Implementing Cryptographic Operations Using OP-TEE on Embedded Platforms

OData support
Dr. Buttyán Levente
Department of Networked Systems and Services

In the last couple of years, the Internet of Things (IoT) has become very popular. IoT refers to everyday objects that have been in some way connected to the Internet, in order to offer new capabilities, such as: data collection, remote control through a webapp and so on. To make this possible, embedded computers are placed in these devices, which means, that these computers often have limited resources. Limited resources have resulted in sub par security in many IoT devices, which is a major problem, since the data and functions these devices operate on are often sensitive or critical.

In order to protect the data handled by the device, cryptographic operations can be utilized. In this paper, I examine mechanisms that make use of cryptographic operations such as remote access and secure communications. A recurring requirement (among others) in these functions is the need for protecting the cryptographic keys that are in use, preferably even if the device was physically compromised. Considering the amount of different tasks, that require the same properties, a common interface would eliminate the need for reimplementing the same functions for all the applications. For this I chose the PKCS#11 API.

To protect the cryptographic keys, some specialized hardware support is necessary. Usually cryptographic co-processors or security co-processors are added to the board to fulfill this need. However, these often increase the cost of the device, and one of the reasons for the success of IoT is its very low price. In order to increase the likelyhood of adoption by not needing to place extra hardware elements on the board, I decided to utilize ARM's TrustZone technology.


Please sign in to download the files of this thesis.