This paper presents a novel approach to enhancing the security of OpenSSL software for ARM architectures by leveraging an open source Trusted Execution Environment (TEE), so-called OP-TEE. The approach involves establishing communication between an OpenSSL Engine and a secure execution environment within OP-TEE, protecting cryptographic operations and sensitive data (e.g. private keys) against potential hardware and software vulnerabilities. The architecture is tested on a Digital Signature scenario using an ARM SoM based on the NXP/Freescale i.MX7 processor. The study unveils that the proposed architecture incurs a latency overhead due to the connection to OP-TEE. Conversely, the architecture exhibits an increase in execution time compared to standard OpenSSL software for data block sizes of 4 MB, with a manageable overhead of 32 ms. This overhead is deemed acceptable, given the security enhancements introduced by the architecture. The research underscores the significance of leveraging OP-TEE in addressing emergent cybersecurity challenges, thus bolstering the resilience of OpenSSL software in ensuring the security of connected devices.

OP-TEE powered OpenSSL Engine enhancing Digital Signature security for ARM Architectures / Volante, Franco; Barchi, Francesco; Patti, Edoardo; Bottaccioli, Lorenzo; Barbierato, Luca.. - (2024), pp. 1-4. (Intervento presentato al convegno 2024 International Conference on Synthesis, Modeling, Analysis and Simulation Methods, and Applications to Circuit Design (SMACD) tenutosi a Volos (GRC) nel 2-5 July 2024) [10.1109/SMACD61181.2024.10745433].

OP-TEE powered OpenSSL Engine enhancing Digital Signature security for ARM Architectures

Volante, Franco;Patti, Edoardo;Bottaccioli, Lorenzo;Barbierato, Luca.
2024

Abstract

This paper presents a novel approach to enhancing the security of OpenSSL software for ARM architectures by leveraging an open source Trusted Execution Environment (TEE), so-called OP-TEE. The approach involves establishing communication between an OpenSSL Engine and a secure execution environment within OP-TEE, protecting cryptographic operations and sensitive data (e.g. private keys) against potential hardware and software vulnerabilities. The architecture is tested on a Digital Signature scenario using an ARM SoM based on the NXP/Freescale i.MX7 processor. The study unveils that the proposed architecture incurs a latency overhead due to the connection to OP-TEE. Conversely, the architecture exhibits an increase in execution time compared to standard OpenSSL software for data block sizes of 4 MB, with a manageable overhead of 32 ms. This overhead is deemed acceptable, given the security enhancements introduced by the architecture. The research underscores the significance of leveraging OP-TEE in addressing emergent cybersecurity challenges, thus bolstering the resilience of OpenSSL software in ensuring the security of connected devices.
2024
979-8-3503-5192-7
File in questo prodotto:
File Dimensione Formato  
2024_SMACD___OP_TEE_powered_OpenSSL_Engine_enhancing_Digital_Signature_security_for_i_MX7_Architecture.pdf

accesso aperto

Tipologia: 2. Post-print / Author's Accepted Manuscript
Licenza: PUBBLICO - Tutti i diritti riservati
Dimensione 188.87 kB
Formato Adobe PDF
188.87 kB Adobe PDF Visualizza/Apri
OP-TEE_powered_OpenSSL_Engine_enhancing_Digital_Signature_security_for_ARM_Architectures.pdf

non disponibili

Tipologia: 2a Post-print versione editoriale / Version of Record
Licenza: Non Pubblico - Accesso privato/ristretto
Dimensione 246.42 kB
Formato Adobe PDF
246.42 kB Adobe PDF   Visualizza/Apri   Richiedi una copia
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11583/2992728