A new project involving some of the top hardware security teams in Europe aims to bolster research at Tallinn University of Technology (TalTech). Called SAFEST, the project has a sizable budget of more than €895,000. It will commence in January 2021 and run through December 2023. It is a so-called twinning project, with the objective of transferring expertise and knowhow from established European teams to the newly established Centre for Hardware Security at TalTech.
“The idea is to establish a network for collaboration,” says Samuel Pagliarini, head of the center. “In that sense, the partners on SAFEST have been handpicked because they have a lot of experience,” he says. “We are a young lab and just starting to establish a name for ourselves.”
Pagliarini joined TalTech over a year ago from Carnegie Mellon University in the US. A native of Brazil, he has also held research appointments at the University of Bristol in the UK. He specializes in trustworthy integrated circuit design, electronic design automation for secure systems, hardware trojans, reverse engineering, and circuit obfuscation. He is also considered to be an innovator in the field of hardware security, having designed 25 chips in a short career.
“This number is off the charts,” says Pagliarini. “It takes some experienced designers 20 years to reach that number,” he says. “This is their motivation in taking part,” notes Pagliarini. “I will teach them everything I can about classical circuit design and they are experts in security issues. It’s a good match for everyone.”
The partners on the SAFEST project include teams from the French National Center for Scientific Research (CNRS), the Technical University of Munich (TUM), Catholic University Leuven (KU Leuven) in Belgium, and the Technical University of Graz (TU Graz) in Austria. Much of the collaboration will revolve around staff exchanges, with postdocs moving between the different participating sites. SAFEST was actually supposed to kick off in June, but was postponed to January due to the ongoing COVID-19 pandemic.
“I spend a lot of my time worrying about the future of my scientists, so I want them to collaborate with the best possible researchers out there and this project will enable this,” Pagliarini. “Right now travel is almost impossible, so this project has been tricky to execute.”
As part of SAFEST, researchers will focus on testing practices, reverse engineering, and hardware-based defenses. Other areas of interest include side-channel attacks and hardware-software architectural vulnerabilities. Investing in Estonia’s competencies in these areas will also benefit the country’s digital services, which rely on encrypted personal identity cards that too are vulnerable to attacks by criminals, or “adversaries,” as Pagliarini prefers to call attackers.
“When we are talking about side-channel attacks, what is the concern?” Pagliarini says. “When the chip is computing, no data may get out in visible form, but an adversary might look at tiny shifts in power consumption to reverse engineer the chip’s calculations,” he says.
This is especially important in cryptography, Pagliarini notes, because even if the encryption is unbreakable, adversaries can monitor those small shifts in energy usage to break the encryption.
“This is a very big deal right now,” says Pagliarini. “Every sort of hardware implementation of cryptography is vulnerable.”
‘Tallinn-centric’
SAFEST’s networking strategy therefore aims to strengthen the research capabilities of TalTech and its partners in hardware security, to promote the university’s competitiveness through collaborative research efforts, to raise the profile of TalTech, and to contribute to the safety aspects of Estonian digital services. Work packages included in the project involve short-term staff exchanges, as well as workshops and summer schools, and dissemination and outreach efforts. Of six planned events, four of them are intended to take place in Tallinn, making the Estonian capital the hub of the twinning project.
“SAFEST is very Tallinn-centric,” says Jaan Raik, head of the Centre for Dependable Computing Systems at TalTech, who is also taking part in the project. “Everything is either from Tallinn or for Tallinn,” he says. Raik stressed that TalTech has much to gain through leading the effort.
“All the benefits will go to us, either through educating us or by cooperating with well-known partners,” Raik says. “It’s a very nice scheme from our perspective.”
“These other groups involved are some of the strongest in the world, and we need to learn from them,” says Tara Ghasempouri, a senior researcher at TalTech involved in the SAFEST project. Ghasempouri, a native of Iran who joined TalTech after gaining her PhD at the University of Verona in Italy, is responsible for verification of integrated circuit designs within the project.
These circuits, she notes, are found in most electronics, from refrigerators to dishwashers to mobile phones to digital encrypted identity cards. Verification of functionality is necessary so that these circuits don’t fail following assembly. “It can be very expensive to fix these issues if there is something wrong with, for instance, the microcontroller inside the circuit,” notes Ghasempouri. “Verification means that I ensure that the entire electronic device is working completely right.”
Given Estonia’s reliance on encrypted identity cards, Ghasempouri says that the SAFEST program should contribute to the security of Estonia’s digital society. “All of the digital signing of contracts and digital voting in elections is in danger,” she notes. “If we can make them safer, that will be of great help.”
Pagliarini sees a similar benefit for Estonia by taking part in the SAFEST project. “Should there be a hardware-based vulnerability that is somehow affecting e-Estonia in any way,” he says, “there will be an expert group here at TalTech that the government can turn to for help.”
This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 952252.
Written by: Justin Petrone
This article was funded by the European Regional Development Fund through Estonian Research Council.