Rapidly evolving digital technologies such as the IoT, cloud and AI overrun classical industries, such as automotive, which have longer innovation and development cycles. The current trend of interconnecting cars with local infrastructure and cloud backends opens large potentials for data-driven applications, enhanced user experience, and new business models but also needs to consider privacy of the users inside the vehicle and others, just observed in the streets. This becomes especially critical with respect to GDPR. Goal of AUTOPSY is to create a better understanding of the data flows in automotive environments in the light of GDPR and create a privacy-aware system model for an automotive use-case to address various aspects of GDPR in specific technical designs. The technology of tainting will be applied to separate communication streams between the sensor and multiple parties accessing and processing the data with different privileges. AUTOPSY aims to design a dynamic and scalable end to end infrastructure that protects the data with lightweight privacy preserving techniques onboard the vehicle. Across the expertise of the different partners, the practical feasibility is demonstrated by modifying a resource constrained TCU with an implementation of the privacy-preserving techniques and evaluating its communication on the one hand, and the interaction with a cloud backend on the other. Bringing together one applied research partner and one automotive supplier from each country combines domain know-how and technological competencies to address the problem, develop new technologies and later enable new transnational services for customers. Transnational dissemination activities and the exchange of young researchers complement the research. To have privacy preserving techniques by design close to deployment in new cars in 2030 requires to start now and bring project results in the specification of the new automotive architectures in 2023-2024, which coincides with the earliest end of the project.

In the increasingly interconnected world of the Internet of Things (IoT), small and strongly resource-constrained devices collect and process highly sensitive data. Sensitive data are sent and received over wireless connection to servers or shared with other eligible devices. In parallel, IoT devices are frequently accessible to potential attackers, which enables attacks at protocol level but also malicious tampering with the hardware (HW). APRIORI (Advanced PRivacy of IOT Devices through Robust Hardware Implementations) aims to support privacy by design in this scenario. Since many IoT devices are resource constrained and cannot use a fully blown trusted platform module, APRIORI will develop a secure system: we will enhance the DICE (Device Identifier Composition Engine) concept by coupling it to the HW and enable a high level of security and privacy at low cost. Key material in our system will be stored by a Physical Unclonable Function (PUF). This enables an affordable implementation in resource constrained devices and simple methods to enroll device individual keys, which are intrinsically connected to HW. Since the IoT devices are potentially accessible for attackers, we identified Fault Injection Attacks (FIA) as a critical and challenging attack vector, which might break the security and privacy of a specific device as well as - due to the high connectivity - of a complete network. APRIORI will focus on today hardly explored FIA on the key derivation from PUFs, on corresponding countermeasures, and on sensors to detect FIA. HW extensions to a microcontroller (MC) will be suggested to drive the system into a secure state preserving privacy and confidentiality of data in case of a FIA. In APRIORI we develop a proof-of-concept IoT device based on an MC with the RISC-V ISA. Application software developers of IoT devices require an interface towards these HW secure features that is usable without having severe security knowledge. We will define and develop a simplified Trust Anchor API for IoT devices, capable of handling all required secure functionalities. As a forecast on the 10 years after the project starts, we expect the simplified Trust Anchor API to influence a standardization for secure IoT devices and to become used in practice. Furthermore, future devices will have to consider FIA as a potential attack vector, which is currently intensively under research. Sensors to protect against FIA will be common and if a PUF is used as a key storage solution, it will be necessary to protect it against such attacks. Concluding, the research carried out in APRIORI is of crucial importance to ensure the security and privacy of IoT devices in the future. The project especially benefits from the contribution of the different partners from France and Germany: IMT and TUM complement each other in the domain of FIA and PUFs, where IMT has significant experience with laser FIA, sensors and PUF primitives and TUM contributes knowledge regarding key derivation from PUFs and EM based FIA; AISEC, IMT, and TUM share knowledge on RISC-V, where AISEC especially contributes through background regarding the DICE concept. HW related tasks are supported from industry through Secure-IC; to not end up with an isolated piece of HW, Siemens will provide use cases and drive the development of a Trust Anchor API, while Mixed Mode will implement security functionality on the IoT device. Overall, only the formed consortium as a whole is able to reach the ambitious goals of APRIORI.