Transparent, customizable, post-quantum secure, and CRA-compliant: The Fraunhofer RISC-V Secure Element
»Made in Germany« Security Chip Serves as a Root of Trust for Connected Devices
With the RISC-V Secure Element, the Fraunhofer Institutes for Integrated Circuits IIS, for Applied and Integrated Security AISEC, and for Electronic Microsystems and Solid State Technologies EMFT are introducing a security chip that was designed and manufactured in Germany. The design is based on transparent open-source hardware, integrates post-quantum cryptography, and can be used as a standalone chip or as a system-on-chip component. The goal is to offer companies a trustworthy and customizable trust anchor – with points of contact in the EU – for connected devices and to support them in meeting the requirements of the European Cyber Resilience Act (CRA).
The Fraunhofer RISC-V Secure Element is based on the open hardware design OpenTitan. The widespread accessibility of such open-source hardware builds trust and ensures long-term, secure access to the technology.
Building on this foundation of trust, the participating Fraunhofer Institutes have developed a chip manufactured using the GlobalFoundries 22 nm FDSOI technology in Dresden. Developing and manufacturing the chip in Germany ensures technological sovereignty and transparency across the entire value chain. »Transparency is particularly important when it comes to security. Our goal was therefore to build a chip from publicly available hardware that is designed and manufactured in Germany, in order to ensure end-to-end transparency,« says Andreas Seelos-Zankl, project manager at Fraunhofer AISEC
Customizable security for many device classes
Another advantage is adaptability: Through close cooperation with the chip manufacturer GlobalFoundries, based in Dresden, variants with specialized accelerators, interfaces, or additional security features can be produced even in small and medium quantities or integrated as a customer-specific root of trust into a larger system-on-chip. This is a key differentiator of the Fraunhofer RISC-V Secure Element: »For large chip manufacturers, it is not economically viable to produce chip variants in small quantities. We can make the necessary customizations and thus enable companies to produce even smaller quantities,« explains Andreas Seelos-Zankl.
In the long term, the Fraunhofer RISC-V Secure Element is intended to help ensure that trusted hardware is integrated into significantly more everyday and industrial devices. To achieve this, the participating Fraunhofer Institutes are continuing their work on developing subsequent chip variants. Dr. Augusto Wankler Hoppe, technical project manager at Fraunho-fer IIS, sums up why it is so important to embed security directly into the hardware: »Cyberse-curity cannot be added as an afterthought. It must be embedded in the silicon from the very beginning. With our RISC-V Secure Element, we have developed an European hardware root of trust that is capable of withstanding both today’s attacks and the demands of the post-quantum era, as well as regulatory requirements such as the Cyber Resilience Act.«
Combined expertise of the Fraunhofer Institutes IIS, AISEC, and EMFT
Fraunhofer IIS is responsible for the design and implementation of the RISC-V Secure Element within the project. In addition, the institute oversees the entire development process, from ar-chitecture and chip design through prototyping and integration to preparation for regulatory requirements.
Fraunhofer AISEC is contributing its many years of research on post-quantum cryptography to the project by implementing and accelerating the algorithms for the Secure Element in hard-ware in such a way that operations remain in the millisecond range and are practical despite limited computing power. Fraunhofer AISEC’s cybersecurity expertise is also incorporated into all design phases as well as into the security analysis and verification of the Secure Element. Whether open-source hardware can withstand physical attacks and is truly secure can only be determined through laboratory testing. Fraunhofer AISEC will therefore evaluate the physical resilience of the RISC-V Secure Element in its Common Criteria (CC) EAL7 certified hardware security laboratory. Various methods will be used, including side-channel analysis, fault-based attacks, and optical analysis. As a key security testing partner in the OpenTitan project, Fraun-hofer AISEC possesses specialized expertise in this area.
In addition, the functionality of the RISC-V Secure Element at the process level is also being thoroughly tested using reverse-engineering analysis methods in the Fraunhofer EMFT’s CC EAL6 certified security laboratory. The methods used include optical and infrared microscopy, as well as a specially developed chip-scanning technique using scanning electron microscopy. These methods achieve resolutions in the nanometer range and make even the smallest struc-tures of the RISC-V Secure Element clearly visible.
Fraunhofer OpenTitan-based RISC-V Secure Element
- Participating institutes: Fraunhofer IIS, Fraunhofer AISEC, Fraunhofer EMFT
- Project website with product sheet: Fraunhofer RISC-V Secure Element
- Participating centers of excellence: Trusted Electronics Bayern Center (TrEB) (In German), Bayerisches Chipdesign Center (BCDC)
Glossary
- Secure element: A hardware component in electronic devices that securely stores sensitive data and security-critical applications and protects them from unauthorized access.
- Open‑Source hardware: Hardware designs whose schematics are publicly available and can be reviewed, used, and modified by third parties.
- Post-quantum cryptography: Cryptographic methods designed to withstand attacks by future quantum computers.
- Cyber Resilience Act: An EU regulation that imposes binding requirements on manufacturers of connected products regarding IT security and the verification of compliance.
- A Hardware-Root-of-Trust (HRoT) is the unchanging, physical security foundation of a computer system.
Last modified: