Applications with long lifespan by means of protecting updateable solutions (ALESSIO)
Whether in Industrie 4.0, autonomous vehicles, or intelligent home automation systems, billions of machines and equipment will be connected in the near future. From the networking of intelligent devices and systems to the so-called Internet of Things, seemingly limitless possibilities are arising. Enterprises can connect their production and logistics processes, and the new data they reap allow new analyses and controlling options. The networking of devices in the fields of industry, energy, mobility, and health will enable new applications such as remote device maintenance, driverless cars, or the monitoring of patient data.
However, connectivity comes at the cost of greater avenues of attack, which can now be carried out from afar. Once local defenses have been breached and data has been stolen, it can be used for more remote attacks. Reliable protection for sensitive and critical information is therefore urgently required.
With software alone, such networked systems can often not be adequately protected against attacks or tampering; a higher degree of security is provided by a combination of hardware and software. For this reason, the German Federal Ministry of Education and Research has been calling for hardware-based solutions to protect networked devices, sensitive data, and intellectual property.
Hardware-based security solutions provide an appropriate level of protection. For applications that are designed to operate for more than ten years, the solutions have to be able to respond to changing circumstances. Up to now, this level of flexibility precluded the use of hardware-based security solutions, an intrinsic contradiction that needs to be resolved.
Objectives and Approach
The goal of the joint ALESSIO project is to develop updatable security solutions for embedded systems in applications with a long lifespan. Two approaches are pursued in the project: The first one provides a chip-based security element with upgradable software, while the second approach will implement a security element in complex programmable logic circuits (FPGAs).
The project addresses the functionality and security measures of these security elements as well as their secure integration in the architecture. The lasting viability of the solutions also require an efficient management of data, such as keys or certificates, to be updated.
Three practical demonstrators will prove the feasibility and functionality of the proposed solutions.