Zero Trust Hardware Architectures Workshop (ZTHA)

Co-located with 2024 Conference on Cryptographic Hardware and Embedded Systems (CHES)

September 4, 2024

Halifax, Canada

Overview [Call for Talks]

With an ever-increasing number of attacks on the software, firmware and hardware stacks of systems, there is an urgent need to adopt a zero-trust model for cybersecurity. The zero-trust model is based on the principle of “never trust, always verify” and is aimed at eliminating all implicit trust in a system. While adopting a zero-trust model for network security generally involves authenticating the credentials of users in the network, authorizing access, and continuously validating the credentials, these measures need to be modified and extended to create underlying hardware and firmware that is trusted and secure. Cryptography to perform authentication, verification and provide confidentiality are core technologies to enable the foundations of zero trust. Addressing the implementation challenges of cryptography is central to bringing zero-trust principles to the cloud/edge computing environments. Thus, devising novel approaches for building zero-trust architectures with efficient cryptographic implementations, from systems all the way down to silicon, is one of the big challenges for next generation hardware design.

Traditionally, research on establishing trust and security in hardware has primarily focused on the host CPU and its associated memory subsystems. These include principles of trusted execution environments, silicon roots of trust, Trusted Platform Modules, encryption at rest, etc. In addition, these techniques have primarily been focused on “boot time” verification. For firmware in continuously running systems, there is also a need to periodically reverify or continuously verify. Thus, in modern embedded and non-embedded system architectures, such as edge/cloud computing, composable systems, and chiplet based integrated circuits, trust needs to be extended beyond the host to incorporate other hardware devices and the intellectual property (IP) models used to design them. In view of threats such as compromised supply chain integrity, counterfeit chips, hardware trojan implants, malicious firmware, malware, etc., it is important to establish trust in hardware components and to communicate trust between different components of a system. This could include communication between different IPs inside an SoC, between a host and its attached peripherals, as well as between chiplets inside a multi-chip module. Trust also needs to be established and revoked in a dynamic manner, with the ability to handle large number of subcomponents in the design. Thus, a new set of protocols that can work to establish trust and security in these new types of system architectures has become necessary. While some of these protocols are being developed as industry and government standards, large-scale effort is required to bring them to adoption. It is equally important to develop open source and verifiable hardware designs that can be secure while balancing requirements for size, weight, power, performance, and functionality. The focus of this workshop will be on all aspects of security and trust required to create zero-trust hardware architectures for traditional and embedded systems, and their components.

Topics of interest

The areas of interest include but are not limited to:

  • Extending confidential computing or Trusted Execution Environments to embedded devices, components and peripherals
  • Building security and trust through cryptography in novel computing architectures such as composable processors/composable systems
  • Enabling security and trust through cryptography in novel packaging technologies such as Heterogeneous Integration/System-in-Package/Chiplets
  • Secure and trusted integration of AI cores or AI chiplets in heterogeneous systems/circuits
  • Secure and private AI and large-scale workloads in heterogeneous computing systems
  • Dynamic or runtime verification/reverification
  • Trusted computing and cryptographic implementation challenges of real-time hardware for IoT and autonomous vehicles
  • Supply chain security of hardware and firmware
  • Threat models for applications of zero-trust architecture
  • Security and trust in Cloud/Edge computing and infrastructure
  • Role of open-source designs and standards for security and trust
  • Other emerging topics in security and trust such as post-quantum cryptography, homomorphic encryption, secure multi-party computation etc.

© ZTHA: Zero Trust Hardware Architectures Workshop@CHES, 2024