A team of researchers from the CSIC has received 5 million from the EU to increase the cybersecurity of digital devices, especially those belonging to the category of the Internet of Things, telemedicine or new industrial robots. Its objective is to develop software and hardware to improve the management of digital identifiers, the DNI of the machines that cybercriminals try to forge to deceive them and sneak into their systems.
The Medicines Agency withdraws remote controls of insulin pumps due to risk of hacking
“This identifier can be a user, entity or object name, or an alphanumeric string —for example, 02189aBDEFadf111—, which is shown to the system or service in order to start the authentication or validation process necessary to start using said system. or service, “explains David Arroyo, researcher at the CSIC. By falsifying that ID, the machines open the door to their data and operation, considering the attacker as their legitimate operator.
The CSIC will work on the architecture of RISC-V, a project to develop open source microchips. Or what is the same, “a set of instructions that is for everyone and for everyone, that serves so that anyone can make their chips and that we do not depend on companies that charge more than 50 times what it is worth to develop them,” he explained in a interview with elDiario.es the director of the National Supercomputing Center, Mateo Valero.
Because the bottleneck in microchip production that is causing a global shortage is not the only one affecting the sector. If its manufacturing is ultra-concentrated in only two Asian companies (TSMC, from Taiwan; and Samsung, from South Korea), there is also another bottleneck in its design. In this case, it is dominated by American companies such as Intel, Nvidia or Qualcomm.
Valero’s body coordinates the European initiative to promote the RISC-V through MareNostrum 4, the supercomputer that Spain has in a chapel in Barcelona and which will soon be replaced by version 5, 30 times more powerful. The goal is to have those open source chips within five years. The CSIC project, called Spirs, will complement the initiative with the development of new technology focused on improving the cybersecurity of the IDs that will be used by those future European-designed microprocessors. The five million euros from the EU will finance the research until 2024.
Protect the weak points of the new chip
According to the EU statement, Brussels has especially valued the impact that CSIC research can have on key sectors such as 5G technology or industrial robots. These are two areas where the lack of technological sovereignty is of particular concern to cybersecurity experts.
The CSIC project will try to eliminate weak points in these identifiers that can be used to hack entire computer systems. The devices that are showing the most vulnerable to this type of cyberattack are those industrial robots, but also all those of the Internet of Things and telemedicine. At the end of October, the Medicines Agency withdrew insulin pump remote controls due to the risk of hacking, warning that their lack of cybersecurity puts the lives of patients at risk.
Cybercriminals can take advantage of these weak points throughout the life cycle of identifiers, so the CSIC team – made up of researchers from the Institute of Microelectronics of Seville (IMSE) and the Institute of Physical and Information Technologies – will try improve how they are created, how they are protected while in use and how they are destroyed. “The project has a comprehensive approach: it encompasses the generation of identifiers at the hardware level, their deployment through secure open source computing, and their use to guarantee the privacy of end users,” Arroyo details.