This blog post was written by ENTRUST partner University of Surrey (UoS).

ENTRUST aims to provide a security solution throughout the device lifecycle, covering all the phases from design to deployment, bootstrapping, operation, and maintenance based on different processes at every stage and on the involvement of several actors. Surrey’s role in ENTRUST is to transform security solutions into cryptographic protocols that offer the desired security properties based on different devices’ capabilities.

Innovating Cryptographic Protocols for Secure Onboarding & Access Control

To this aim, Surrey designed the cryptographic protocols for Zero-Touch Onboarding (ZTO), focusing on device authentication and authorization, Verifiable Credentials (VC) issuance, domain enrolment, and key management. Surrey also designed efficient attribute-based signature and signcryption schemes that allow access control in a decentralized manner. Furthermore, these cryptographic mechanisms have been integrated into an enhanced ZTO Scheme, incorporating Efficient Attribute-Based Signatures, which reinforce trust management within the ENTRUST framework.

Advancing Remote & Runtime Trust Attestation

Surrey also designed novel remote, runtime trust attestation services, targeting both the software and hardware layers and covering all phases of the system’s execution, from the trusted boot and integrity measurement of a medical device to the runtime attestation of a system providing strong guarantees on the correctness of the control- and information-flow properties. These attestation enablers will also enable the runtime self-verification of a CMD network through the newly designed domain-specific property specification language. A key innovation in ENTRUST is the introduction of zero-knowledge proofs (ZKPs) and succinct non-interactive arguments of knowledge (zkSNARKs) to enhance privacy during the attestation process. Unlike traditional schemes that may require access to configuration details or in-memory execution states, this approach allows for secure verification without exposing sensitive device or patient data.

Swarm Attestation for Medical Device Networks

Aligned with the guidelines of the EU Cybersecurity Act and the existing guidance on cybersecurity for medical devices, the project envisions dynamically and holistically managing the lifecycle of connected medical devices, strengthening trust and privacy in the entire medical ecosystem. Towards that, ENTRUST will leverage a series of breakthrough solutions to enhance assurance without limiting the applicability of connected medical devices by enclosing cybersecurity features. The project designed a novel remote Swarm attestation mechanism to ensure the device’s correct operation is efficient enough to run in resource-constrained real-time systems such as medical devices. Surrey designed a Swarm Attestation scheme from symmetric primitives that allows a group of connected medical devices to be attested efficiently.

In conclusion, Surrey has identified the security properties the protocols offer and provided the essential security games that formalize the security definitions and will provide concrete security proof of the protocols' design based on the defined security games.