European grant for research into new security approach for microchips
Belgian researchers from KU Leuven and digital research centre iMinds have received an ERC Advanced Grant of more than 2 million euros to make microchips more resistant to cyberattacks and other security threats. The five-year Cathedral project will be coordinated by Professor Ingrid Verbauwhede from the COSIC Division at KU Leuven and iMinds.
Bank cards, car keys, and smartwatches: they're all equipped with microchips. These chips have computing power, memory, software, and special (sensory) functions. Microchips are also increasingly being used in pacemakers, fridges, toys, and even sports shoes. A pacemaker, for instance, can use microchip technology to send health data to someone's doctor, so that prompt action can be taken when anomalous values are recorded.
But electronic devices can also be hacked, especially when we connect them to each other via the 'Internet of Things'. The aim of the Cathedral project to protect these devices is not only important from a technological point of view, but also has great societal value. After all, microchips are ubiquitous, and they sometimes collect highly sensitive information. That's we why need a new way to counter the threat of pacemakers being hacked or sensitive data falling into the hand of criminals.
"In the past, securing electronics was relatively easy: company computers were kept in a central computer room, behind a locked door. But today, electronics are embedded in virtually every device, which makes things considerably more complex," says Professor Ingrid Verbauwhede. "Existing methods such as complex cryptographic algorithms can be used to protect devices against cyberattacks. But microchips are small, lightweight, and have limited functionality. Sometimes, they don't even have a battery. As a result, they cannot support the existing, heavy security solutions."
The five-year Cathedral project sets out to investigate how even the smallest devices can be fitted with a 'lightweight security armour' to make them more resistant to hacks. "In the next five years, my Cathedral project team will be developing methods to integrate existing, complex mathematical security algorithms into microchips in an efficient way. Our security-by-design methodology for chips will bring together a considerable number of building blocks. We will take into account factors such as process variation (the unique fingerprint of every chip), limited power consumption (so that secure pacemakers have the same lifespan as the current ones), and the impact of physical manipulations of, for instance, the power supply of a chip or exposure to heat or cold."
"We want to establish the foundation for a new generation of microchips that can be used more securely in a number of sensitive sectors, from medical applications to the banking sector." Sensitive information such as medical data often needs to be protected for many decades, while technology continues to evolve: computers become more powerful, and attacks more sophisticated. That's why the Cathedral project will also focus on the implementation of new generations of cryptographic algorithms that offer protection for decades. Some of these are specifically designed for the 'Internet of Things', others are based on mathematics that can even resist quantum computing.
"With this project, we're really swimming against the tide," Professor Verbauwhede concludes. "The industry tends to accept that implementing cryptography on microchips is incredibly difficult, and thus not an option. However, we feel that discarding crypto is not a good idea. After all, cryptography is already integral to our daily lives, with applications such as internet banking and car keys. With the Cathedral project, we want to show that embedding reliable security solutions into microchips is a viable option. You only have to take it into account from the start – during the design stage of the chip. That is the blueprint we want to deliver."
The COSIC Division of KU Leuven and iMinds is the perfect candidate for the job. Compared to other teams around the world, Professor Verbauwhede and her team have a head start of more than a decade. The researchers have the know-how to combine cryptography, electronics, and hardware requirements into a single integrated approach. And when it comes to process variations in chip technology, they will be able to call on the expertise of research centre imec, given the recently announced merger of imec and iMinds.
Interested in learning more about this topic? Professor Verbauwhede sheds some more light on the Cathedral research project in this video.
Wim Van Daele