Integrated cryptographic key management system across all system layers (SHELL)

The SHELL project aims to develop a novel, highly secure management and control system for unique, non-transferable cryptographic keys in the field of embedded systems and the Internet of Things (IoT). The innovative system is based on a symbiotic entanglement of hardware and software entropy and, for the first time, enables the dynamic regeneration of device secrets even after successful attacks.

Motivation

Cryptographic keys are typically static, meaning they are firmly integrated into a computer's hardware. This makes the computer vulnerable to attacks such as the "Tesla jailbreak," in which the operating system—i.e., the software—is modified during boot-up. This enabled researchers to gain administrator rights for the infotainment system of electric vehicles. Similar attacks are possible on many architectures and are also conceivable on critical infrastructure devices.

Objectives and Approach

The researchers in the "SHELL" project aim to develop an integrated management system that generates unique, dynamic cryptographic keys and thus does not require static key storage. This should ensure that the keys cannot be transferred. To achieve this, the project aims to extend a microprocessor architecture so that it can generate keys in a decentralized manner, depending on the respective combination of hardware, software, and processes. Since the keys are generated by multiple, independent parts of the system, an attack must address all system levels simultaneously. This makes attacks more difficult and the system more secure. Furthermore, the sustainability of devices is improved because they can be more easily adapted to new threats.

Innovations and Perspectives

The project minimizes dependencies on individual trust points. Furthermore, because it generates keys dynamically, the system can respond quickly to security vulnerabilities. This also reduces the likelihood of operational failures. In the long term, the project has the potential to revolutionize security across various sectors and provide chip manufacturers with a robust, adaptable security approach from the design phase onward.

Project Objectives

The SHELL project pursues multiple strategic objectives to advance the state of embedded system security:

• Increase the IT security of critical digital infrastructures and promoting innovations in the field of information and communication technologies in order to strengthen the competitiveness of German industry
• Strengthen Germany's digital sovereignty through independent security technologies
• Support climate neutrality in 2045 through durable, updateable security solutions without hardware replacement, thereby extending the life of devices and thus reducing resource consumption, significantly increasing sustainability
• Promote SME innovation in the high-tech sector

Technical Approach and Methodology

Our technical approach combines cutting-edge hardware security techniques with innovative software entropy generation methods to create a truly resilient security system:

• Explore symbiotic entropy generation methods by combining Physical Unclonable Functions (PUF) with software-based entropy
• Development of temperature-stable PUF architectures with machine learning-supported error correction
• Formal Security Evidence for the Symbiotic Key Management System
• Integration of zero-knowledge protocols into resource-constrained embedded systems

Expected Impact and Benefits

The SHELL project will deliver transformative benefits across multiple domains:

• Enhanced Security Resilience: Dynamic key regeneration capabilities ensure systems can recover from compromises without hardware replacement
• Environmental Sustainability: Significant reduction in electronic waste through extended device lifecycles and updateable security
• Economic Efficiency: Lower total cost of ownership for IoT deployments through reduced replacement needs
• Digital Sovereignty: Independent security technology strengthens national technological autonomy
• Industrial Competitiveness: Advanced security features position German industry at the forefront of secure IoT solutions

Research Consortium and Expertise

The project consortium brings together highly specialised expertise across security architecture, hardware manufacturing, and medical device development, enabling us to research and develop a comprehensive end-to-end solution for secure healthcare IoT applications.

• WIZnet Germany GmbH - Security specialists bringing extensive experience in enterprise security architectures, cryptographic building blocks, and secure identity systems. WIZnet leads project management and the security design and specifications, as well as primary research and testing planning/undertaking in the field of PUFs and temperature dependent security characterisation.
• SIEMENS - Acts as a commercialisation partner and offers significant industrial engineering expertise, as well as the test platform in the form of its smart sensors for use in critical infrastructures.
• Peak Solution - Support the consortium with their distributed PKI platform and cloud security framework 'Peak Security Suite'. All wider infrastructural components will be supported, as well as big data/data analysis planning/undertaking will be supported.
• Aware7 GmbH - Focus on awareness, offensive services and information security consulting. They support this project heavily in work packages related to security testing, analysis and reporting of the wider supporting security architecture.
• University of Stuttgart - The Institute of Computer Architecture and Computer Engineering will provide significant research expertise in preemptively evaluating and testing designs to ensure safe and reliable circuits and systems, design methodology and efficient/secure hardware architectures.

Current Progress and Next Steps

The SHELL project is currently in its initial research phase, with consortium partners actively working on foundational technologies for symbiotic key management. Our team is developing the theoretical framework for combining hardware and software entropy sources while establishing the formal security proofs necessary for critical infrastructure deployment.

Moving forward, we will focus on prototype development, testing temperature-stable PUF architectures, and integrating zero-knowledge protocols into our security framework. Pilot deployments with industrial partners will validate our approach in real-world critical infrastructure environments.

For more information about this project or to explore collaboration opportunities, please contact our project coordination team. We welcome inquiries from industry partners, researchers, and organizations interested in advancing the field of embedded system security and sustainable IoT solutions.