The Internet of Things (IoT) landscape consists of highly heterogeneous devices, ranging from bare metal systems with a few kilobytes of RAM and limited or no security, to devices equipped with powerful AI support and built-in hardware to implement the Root of Trust (RoT) and Trusted Execution Environments (TEEs). Such a reality creates an open challenge for end-to-end security across the IoT network, leading to easy entry points for attackers. In addition to the need to handle interoperability issues between IoT devices with heterogeneous security capabilities, i.e., “horizontal” security assurance issues, there is also a need to provide high levels of assurance in “vertical” IoT device security stack, i.e., starting from the RoT to the TEE and up to the application layer. The CROSSCON project aims to address all these issues by designing a new open, flexible, highly portable, and vendor-independent IoT security stack that can run across a variety of different edge devices and multiple hardware platforms. The project’s scope covers security threats for open-source hardware for connected devices and smart, quantifiable security assurance in vertical IoT supply chains and across heterogeneous devices, including formal verification of open hardware.
CERTIFY defines a methodological, technological, and organizational approach towards IoT security lifecycle management based on (i) security by design support, (ii) continuous security assessment and monitoring (iii) timely detection, mitigation, and reconfiguration, (iv) secure IoT Over-The-Air (OTA) updating, and (v) continuous security information sharing
ORSHIN is creating the first generic and integrated methodology, called trusted lifecycle, to develop secure network devices based on open-source components while managing their entire lifecycle. The ORSHIN project’s main goal is to provide solutions to build trustworthy open-source hardware and connected devices. At the same time, this is intended to build a foundation for building trust in the security properties of open source components to promote their acceptance.
The vision of CONNECT is to address the convergence of security and safety in CCAM by assessing dynamic trust relationships and defining a trust model and trust reasoning framework based on which involved entities can establish trust for cooperatively executing safety-critical functions. The CONNECT Trust Management framework is the basis that models and captures the trust relationships of the next generation CCAM systems. CONNECT’s new safety paradigm is a key element in bringing autonomous driving to a completely new level of trustworthiness and is expected to lead to long-term consumer acceptance as a result.
SecOPERA aims to provide a one-stop hub for complex OSS/OSH solutions delivering to a connected device designer, implementer and operator as well as any open-source software/hardware developer, the means to analyse, assess, secure/harden and share open-source solutions as those are integrated in an overall complex product developed for a networked connected environment. The SecOPERA hub offers to the open-source community a framework supporting the open-source DevSecOps lifecycle and generates secure open-source solutions along with appropriate, verifiable security guarantees.
ENCRYPT develops a scalable, practical, adaptable privacy preserving framework, allowing researchers and developers to process data stored in federated cross-border data spaces in a GDPR compliant way, utilising Privacy-Preserving technologies like TEE, FHE, DP. Within this framework, a recommendation engine for citizens and end-users will be developed, providing them with personalised suggestions on privacy preserving technologies depending on the sensitivity of data and the accepted trade-off between the degree of security and the overall system performance.