Forging the Links for a Digitally Secure and Sovereign Value Chain in Electronics
Trust keeps the fabric of our society together, but trust is also the most fragile and transient asset we have. In the heavily interconnected and complex world of modern industry, who and what to trust has become the question that will determine the success or failure of our digital future.
Objectives and Approach
The VE-ASCOT project was initiated to develop a dedicated Chain of Trust platform for one of the most sensitive areas of industry: The production of semiconductor components. As semiconductors are ubiquitous in modern life from everyday devices to critical infrastructure, the ability to tamper with their production would offer attackers – be they unscrupulous commercial competitors, criminals, or even state actors – a means of targeting virtually any aspect of our economic, social, and political existence.
As part of the federal initiative for trustworthy electronics ZEUS, VE-ASCOT contributes to the ambitious vision of technological sovereignty by helping shore up and secure this most critical field by linking together the electronics value chain with a durable and reliable chain of trust to achieve real security-by-design.
Innovations pursued by the initiative
Every link or “record” in the proposed Chain of Trust represents one piece of the component’s identity and is secured with cryptographic methods to guarantee integrity and authenticity over the entire product lifecycle. This is achieved by embedding the records of trust in a tamper-proof repository of sensitive data together with a trust anchor to build a unique digital ID (DID) for the electronic component.
New identity markers like “physical, obfuscated keys”, sensor data, or novel, cutting-edge features will complement new building blocks of hardware characteristics to identify a special electronic module.
With such trustworthy elements in place, electronic modules in the system can prove that they are who they say they are, that they have not been tampered with, and that they are authorized to do what they are doing.
With the unobtrusive nature of the physical elements, the Chain of Trust is easily integrated into existing production and operations landscapes, including the highly automated systems that are common in semiconductor production. Cleverly integrated with new commissioning and updating procedures, the system is designed to leave no loopholes for would-be attackers.
Evaluation and Demonstration
The evaluation of the achieved results, their comparison to a TPM solution, and an examination of a RiscV integration form the conclusion of the research phase.
A platform for image processing in medical technology is used for the demonstration that displays all project results as part of a multi-stage Trusted Boot process.
Another demonstrator from the industrial sector is intended to show the individual features from the purchased feature kit specifically in use with systems with fewer resources in terms of performance and energy.
WIBU-SYSTEMS AG (Wibu-Systems) is one of the three leading international manufacturers of software protection and is also a provider of DRM solutions for data, documents and media as well as access protection in the IT security market. Wibu-Systems currently employs over 90 people in Germany and generated international sales for approximately 20 million euros in 2019.
Siemens AG (headquartered in Berlin and Munich) is a global company focused on electrification, automation and digitalization. As one of the largest suppliers of energy-efficient, resource-saving technologies, Siemens is a leader in systems for the digitalization of the factory, power generation and transmission, among other things. The company plays a pioneering role in solutions for infrastructure and industry.
Infineon, as a DAX-30 company has been developing, manufacturing and supplying sensors, industrial and safety ICs for more than 20 years. The company generates over 8 billion in revenue with over 41,000 employees. In the security market alone, more than 3 billion chips were sold worldwide in 2019. A majority of its products are safety certified to ISO/IEC 15408 and are now predominantly used in the high security market.
SCHÖLLY is a leading international manufacturer of medical equipment technology for the imaging application area of endoscopy. Highly complex and certified electronics are required in the use of device technology. As a medium-sized company with approx. 1000 employees, SCHÖLLY is represented with its products on all world markets.
RevisionOne Engineering GmbH was founded at the beginning of 2007 by Dr. Martin Mörz and Dipl.-Ing. Marc Colling. This was preceded by two years of successful cooperation between the two independent development offices “Dr. Martin Mörz - Hardware and Software Development” and “MaCo-Engineering - Dipl.-Ing. Marc Colling”. The main focus of the engineering services is the development of complex hardware designs for high-end SoC/FPGA systems, which are used in critical infrastructures such as in the fields of medical and aerospace technology, and the associated FPGA design as well as firmware and software. By using advanced simulation software, RevisionOne can mitigate design risk even before prototypes are produced. This includes 2D and 3D Electromagnetic Field Simulation, SPICE tools, FPGA simulation tools, and mathematical modeling and simulation tools.
RevisionOne Engineering has also been working with leading semiconductor manufacturers and distributors for many years. This includes holding pan-European seminars for engineers hosted by the semiconductor manufacturers.
The Fraunhofer Institute for Secure Information Technology SIT is one of the world’s leading research institutions for cyber security and privacy protection. The institute focuses on the central security challenges in business, administration and society, and conducts practice-oriented cutting-edge research and innovation development. Numerous prizes and awards testify to the high quality of the results and developments.
The Cryptography and Security group of the KASTEL Security Research Labs focuses, among other things, on the modeling and formal security proofs of cryptographic procedures. This includes defining the security properties of building blocks as well as the desired security guarantees of complex interactive functionalities possibly involving multiple parties.
Bielefeld University was founded in 1969 with an explicit research mission and a focus on high-quality, research-oriented teaching. With 25,000 students, it now comprises 14 faculties covering a broad spectrum of subjects in humanities, natural sciences, medicine and technology.
The working group “Cognitronics & Sensorics” (AG-KS) of the Bielefeld University involved in the project is part of the Research Institute for Cognition and Robotics (CoR-Lab), which bundles the research activities of the Bielefeld University in the fields of cognitive science and artificial intelligence. Research focuses on the investigation of cognitive mechanisms by means of “understanding by building”, the development of machine learning algorithms and their integration into complex cognitive systems. Research at the CoR-Lab is conducted in the areas of biomechatronics (Prof. Schneider), Resource Efficient Microelectronics (Prof. Rückert), Machine Learning (Prof. Hammer), Cognitive Systems Engineering (Dr. Wrede), and Societal Challenges of Future Work (Prof. Maier).