By Mike Eftimakis (Codasip) and Imad Mikaiel (Sequans)
In today’s increasingly connected world, securing critical systems like the electrical grid, telecommunication networks, and industrial infrastructure is more important than ever. These systems, connected to the cloud and forming a critical part of a country’s infrastructure, are prime targets for cyberattacks. Governments with a concern for national security and operators recognize the urgent need for an increased level of security.
When devices are remotely accessible, they become vulnerable to large-scale attacks, and ensuring their security becomes a top priority to prevent breaches that could disrupt essential services. CHERI (Capability Hardware Enhanced RISC Instructions), a groundbreaking technology designed to secure devices at the hardware level, provides robust protection against many vulnerabilities. This blog explores how CHERI technology can safeguard 4G-connected devices, ensuring the integrity of critical systems in today’s cloud-dependent world, and how Codasip and Sequans, two innovative European companies, are teaming-up to demonstrate this in a connected Smart Meter Gateway.
What is CHERI?
CHERI is a hardware-based technology developed by the University of Cambridge and SRI International, aimed at enhancing security in a fundamentally different way. CHERI extends conventional processor architectures with capability-based security, meaning that every pointer in memory can have fine-grained permissions and bounds that constrain how it can be used. This prevents common exploits such as buffer overflows, use-after-free, and other memory-related vulnerabilities, which are the most common attack vectors in modern software (representing at least 70% of vulnerabilities consistently over the past 20 years).
CHERI brings memory safety, ensuring that programs can only access the memory regions they are explicitly permitted to, and compartmentalization, which prevents exploits from spreading to the whole system. This model is a significant improvement over traditional systems where permissions are often coarse, and boundary violations can lead to security flaws. Moreover, it is a preventive technology, that can protect against future attacks on memory.
The greatest characteristic of CHERI is that it enables reusing the trillions of existing lines of code, with extremely limited modifications.
What are the Sequans 4G IoT solutions?
Sequans, a leading semiconductor company headquartered in France, specializes in wireless cellular technology for the Internet of Things (IoT) with a comprehensive range of solutions includes chips, modules, IP, and services. Sequans’ 4G solutions, the Monarch LTE-M/NB-IoT platform and the Calliope LTE Cat 1bis platform, are specifically optimized for IoT applications. These platforms deliver significant advancements in wireless connectivity, power efficiency, security, and performance. Built on 20 years of expertise, Sequans’ technology is trusted by industry leaders worldwide.
A CHERI-enabled smart meter connected via 4G
In partnership with Sequans, Codasip has developed a demonstration of a cloud-connected device equipped with CHERI technology and a 4G cellular (LTE-M or Cat 1bis) connection. This system could be an IoT device, an edge-computing node, or any mobile device that relies on wireless communication to process and transmit data to a cloud environment. We have opted to demonstrate this in a Smart Meter Gateway, a capable device bridging the cloud to a local metering network, controllable local systems, and human interfaces (display or control). Even though this type of device is quite complex, the principle can easily be transposed into simpler devices like simple smart meters.
The demo system features a CHERI-enabled processor from Codasip running the Linux operating system. Adapting Linux to take advantage of CHERI required a recompilation with a CHERI-aware compiler, but also required the adaptation of a few parts of the code that typically deal with pointers. A few critical memory-related bugs have even been found in the operation, which attest to the ability of CHERI to significantly improve the security of systems.
Instead of a complex OS like Linux, IoT systems could use an RTOS, and CHERI can obviously also be used efficiently in this context. Linux on the other hand powers richer applications that can be typically found in gateways and complex connected devices (e.g. machinery, robots, drones…).
The device connects to a cloud server via a Sequans 4G Monarch LTE-Mor Calliope Cat 1 bis module, ensuring continuous communication between the device and the cloud infrastructure. The demo focuses on a smart meter, but you can easily imagine the device performs sensitive tasks such as real-time data collection and processing, or even controlling sensitive or dangerous equipment.
Benefits of CHERI in cloud-connected environments
When devices are connected to the cloud, they are susceptible to remote attacks that can scale and affect millions of devices. Security of IoT devices has often been overlooked as the first generations mostly bolted connectivity onto devices that were not designed to be opened to the outside World. It is necessary to take a different approach and introduce security by design, instead of trying to secure devices that are not built on a strong security foundation.
CHERI enforces fine-grained memory protection. By eliminating vulnerabilities such as buffer overflows, CHERI minimizes the risk of remote attacks that can compromise sensitive data. The capability system ensures that even if an attacker gains access to the device, their ability to exploit it is limited by the permissions assigned to memory regions and pointers.
In 4G-connected systems, there is always a trade-off between performance and security. Traditional security mechanisms often introduce latency, but CHERI’s hardware-level enforcement reduces the overhead associated with software-based security checks. By integrating security at the processor level, CHERI ensures high performance and low power consumption without compromising on safety. This is crucial for systems requiring rapid data processing, such as in autonomous vehicles, smart cities, or healthcare devices.
By reducing the need for frequent security patches, CHERI also helps conserve the battery of IoT devices which often have very limited resources.
In summary
The demonstration of a CHERI-enabled smart meter connected to the cloud through the Sequans 4GLTE-M or Cat 1bis module provides a glimpse into the future of secure computing for critical infrastructure. By addressing security at the hardware level, CHERI technology paves the way for the next generation of secure IoT and mobile applications.
In an increasingly complex geopolitical environment, Codasip and Sequans not only bring a more secure solution, but also address the provenance and controlled supply chain needs of the most security-conscious organisations by enabling the traceability and auditability of their designs.
Whether in healthcare, autonomous vehicles, or industrial applications, the combination of CHERI’s security model and reliable 4G cloud connectivity offers a powerful solution to the growing need for IoT networks. As we move toward more interconnected and intelligent systems, technologies like CHERI will play a crucial role in ensuring that our data and devices remain safe from the threats of tomorrow.
Visitors at Embedded World 2025 in Nuremberg, Germany, will be able to see the CHERI-enabled smart meter in action at the CHERI Alliance booth 5-169.
- Learn more about Sequans 4G technology
- Learn more about Codasip CHERI technology
