Send in your ideas. Deadline October 1, 2024
Source code :
Theme fund: NGI0 PET
Start: 2019-10
End: 2022-10

Betrusted software

A minimalist and secure OS for embedded communication devices

The Betrusted software project utilizes the strongly typed Rust programming language to build the first applications and libraries for the open hardware project. Betrusted is pioneering a new class of open hardware communications device, with a grant by NGI Zero. The project will set up a virtual environment for betrusted (e.g. QEMU / RISC-V) in order to develop and test software as close to target as possible and unlock community collaboration and contributions. The second main task in the project is to write a Matrix protocol command line client in order to analyze the memory characteristics in the highly constrained betrusted environment. The additional time is to be allocated to development support for the Bestrusted OS, develop glue layers and verify necessary interfaces for applications, provide unit/integration tests and develop (test) applications for it.

Why does this actually matter to end users?

As our lives get more digital every day, we use the internet to have important conversations - both personal and professionally. We also store and share more and more sensitive personal data on devices. On the internet you cannot just close the door to talk privately. So we need digital safe spaces and digital locks and vaults that are just as reliable and easy to use to store our secrets and mediate our communication.

Recently manufacturers have started to build so-called hardware enclaves or secure elements into their devices that function like a digital safe: even if someone is able to get some software installed into your computer, phone or laptop, they should not be able to immediately access what is in the safe.

But of course, creating a secure space or making a digital safe in an environment you don't really control or understand is practically impossible. All the technical protection no longer matters when someone can invisibly take control or peer over your shoulder. Especially since you as a user can't see yourself what is happening on the inside of your digital house. A safe and a rogue application can and will look completely identical to a normal consumer, and there is simply no way to distinguish among them based on their outside appearance. Users install many unknown games and applications all the time ("install our app to start getting amazing discounts now!"), and forget that this is actually letting more or less random entities run unknown software on the phone that holds some of their most important information. And what if the operating system of your computer or phone itself has an unhealthy interest in your data or metadata, or is weakly protected to that others can just enter - similar to how unsafe it would feel if your landlord or the janitor is a peeping tom or a thief?

Betrusted is a dedicated open hardware device with the goal to create safe and more easily protected private channels for your communication. The Betrusted device is a complementary device that restricts itself to protecting the things that matter most, like your conversations and phone calls. It will also be able to hold passwords, digital versions of your passport (and other digital credentials and attributes), and whatever sensitive digital information you need to keep completely secure.

In this project a virtual space will be set up to develop and test software. The overall approach is security through isolation and simplicity: you can never leave a backdoor open if you don't build a door in the first place. The end result will be a portable, dedicated physical vault isolated from everything else you do, and with a deliberately limited feature set which makes it so much harder to attack. As a user you can verify everything from top to bottom. The entire design and development of the device is open to the public, from the software it runs down to the silicon that makes up its chips.

Logo NLnet: abstract logo of four people seen from above Logo NGI Zero: letterlogo shaped like a tag

This project was funded through the NGI0 PET Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825310.