- The EU-funded project CROSSCON aims at designing a new open, modular, highly portable, and vendor-independent IoT security stack that can run on highly heterogeneous devices.
- The CROSSCON consortium is coordinated by Atos and scientifically led by the University of Trento.
- CROSSCON is a Research and Innovation project funded with €4.6M by the European Union.
The Internet of Things (IoT) landscape consists of highly heterogeneous devices, ranging from bare metal systems with a few kilobytes of RAM and limited or no security, to devices equipped with powerful AI support and built-in hardware to implement the Root of Trust (RoT) and Trusted Execution Environments (TEEs).
Such a reality creates an open challenge for end-to-end security across the IoT network, leading to easy entry points for attackers. In addition to the need to handle interoperability issues between IoT devices with heterogeneous security capabilities, i.e., “horizontal” security assurance issues, there is also a need to provide high levels of assurance in “vertical” IoT device security stack, i.e., starting from the RoT to the TEE and up to the application layer.
The CROSSCON project aims to address all these issues by designing a new open, flexible, highly portable, and vendor-independent IoT security stack that can run across a variety of different edge devices and multiple hardware platforms. The project’s scope covers security threats for open-source hardware for connected devices and smart, quantifiable security assurance in vertical IoT supply chains and across heterogeneous devices, including formal verification of open hardware.
The project will validate its approach in several use cases that will deal with trusted services for connected devices in restricted environments such as IoT devices, including patches, security audits, inventory management, detection of insecure components, decommissioning, secure authentication, secure communication, and others. CROSSCON will provide the open specifications of the stack, along with an open-source reference implementation.
In addition to strengthening the EU’s cybersecurity capabilities and the EU’s sovereignty over digital technologies, CROSSCON will also reinforce cybersecurity awareness and community building. The CROSSCON consortium is coordinated by Atos, with the University of Trento serving as the scientific leader. The consortium includes other well-established and renowned cybersecurity experts from both academia and industry, such as the universities of Darmstadt, Wurzburg, and Minho, the R&D centre SEARCH-LAB, and the SMEs Beyond Semiconductor, CYSEC, Barbara IoT, and 3mbed.
More information about the project: www.crosscon.eu | contact@crosscon.eu
CROSSCON has received funding from the European Union’s Horizon Europe research and innovation programme under grant agreement No 101070537.