Peter Ten, Research Assistant at University of Würzburg
Lukas Petzi, Research Assistant at University of Würzburg


The Role of Trust on Internet of Things Devices

In the rapidly expanding landscape of the Internet of Things (IoT), where interconnected devices are increasingly pivotal in our daily lives, ensuring the cybersecurity of both software and hardware becomes paramount. A foundation of trust within these systems is crucial to safeguard against potential threats and vulnerabilities. This trust can be established through the implementation of a Root of Trust (RoT) component, optimally realized as a tamper-resistant hardware trust anchor, setting a foundation for a secure computing environment.

The Root of Trust, acting as a trustworthy starting point, can be leveraged to initiate a Chain of Trust that can be extended throughout the system. This chain is a sequence of verified components, each ensuring the integrity and authenticity of the subsequent component. Digital signatures and hash functions can be employed for the verification process, creating an unbroken chain that guarantees the integrity and authenticity of each link.

The trust established through the Root of Trust and Chain of Trust enables the integration of trusted services, also known as trusted applications. Therefore, these services can be leveraged for implementing security-critical functionalities on a system because they operate within a secure context due to the trust chain, for example, for encryption, authentication, or access control.

One prominent example of a trusted service that leverages this concept of transitive trust is Secure Boot. A bootloader undergoes verification by the Root of Trust before execution, subsequently validating the integrity of the system kernel. This cascading verification process extends to essential system components, ensuring a boot process into a trustworthy state. Thus, trusted services, empowered by the Chain of Trust, allow the system to run software components securely, mitigating the risk of unauthorized code execution or tampering.

CROSSCON’s Approach to Advancing Trust on IoT Devices

The CROSSCON project aims to enrich and complement existing trusted services, such as Secure Boot, remote attestation, or cryptographic functions, providing novel solutions to bolster the overall security of a system. For example, this can include improvements to the authentication process by introducing alternative factors, or the protection of machine learning models. CROSSCON’s trusted services should be modular, reusable, interoperable, and well-documented. Additionally, our certification manifest allows attesting the correctness of each trusted service, enabling compositional verification of an entire IoT application (➔ see more details in our blog post “We are open, but formal”).

Furthermore, CROSSCON recognizes the evolving landscape where specialized hardware, such as cryptographic accelerators or machine learning accelerators, is increasingly integrated into IoT devices. As use cases expand beyond general-purpose computing, CROSSCON focuses on developing methods to enable trusted services in domain-specific architectures. This involves defining and exposing necessary hardware primitives to the application programming interfaces (APIs) of CROSSCON’s trusted services.


CROSSCON aims to leverage the concepts of Root of Trust and Chain of Trust for the development of innovative trusted services to bolster the overall security of IoT applications. The verification process aligns seamlessly with the correctness attestation and our strive for open-source, modular, reusable, and interoperable applications. In summary, the CROSSCON project continues to expand the establishment of trust which is crucial for securing our interconnected future.