CROSSCON

IoT developers face a very fragmented landscape made of very different devices, from bare metal devices with few KB of RAM and limited or no security protection to devices equipped with powerful support for AI and with built-in hardware (HW) to implement Root of Trust (RoT) and Trusted Execution Environments (TEE).

Such different devices coexist, and it is an open challenge to guarantee an acceptable level of security across the whole system to avoid “easy” entry points for attackers. The complexity is further exacerbated by the existence of many HW platforms, general purpose but also domain specific, each implementing proprietary instances of RoT and TEE that prevent or make it very difficult for applications and security services to interoperate.

CROSSCON aims at addressing all these issues by designing a new open, flexible, highly portable and vendor independent IoT security stack that can run across a variety of different edge devices and multiple HW platforms to offer a consistent security baseline across an entire IoT system. A high-level assurance is guaranteed by the formal verification of the stack specifications.

CROSSCON stack offers a unified set of trusted APIs to the layers above. It is modular and among all the security features it offers is possible to configure only the ones needed depending on the underlined HW and firmware.