It is common wisdom that cyber security is only as strong as the weakest link in a chain. Therefore, the main challenge is to identify the critical points of IoT infrastructure. To address this issue, ORSHIN is creating the first generic and integrated methodology, called trusted lifecycle, to develop secure network devices based on open-source components while managing their entire lifecycle. ORSHIN's trustworthy lifecycle consists of different phases (design, implementation, evaluation, installation, maintenance and retirement) that form a chain of trust. This lifecycle defines how the safety objectives are translated into policies for defined phases. Using this holistic view, ORSHIN will address critical links, reduce threats and improve security of open-source devices.
The open-source initiative represents a significant shift in the industry, providing the opportunity to share knowledge between industry and research and enabling rapid time-to-market for solutions, but there is still much room for improvement - particularly with a view to cyber security. Therefore, the ORSHIN project team will step together and develop a new approach that will improve cyber security, manage the entire lifecycle of trustworthy network and create a secure infrastructure for connected devices. To meet this challenge ORSHIN will work on building a trusted open-source hardware and software that will significantly reduce the risks associated with IoT devices - from design to its retirement, as a chain of trust called the trusted lifecycle.
Reference Number: 101070008
Programme type: Horizon Europe
Programme acronym: HORIZON-CL3-2021-CS-01-02
Project Start: 01.10.2022
Cost and Funding
Costs: € 3.814.500,00
Funding: 100,00% EU-funded
ORSHIN strives to help improve the security of systems based on open-source components. The project aims to contribute to the open-source code base in two main aspects: first, by proposing a security-aware design methodology based on open-source components, and second, by helping open-source projects to improve their security posture. Once the trusted life cycle is established, the advances are able to improve the overall security of IoT devices.
Mission and Objectives
The ORSHIN project’s main goal is to provide solutions to build trustworthy open-source hardware and connected devices. At the same time, this is intended to build a foundation for building trust in the security properties of open source components to promote their acceptance. ORSHIN will focus on the following objectives: • Definition of a life cycle for secure, connected embedded ORSHIN devices (trusted life cycle) • Enabling, supporting and improving the formal verification of security properties of ORSHIN components • Design of effective security audits for ORSHIN devices • Development of efficient, secure and privacy preserving protocols for embedded connected devices. • Creation of demonstrators for the developed methodologies and techniques.
Project, Risk and Innovation Management
Thorough the projects we will follow active research and innovation management approach and focus on the continuous quality control and risk management to ensure high-end goal and limit out the risks.
Trusted Life Cycle and Requirements Analysis
Methodology for the development of secure embedded devices will be defined and structured based on the following stages of life cycle: design, implementation, evaluation, installation, maintenance and retirement.
Models for formal verification
Meaningful and usable models will be formalized to verify security properties, including the security constraints and limitations dictated by physics. By that we will fill in the gap between software to hardware and hardware to physics.
Effective Security Audits
The proposed method will enable hardware and software co-testing, create toolchain, to lift closed-source software to a more abstract representation and develop new countermeasures that are resistant even with full openness of the design.
Secure Auth and Comms
In ORSHIN we will provide unique practical methods that will provide security and privacy for connected embedded devices by covering intra- and inter-device communication.
Demonstrators, Dissemination, Exploitation, Communication, Standardisation, Certification and Training
Creating and delivering outcomes that are compliant with open-source standards and will contribute to the European Research Union, industry, academia and open-source communities.