Device and System Security

Device and system security is of utmost strategic importance to Switzerland. With IT forming the foundation for all key pillars in the society, Switzerland fundamentally relies on commodity devices, systems and/or IT services developed abroad with no verifiable or certifiable evidence of trustworthiness and not open to inspection. Moreover, most modern devices are vulnerable to a plethora of side-channel attacks in hardware due to resource sharing and have been designed with little attention or consideration to security/privacy beyond conventional approaches to program isolation. On the flipside, Switzerland is well-positioned as a promoter of a brand for trustworthiness to pioneer technologies for secure devices and systems that are open to inspection.

In this pillar, we propose to build devices and systems ground up with security and privacy as a contract between software and hardware. Modern approaches to adding ad hoc hardware mechanisms to established vendor CPU’s (e.g., x86, ARM) and patching the software stack to use the mechanisms not only do not address side-channel attacks at a fundamental level but also increase the software complexity which potentially leads to more vulnerability. Moreover, with the slowdown in silicon scaling, the emergence of a spectrum of heterogeneous accelerators in a single device and the move towards decentralized device components with potentially multiple network endpoints, CPU-centric solutions will be less effective.

We will develop software interfaces to hardware components in a device that would guarantee no window of observability for resource sharing with well-defined advertised semantics, which can be used as a building block for building systems and application software that have guaranteed (and verifiable) security properties. Such behaviour can then be inspected and verified in both software and hardware, and can be used to make sure that power and thermal management approaches are compatible with security and privacy constraints imposed by the application target. In the earlier stages of this pillar we will rely on an open-source device ecosystem (e.g., RISC-V) to test the technologies in an IoT environment. IoT devices are emerging as a prevalent substrate in cyber-physical systems with a lower barrier to deployment. These devices also have shallower stacks and software ecosystems allowing for more intrusive co-designed hardware and software solutions for trustworthiness. Moreover, our ground-up technologies (both hardware and software stack) would also be suitable for new accelerator components (in specialized ICs or mapped in reconfigurable hardware as FPGAs) as they emerge in established commodity platforms from mobiles to servers since these architectures are less dependent on the rigid software ecosystem of established CPU’s and similar to IoT’s.

EPFL’s device and system security team has had a long history of pioneering not just hardware and accelerator architectures, but also methodologies for design and verification of integrated silicon devices and operating systems, system software design and co-optimization, and virtualization with a proven track record of technology transfer.

DuoKey receives the Digital Award for Start-up of the Year 2022 !

DuoKey receives the Digital Award for Start-up of the Year 2022 ! During the Spring Party organized by the ICTjournal , our Swiss startup, active in the field of cybersecurity, was elected Swiss cyber start-up of the year 2022 by a jury of the CIOs member
News type : News
jph_abe

[FR] Montres connectées : des mesures pas toujours fiables

C4DT Academic Director Jean-Pierre Hubaux discusses the privacy and security of smart watches on a new episode of RTS's 'A bon entendeur'.
News type : Press reviews
manning

[FR] Chelsea Manning: «J’ai plus d’accès à la guerre en Ukraine avec mon laptop que je n’en avais en Irak»

Dès le lundi 7 mars, Heidi.news invite à prendre de la hauteur par rapport à la guerre en Ukraine et son flot incessant d'informations. Pour cette «semaine des spécialistes», nous sommes partis à la recherche d’esprits aiguisés pour nous aider à mieux comprendre ce qui se joue là, sous nos…
News type : Press reviews

DuoKey, Futurae and Nym join the C4DT through its associate partner program

We are delighted to announce that 3 additional start-ups have joined the C4DT community through the C4DT start-up program. For two years Duokey SA, Futurae Technologies AG and Nym Technologies SA will complement the already diverse group of partner companies through their start-up perspectives to collaborate and share insights on…
News type : News

Ruag AG joins the C4DT

We are pleased to announce that Ruag AG, Switzerland, has just joined the C4DT as partner. Owned by the Confederation, Ruag AG is the technology partner of the Swiss Armed Forces. Together with armasuisse, Ruag’s presence strengthens C4DT's expertise in cybersecurity and cyber defense. We are convinced that this partnership…
News type : News

Client-side scanning is like bugs in our pockets

Encryption provides a solution to security risks, but its flipside is that it can hinder law enforcement investigations. A new technology called client-side scanning (CSS) would enable targeted information to be revealed through on-device analysis, without weakening encryption or providing decryption keys. However, an international group of experts, including EPFL,…
News type : Press reviews

“We managed to score an amazing 10th place at DefCon CTF!”

