Demo at ITF and future work
Thus, Sancus is conceived as novel security architecture for resource-constrained, extensible embedded network systems. It provides remote attestation and strong integrity, as well as authenticity guarantees within a minimal layout of a trusted computing base. Sancus consists of the specially extended microprocessor, the dedicated software running in the safe harbors, and a C compiler that generates the Sancus-secured code.
To be precise, Sancus still is an ongoing project, and the researchers in Imec’s research groups at DistriNet and COSIC at KU Leuven must still resolve a number of issues to be included in Sancus. One of these issues is to ensure the availability and real-time function of the network. We can now guarantee that any messages that arrive in a module are legitimate. But we cannot yet ensure that they will arrive at their intended destination nodes. It would still be possible for an attacker to drop malicious messages - which our solution of course would detect. And in most cases this would probably not lead to dangerous situations, as the receiving node would raise an error flag and halt the system in a safe way. But this is of course inconvenient.
A second issue is safe operation of the secure software modules. Without formal design methodologies and inherently safe programming languages, these modules show vulnerabilities that may lead to unsafe operating situations. But due to the small isolated modules of trusted code, it should be possible to design these in a more formal, fault-free way.
Collaborating on Sancus
At this point, we are looking for collaboration partners to develop suitable hardware/software solutions, which are best adapted to the envisioned environments. At the upcoming Imec Technology Forum in Antwerp (ITF Belgium, May 16-17), Sancus is to be demonstrated, either in an automotive scenario or as a smart metering solution, which is another use case where embedded processors need additional security measures. At ITF, there is an excellent opportunity to discuss in technical detail how to add tight security to these embedded networks - an issue that will become more pressing when autonomous cars will start to communicate with their surroundings.