If you are a vehicle manufacturer dealing with insecure open-source software in car components — this project developed a formal verification toolchain and secure update protocol that prevents physical attackers from compromising vehicle systems.
Continuous Security Certification and Monitoring Platform for Open-Source IoT Devices
Imagine if every smart gadget in your office had a digital security guard that never sleeps, checking for holes in its armor from the moment it's built until it's retired. It's like having a continuous health check for electronics that ensures only trusted devices can join your network. If a new virus is found, the system automatically pushes a secure update to fix it without letting hackers sneak in during the process.
What needed solving
IoT devices using open-source components are vulnerable to cyber threats throughout their lifecycle. Current security checks are often one-time events rather than continuous monitoring, leaving systems open to new exploits after deployment.
What was built
A security platform featuring a formal verification toolchain, a Zero-touch Onboarding mechanism, and a secure software update protocol with side-channel resistance.
Who needs this
Who can put this to work
If you are a satellite operator dealing with the risk of remote hijacking of orbital assets — this project developed a customizable TEE based on RISC-V that ensures secure runtime operations in space.
If you are a city integrator dealing with thousands of diverse IoT sensors from different vendors — this project developed a Zero-touch Onboarding mechanism that ensures only devices with correct identity credentials can enter the city network.
Quick answers
How does this affect the cost of cyber insurance?
The project uses security auditing results to estimate premium costs, expanding traditional insurance models to cover open-source hardware and software assets.
Can this be scaled across different types of IoT ecosystems?
Yes, the platform is designed for scalability and interoperability across heterogeneous IoT ecosystems, as demonstrated in automotive, city, and satellite pilots.
Who owns the IP and how is it licensed?
Based on available project data, specific licensing terms are not provided, but the project focuses on open-source and open-specification hardware and software.
Does this help with EU legal compliance?
The project develops cybersecurity certification in accordance with the requirements and guidelines of the EU Cybersecurity Act.
How is the software integrated into existing devices?
Integration is achieved through a modular architecture featuring a customizable TEE and monitoring hooks that minimize the overhead footprint on the target device.
Who built it
The consortium is heavily industry-driven, with 10 industrial partners representing 67% of the 15 total members. This strong commercial presence, including 6 SMEs across 9 countries, suggests the project is focused on practical market application rather than pure academic research.
Contact GIOUMPITEK MELETI SCHEDIASMOS YLOPOIISI KAI POLISI ERGON PLIROFORIKIS ETAIREIA PERIORISMENIS EFTHYNIS in Greece.
Talk to the team behind this work.
Contact us to explore licensing for the RISC-V based TEE or the Zero-touch Onboarding mechanism.