Pavise, the Hardware IP Shield
The Pavise project aims to design a hardware IP enabling to protect IoT nodes from external attacks.
Let’s meet with Serge, the inventor of Pavise, whose solution was selected at the end of the first phase of the “Into the Lab #1” call for projects. He presents his project to us.
Q: How do you define Pavise?
Pavise is a proprietary hardware IP that enables processors in embedded systems to defend themselves in real time against attacks originating from the communication network.
Pavise behaves as a separate sentinel from the host processor, monitoring every action performed to ensure that it conforms to nominal behavior and respects privacy and security.
If an action violates the rules implemented in Pavise, which proves that we are in the presence of an attack, the device blocks it.
Q: Which need does Pavise address?
Attacks against connected objects are massively developing, and traditional antiviruses do not offer a satisfactory response for several reasons.
First, an antivirus usually protects a processor. However, even if we add a software layer around it, with or without cryptography, we generate flaws, which can be exploited by attackers.
Then, on a connected object, an antivirus cannot run permanently for energy consumption reasons.
Finally, the memory size is anyway too small to do so.
Q: Are there competing solutions already available on the market?
Players from the software world, mainly antivirus publishers, have historically started with solutions for PCs before offering adaptations for smartphones.
They are now trying to enter the IoT market, but their solutions are not working for the reasons explained earlier.
Players from the hardware world, on their side, offer cryptography blocks, and enclaves. These solutions are complex to implement, consume a lot of energy, and in the end, the cryptography block, which is only used at the input and output levels, is not used for the processing part. It is not unusual for it to be disabled.
Q: What solution do you propose?
My vision is to combine hardware and software approaches.
Pavise’s innovation consists in placing one or more “guards” at the hardware level, whose role are to monitor the activities of the processor independently. Energy is not consumed and the priority task is maintained.
More specifically, the idea is to provide a hardware IP, without complex software developments to carry out. It will be a block to integrate into an FPGA with libraries to implement it.
Q: How will your guards recognize the attacks?
We will model the different scenarios of attack and the ways to respond to them. In particular, we will look at metadata, for example, processor consumption, and more generally analyze its behavior.
The idea is to have a solution that works for several years, without needing to regularly update a virus database.
Q: Pavise, does that mean anything?
A Pavise is a shield that archers and crossbowmen of the Middle Ages used to protect themselves from enemy attacks when rearming.
In the anti-malware market, software names often contain the word “shield”. Pavise takes up this idea while standing out because the approach is different.
Q: You have successfully passed the first selection step of “Into the Labs”. What is your reaction?
I am grateful for the generosity and ambition shown by ELSYS Design and ADVANS Group. Over the past two years, I have been involved in the ecosystem of French incubators and business angels, which is not an easy one. The ADVANS Lab brings something different and real technical expertise.
I am very happy, everything is going to start now, it will be a challenging year!