the weakest link in a chain. Therefore, the main challenge is to identify the critical points of IoT infrastructure. To address this issue, ORSHIN is creating the first generic and integrated methodology, called trusted lifecycle, to develop secure network devices based on open-source components while managing their entire lifecycle. ORSHIN's trustworthy lifecycle consists of different phases (design, implementation, evaluation, installation, maintenance and retirement) that form a chain of trust. This lifecycle defines how the safety objectives are translated into policies for defined phases. Using this holistic view, ORSHIN will address critical links, reduce threats and improve security of open-source devices.
Vision
The open-source initiative represents a significant shift in the industry, providing the opportunity to share knowledge between industry and research and enabling rapid time-to-market for solutions, but there is still much room for improvement - particularly with a view to cyber security. Therefore, the ORSHIN project team will step together and develop a new approach that will improve cyber security, manage the entire lifecycle of trustworthy network and create a secure infrastructure for connected devices. To meet this challenge ORSHIN will work on building a trusted open-source hardware and software that will significantly reduce the risks associated with IoT devices - from design to its retirement, as a chain of trust called the trusted lifecycle.
The design of the Proteus extension for "Architectural Mimicry: Innovative Instructions to Efficiently Address Control-Flow Leakage in Data-Oblivious Programs".
E-Spoofer is a toolkit that reverse-engineers the Xiaomi proprietary application-layer protocols spoken over BLE, and attacks Xiaomi electric scooters (M365, Pro 1, Pro 2, 1S, Essential, Mi 3) and the Mi Home app.
Code used to implement the Secure Channel Protocol 03 (SCP03) in the context of a system composed of a RaspberryPi (acting as a master device/host) and an STM32 Nucleo board (acting as a slave device/secure element).
The tool called VoLPE, designed to quantify the power consumption leakage of a circuit by analyzing the toggle activity observed during its simulation.
Code that allows the deployment of selected Ascon algorithm implementations on an FPGA, the acquisition of power traces using the ChipWhisperer Husky tool, and their subsequent analysis.
Project that enables the acquisition and analysis of power traces using a Teledyne LeCroy oscilloscope connected to a TinyTapeout board.
Note: All ORSHIN repositories are kept under the ORSHIN GitHub organization, but some were originally created by the project partners in different locations. The original location is kept primary for traceability, while the ORSHIN GitHub organization hosts repository forks with demonstrator-related changes, and for archival reasons.
Partners
Technikon Forschungs- und Planungsgesellschaft mbH, AUSTRIA
Technikon (TEC) is a private, independent, Austrian SME with a highly specialized multinational team of 20+ engineers and scientists. It is dedicated towards engineering services as well as the planning, assessment and coordination of large industry driven international research projects. TEC as a main coordinator of ORSHIN project will contribute to the definition of the security requirements and focus on the data management and risk assessment. With extensive and long-lasting expertise in project management, TEC will ensure achieving ambitious goals, monitor risk and ensuring that appropriate risk mitigation measures are applied to reach the project objectives. In addition, TEC’s innovative media team will make sure to properly communicate and disseminate the project progress and its results in diversified ways.
Katholieke Universiteit Leuven, BELGIUM
KU Leuven [in Belgium] is an international community where innovative research forms the basis of all our academic programmes. Within ORSHIN we will work closely with two groups of KU Leuven (KUL). The Computer Security and Industrial Cryptography (COSIC) team belongs to the electrical engineering department and has more than hundred members ranging from PhD students to experts and professors from nearly all over the world. The research of COSIC covers a broad range from mathematical foundations of cryptography over protocols and algorithms to secure and efficient implementation in hardware and software. The DistriNet group belongs to the computer science department and covers the area of software and system security, distributed systems, and software engineering. KUL will work on formal verification of security properties and in particular on the needed models. KUL is scientific leader of ORSHIN.
EURECOM, FRANCE
EURECOM´s (ECM) research and teaching institute is one of the most active technological parks in Europe. ECM represents one of the schools under the Institut Mines Telecom organization and is governed by an international consortium of industrial and academic partners. Besides teaching at the MSc and PhD levels, ECM activities mainly revolve around networking, data science, computer security, multimedia, and mobile communications research. Daniele Antonioli is the technical lead and responsible for the secure and privacy preserving communication research while Aurelien Francillon is role and manages the secure auditing and testing ones. They are also contributing to effective auditing techniques, definition of the trusted life cycle and help identify its security requirements for ORSHIN project.
NXP Semiconductors Germany GmbH, GERMANY
NXP (formerly Philips Semiconductors) is well-known semiconductors manufacturer, with more than 90 years of experience. As a privately held manufacturer headquartered in the Netherlands it operates in more than 33 countries worldwide. The Hamburg site hosts a significant part of the Security Organization within NXP, including the majority of the internal Vulnerability Analysis (VA) team, where expertise ranges from side channel analysis to fault injection and software vulnerabilities. NXP will be in charge of developing effective security audits of firmware programs and open hardware. Additionally, it will lead the activities on tool development for enhanced security testing for open-source chip designs and firmware and support identification of the requirements for software audit.
Security Pattern Srl, ITALY
Security Pattern (SEC) is an innovative start-up founded in Italy. With the core business in consultancy and development of innovative security solutions for embedded systems SEC presents a word-leading player in the domain. The two founders, Guido Bertoni and Filippo Melzani, have long experience in a multinational semiconductor company, performing R&D in the field of cryptography, secure communication protocols, implementation of cryptographic algorithms secure against side-channel and fault attacks. SEC has the expertise in the definition of security requirements, selection of building blocks, development of hardware and software components and provides development methodologies for customers who need to demonstrate a ‘secure by design’ approach. For ORSHIN, SEC will take the lead on developing trusted life cycle methodologies, support development of robust crypto blocks and contribute to secure communication for embedded devices.
Texplained, FRANCE
Texplained (TXP) is expert in microchips security that offers solutions to fight against hardware piracy and counterfeiting. The French company designs tools for IC security evaluation and represents an established cryptographic research community. With its unique expertise on real world attacks, and its disruptive and efficient methodology, TXP provides experience on chip security for various types of applications (Banking, e-Gov, IoT, Automotive, Medical, Consumer, etc.). In addition, TXP offers different types of services, such as secure IC architecture and IC risk assessment, design counselling, hardware backdoors research and pirate device analysis. For ORSHIN, TXP will provide a methodology for inspection and evaluation of the security of the open chip designs, identify vulnerabilities that can be exploited by hardware attacks and contribute to the definition of requirements from physical perspective of ORSHIN components.
Tropic Square s.r.o., CZECH REPUBLIC
Tropic Square (TRPC) is a privately held start-up from Czech Republic, known for providing transparent and secure chip solutions. The company is fully focused on designing a transparent and auditable silicon secure element chip, freely available on the market. As from 2021, the company secured funding for the development of the first generation of a device called TROPIC01. TRPC is forming as fabless design house focused on secure system level solutions and design consultancy in that area. For ORSHIN project TRPC will take over the main tasks for creating and delivering outcomes that are compliant with open-source standards and contribute with its experience with design and industry.
Acknowledgement
Funded by the European Union under grant agreement no. 101070008. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union. Neither the European Union nor the granting authority can be held responsible for them.
