Integration of a cryptographic API with configurable hardware and software backends in RIOT
Lena is a third year bachelor student of computer science at the Hamburg University of Applied Sciences. She’s also a research student at the Internet Technolologies group working on the integration of hardware crypto in RIOT.
Cryptographic operations are necessary for securing the IoT. RIOT provides built-in crypto software implementations and various third party crypto libraries, however, hardware accelerated cryptography is missing, although it can greatly improve performance. In addition, secure hardware platforms (e.g. “secure elements”) provide tamper proof storages to protect delicate key material. These require an ID-based key access mechanism, which is in contrast to common software APIs. RIOT supports over 210 platforms, all of which exhibit varying hardware capabilities. To allow for hardware-agnostic applications, the OS should transparently use crypto hardware where possible and fall back to software on other platforms. The ARM Platform Security Architecture (PSA) framework specifies a collection of platform independent crypto APIs, suitable for IoT devices. These APIs have been designed to ease usability and portability, and allow for variable crypto backends.Consequently, an indirect key management system provides seamless access to varying platforms with and without secure hardware features. On top of this, PSA offers a certification process and an extensive open source test suite to verify implementations.This talk presents a concept to integrate PSA Crypto into RIOT. Our implementation includes the transparent use of crypto accelerators, exchangeable software backends from varying libraries, and an indirect key management system to access keys in memory or on multiple secure elements. All features can be reconfigured using Kconfig