Cryptographic interfaces for secure IoT devices

Abstract

The interfaces exposed by popular cryptographic libraries are designed for general purpose computer. Those interfaces are not always suitable for constrain devices. In those devices, the secret key is often stored in the secure storage (secure element) and access to the raw key material is restricted. Namely, the application doesn’t have access to the key, but it is allowed only to perform operations with that key. Such use case changes the design of the cryptographic interface. Cryptographic interfaces designed by the GlobalPlatform (TEE Internal Core) or ARM (PSA Cryptographic API) are known to a limited audience, working on those specific topics. The goal of this presentation is to introduce the concept of handle-based cryptographic interfaces to the broader audience. The presentation mostly focuses on the design of PSA Cryptography interface. In the final part of the presentation, we will discuss changes to the PSA Cryptography interface that will be required for upcoming PQ standards.