The Polygl0ts, EPFL’s cyber security competitions team lead by C4DT affiliated Prof. Payer, has just returned from the United States after competing at the DefCon Capture The Flag competition, the oldest and largest hacker convention/security conference in the world.
News type : Press reviews

“Network neutrality is a buzzword but there is no agreed definition”

C4DT affiliated Associate Professor Katerina Argyraki works on computer networks and neutrality, a notion she believes is critical to ensuring that the internet continues to foster competition and innovation.
News type : Press reviews

Little Syster: the first privacy trust index for digital services

Giving back to citizens the control of their private life in the face of digital technology: this is the mission of the French company Little Syster. Launched in 2020, it uses a technology based on artificial intelligence that was developed at the LSIR EPFL laboratory headed by C4DT affiliated Prof.…
News type : Press reviews

Trust Valley sets off at EPFL

An alliance for excellence supported by multiple public, private and academic actors, the "TRUST VALLEY" was launched on Thursday, October 8, 2020. Cantons, Confederation, academic institutions and captains of industry such as ELCA, Kudelski and SICPA, come together to co-construct this pool of expertise and encourage the emergence of innovative…
News type : News

Prof. Carmela Troncoso interviewed by “Le Temps” on her contribution to the SwissCovid app

French-language news paper 'Le Temps' interviewed C4DT-affiliated Carmela Troncoso, professor of the SPRING lab at EPFL, on her contribution to the SwissCovid app and on her passion for privacy protection in the digital world. Read the article in French on 'www.letemps.ch' by clicking the following link.
News type : Press reviews

Vaud and Geneva join forces to create the Trust Valley

Building on the expertise of 300 companies and 500 experts, the Vaud and Geneva Cantons of Switzerland are launching the Trust Valley, a public private cooperation for safe digital transformation, cybersecurity and innovation. Among the founding partners are C4DT members ELCA, Kudelski Group and SICPA. For more information please click…
News type : News

C4DT interviewed by “24Heures” on the Crypto AG scandal

In the wake of the recent Crypto Ag scandal, French-language news paper '24Heures' interviewed Jean-Pierre Hubaux, professor at EPFL, academic director of the Center for Digital Trust, on his insights on data protection and on the scandal's impact on our trust in the digital world. Read the article in French…
News type : Press reviews

CYD and EPFL launch the CYD Fellowships

Cyber-threats have been accelerating due to the exponential growth of network connectivity. These new capabilities provide myriad opportunities for security hackers to wreak significant damage for commercial, political, or other gains. To promote research and education in cyber-defence, EPFL, the Swiss Federal Institute of Technology in Lausanne, and the Cyber-Defence…
News type : News

C4DT mentioned in “Le Temps” as an initiative against cybercrime

Initiatives against cybercrime, online harassment or spying are increasing at an impressive rate. Switzerland wants to position itself as a world center of excellence. French-language news paper 'Le Temps' asked Olivier Crochat, executive director of the Center for Digital Trust, about the center's focus. Read the article in French on…
News type : Press reviews

C4DT mentioned in RTS French radio show Alter Eco

C4DT is mentioned in RTS French radio show 'Alter Eco', broadcasted on Jan 6th in French and entitled "Lausanne, 'capital mondial de la confiance'". Please click below to access the broadcast.
News type : Press reviews

Switzerland: launch of a label to protect SMEs from cyber risks

Protecting your SME from cyberattacks is often complicated: costs of IT security audits, absent or overly complex standards, lack of internal skills have discouraged more than one company from confronting these risks. Born from a participative approach, the Label cyber-safe.ch helps SMEs and other small organizations to manage their cyber…
News type : News

Launch of the CyberPeace Institute in Geneva

Thursday 26 September 2019 saw the launch of the CyberPeace Institute, an independent NGO that will address the growing impact of major cyberattacks, assist vulnerable communities, promote transparency, and advance global discussions on acceptable behavior in cyberspace. EPFL President Martin Vetterli will be sitting on the Executive Board, and the…
News type : News

C4DT’s academic director on e-ID in “Le Temps” daily newspaper

On the 4th of June, the Council of States debated the Swiss law on e-ID (Federal Act on Electronic Identification Services, LSIE). C4DT’s academic director Prof. Jean-Pierre Hubaux wrote an article on the topic for the Swiss French-language daily newspaper 'Le Temps', in which he favors state control of all…
News type : Press reviews

EPFL computer scientists flag global hardware security vulnerability

Researchers in the HexHive and Parallel Systems Architecture (PARSA) laboratories of EPFL's School of Computer and Communication Sciences, in collaboration with IBM researchers, have identified a widespread computer security vulnerability affecting laptop, desktop and server hardware.
News type : News