European grant of over 2 million euros for iMinds - KU Leuven research into new security approach for microchips

Five-year ‘Cathedral’ research project aims to make electronics more resistant to abuse and attacks

Professor Ingrid Verbauwhede (iMinds - KU Leuven) has been awarded a European ‘ERC Advanced Grant’ of more than 2 million euros for her research into better security approaches for microchips. Her research project is not only important from a technological point of view, but also has great societal value. After all, microchips are ubiquitous and sometimes collect highly sensitive information. This makes them a popular target for criminals and organizations that want to get hold of these data – both via physical and cyberattacks. Through her ‘Cathedral’ project, Professor Verbauwhede wants to incorporate ‘lightweight’ security mechanisms in electronics to make them more resistant to hacks. This should lay the foundation for a new generation of microchips that can be used more securely in a number of sensitive sectors – from medical applications to the banking sector.

Microchips: they include computing power, memory, software and special (sensory) functions and are present in numerous items we use every day (bank cards, car keys, tablets, smartphones, smartwatches, etc.). What’s more, they are also increasingly being integrated in objects we do not necessarily associate with microchip technology (pacemakers, fridges, toys, and even sports shoes).

Thanks to microchip technology, a pacemaker, for instance, can send health data directly to one’s doctor so that prompt action can be taken when anomalous values are recorded. But electronics can also be hacked, especially when we connect our devices to each other – and ourselves – via the ‘Internet of Things’. To counter that threat, a solution is required that has been built from the ground up, because no one wants to run the risk of his or her pacemaker being hacked or sensitive data falling into the hands of criminals.

"In the past, securing electronics was relatively easy: a company’s computers used to be housed in a central computer room, behind a locked door. But today, electronics are embedded in virtually every device – which makes things considerably more complex," says professor Ingrid Verbauwhede (iMinds - COSIC - KU Leuven). "Obviously, some methods exist today – such as complex cryptographic algorithms – to protect devices against cyberattacks. But microchips are small, weigh little and have limited functionality. Sometimes, they do not even have a battery. So they really are not equipped to support the existing, heavy security solutions. That is why we are going to investigate how every device – even the smallest ones – can be fitted with some sort of ‘lightweight security armor’. And that is quite a challenge."

"As part of my ‘Cathedral’ research project, over the next five years I will be developing methods to efficiently integrate existing, complex mathematical security algorithms into microchips. A real ‘security-by-design’ methodology for chips, in other words, in which we will be bringing together a considerable number of building blocks – thereby taking into account factors such as process variation (the unique fingerprint of every chip), limited power consumption (because secure pacemakers will need to have the same lifespan as the current ones) and the impact of physical manipulations (such as manipulating a chip’s power supply or exposure to heat or cold). With this research, we want to lay the foundation for a new generation of microchips that can be used more securely in a number of sensitive sectors – from medical applications to the banking sector."

After all, sensitive information (such as medical data) often needs to be protected for many decades. But technology continues to evolve: computers become more powerful and attacks are getting increasingly sophisticated. That is why, in addition to existing algorithms, a great deal of attention will be spent on the implementation of new generations of cryptographic algorithms that offer protection for decades. Some of these are specifically designed for the 'Internet of Things', others are based on mathematics that can even resist quantum computing.

"With this research, we really are swimming against the tide," professor Verbauwhede concludes. "It is generally accepted in the industry that implementing cryptography on microchips is incredibly difficult, and therefore, not an option. However, we feel that discarding crypto is not a good idea; after all, cryptography has already become an integral part of our daily lives – having been integrated in applications such as internet banking but also in the technology used in our car keys. Through the ‘Cathedral’ project, we want to show that embedding reliable security solutions into microchips is a viable option. You only have to take it into account from the start – during the design stage of the chip. And this is the blueprint we want to deliver."

The COSIC research group from iMinds and KU Leuven is perfectly placed to realize a breakthrough in this field: this is a subject that has been part of its curriculum for years, which virtually gives professor Verbauwhede and her team more than a decade head start on other research teams from all over the world. Moreover, the iMinds - KU Leuven researchers have the know-how to bring cryptography, electronics and hardware requirements together into a single integrated approach. And thanks to iMinds’ announced merger with imec, they can call on imec’s expertise on process variations in chip technology.

Interested in learning more about this topic? In the following video professor Verbauwhede sheds some more light on her Cathedral research.