SPIRS · Project

Hardware-Level Security Chip That Protects IoT Devices and 5G Networks From the Ground Up

digitalTestedTRL 5

Imagine every smart device in your factory or network has a built-in, tamper-proof ID card welded into the silicon itself — something no hacker can fake or copy. That's what SPIRS built: a security system baked directly into the processor chip, so devices can prove they're genuine and haven't been tampered with. It works like a digital fingerprint extracted from the chip's own physical characteristics, making it virtually impossible to clone. The team validated this on real FPGA hardware for both factory automation and 5G network scenarios.

By the numbers

consortium partners

countries represented

demo deliverables produced

total deliverables

45%

industry partner ratio in consortium

validation scenarios (Industry 4.0 and 5G)

The business problem

What needed solving

Every connected device in a factory or 5G network is a potential entry point for attackers — and software-only security can be bypassed, cloned, or disabled. Companies deploying IoT at scale face the real risk that compromised devices could disrupt production lines, leak sensitive data, or serve as backdoors into critical infrastructure. There is no widely available, open hardware security platform that embeds trust directly into the silicon for industrial and telecom applications.

The solution

What was built

The team built a complete hardware security platform on RISC-V with a silicon-level Root of Trust (using physical unclonable functions and cryptographic engines), a Trusted Execution Environment, secure boot, and a trusted network element for 5G. They delivered final FPGA implementations, two working prototypes, and a mature trusted network element design validated in Industry 4.0 and 5G scenarios.

Audience

Who needs this

Industrial IoT equipment manufacturers building connected controllers and sensors5G infrastructure vendors developing base stations and edge computing hardwareChip design companies adding hardware security to their processor offeringsCritical infrastructure operators requiring tamper-proof device authenticationDefense and aerospace contractors needing hardware-rooted trust for embedded systems

Business applications

Who can put this to work

Smart Manufacturing

mid-size

Target: Industrial IoT equipment manufacturers and factory automation integrators

If you are an industrial equipment maker dealing with the risk of counterfeit controllers or compromised firmware on the factory floor — this project developed a hardware Root of Trust platform validated across 2 use-case scenarios (Industry 4.0 and 5G) that lets every device cryptographically prove its identity and integrity. With 8 demo deliverables including final FPGA implementations, the technology is ready for integration into next-generation industrial controllers.

Telecommunications

enterprise

Target: 5G infrastructure vendors and mobile network operators

If you are a 5G network operator worried about rogue base stations or compromised edge devices in your infrastructure — this project built a trusted communication channel system with privacy-respectful attestation mechanisms specifically designed for 5G deployments. The consortium of 11 partners across 5 countries delivered a final trusted network element design ready for integration into telecom equipment.

Cybersecurity

any

Target: Embedded security solution providers and chip designers

If you are a security vendor looking to offer hardware-anchored trust for your customers' devices — this project created an open RISC-V-based security platform with a complete suite including secure boot, runtime integrity checking, and a Trusted Execution Environment. The platform was designed to be open and modular, making it straightforward to integrate additional security building blocks into existing chip designs.

Frequently asked

Quick answers

What would it cost to integrate this security platform into our products?

The project data does not include licensing fees or integration costs. Since SPIRS is built on open RISC-V architecture with 5 industry partners in the consortium, commercial licensing terms would need to be negotiated directly with the coordinator (CSIC, Spain) or the relevant industry partners.

Can this scale to mass production volumes?

The platform was validated on FPGA implementations with area, timing, and power consumption measurements reported. Moving from FPGA prototypes to mass-produced ASICs is a standard but non-trivial step. The open platform design and RISC-V base were specifically chosen to facilitate integration and scaling.

What is the IP situation — can we license this technology?

The consortium includes 5 industry partners and 3 research organizations across 5 countries. IP ownership and licensing terms would be governed by the consortium agreement. The use of open RISC-V architecture suggests parts of the platform may be available under more accessible terms, but specific IP arrangements must be confirmed with the project coordinator.

Does this meet current security regulations and standards?

The project specifically addressed GDPR compliance through impact assessments included in their Trusted Network Element deliverable. The Root of Trust design underwent leakage and security assessment tests with countermeasures included in the final enhanced version. Specific certifications (Common Criteria, FIPS) are not mentioned in the project data.

How long would it take to go from this prototype to a commercial product?

The project delivered final FPGA implementations and mature software releases described as ready for further exploitation. Based on available project data, the core technology components are validated but would require ASIC tape-out, certification, and productization — typically an additional 2-3 year engineering effort for hardware security products.

Can this integrate with our existing systems and architectures?

The SPIRS platform was explicitly designed as an open platform that can easily integrate other building blocks and facilitate upgrades. It uses standard RISC-V processor cores and provides interfaces for Trusted Execution Environment communication, secure boot, and trusted communication channels across 5G infrastructure.

Consortium

Who built it

The SPIRS consortium of 11 partners across 5 European countries (Germany, Spain, Finland, France, Italy) has a strong industry presence at 45% — 5 industry partners alongside 3 universities and 3 research organizations. This balanced mix suggests the technology was developed with commercial viability in mind, not just academic interest. The coordinator is CSIC, Spain's national research council, which brings institutional weight but means commercialization will likely flow through the industry partners. Notable is the absence of SMEs, indicating this technology targets established players in the chip design and telecom equipment space rather than startups.

AGENCIA ESTATAL CONSEJO SUPERIOR DE INVESTIGACIONES CIENTIFICASCoordinator · ES
THALES DIS FRANCE SASparticipant · FR
COMMISSARIAT A L ENERGIE ATOMIQUE ET AUX ENERGIES ALTERNATIVESparticipant · FR
TAMPEREEN KORKEAKOULUSAATIO SRparticipant · FI
TELEFONICA INNOVACION DIGITAL SLparticipant · ES
NEC LABORATORIES EUROPE GMBHparticipant · DE
POLITECNICO DI TORINOparticipant · IT
FONDAZIONE LINKS - LEADING INNOVATION & KNOWLEDGE FOR SOCIETYparticipant · IT
UNIVERSIDAD DE SEVILLAthirdparty · ES

How to reach the team

CSIC (Agencia Estatal Consejo Superior de Investigaciones Cientificas), Spain — national research council with technology transfer offices

Order a report on this consortium See AGENCIA ESTATAL CONSEJO SUPERIOR DE INVESTIGACIONES CIENTIFICAS profile →

Next steps

Talk to the team behind this work.

Want an introduction to the SPIRS team for licensing or integration discussions? SciTransfer can connect you with the right consortium partner for your specific use case.

Order a report on this topic More in Digital & ICT