This paper presents a novel approach to enhancing the security of OpenSSL software for ARM architectures by leveraging an open source Trusted Execution Environment (TEE), so-called OP-TEE. The approach involves establishing communication between an OpenSSL Engine and a secure execution environment within OP-TEE, protecting cryptographic operations and sensitive data (e.g. private keys) against potential hardware and software vulnerabilities. The architecture is tested on a Digital Signature scenario using an ARM SoM based on the NXP/Freescale i.MX7 processor. The study unveils that the proposed architecture incurs a latency overhead due to the connection to OP-TEE. Conversely, the architecture exhibits an increase in execution time compared to standard OpenSSL software for data block sizes of 4 MB, with a manageable overhead of 32 ms. This overhead is deemed acceptable, given the security enhancements introduced by the architecture. The research underscores the significance of leveraging OP-TEE in addressing emergent cybersecurity challenges, thus bolstering the resilience of OpenSSL software in ensuring the security of connected devices.
OP-TEE powered OpenSSL Engine enhancing Digital Signature security for ARM Architectures / Volante, Franco; Barchi, Francesco; Patti, Edoardo; Bottaccioli, Lorenzo; Barbierato, Luca.. - (2024), pp. 1-4. (Intervento presentato al convegno 2024 International Conference on Synthesis, Modeling, Analysis and Simulation Methods, and Applications to Circuit Design (SMACD) tenutosi a Volos (GRC) nel 2-5 July 2024) [10.1109/SMACD61181.2024.10745433].
OP-TEE powered OpenSSL Engine enhancing Digital Signature security for ARM Architectures
Volante, Franco;Patti, Edoardo;Bottaccioli, Lorenzo;Barbierato, Luca.
2024
Abstract
This paper presents a novel approach to enhancing the security of OpenSSL software for ARM architectures by leveraging an open source Trusted Execution Environment (TEE), so-called OP-TEE. The approach involves establishing communication between an OpenSSL Engine and a secure execution environment within OP-TEE, protecting cryptographic operations and sensitive data (e.g. private keys) against potential hardware and software vulnerabilities. The architecture is tested on a Digital Signature scenario using an ARM SoM based on the NXP/Freescale i.MX7 processor. The study unveils that the proposed architecture incurs a latency overhead due to the connection to OP-TEE. Conversely, the architecture exhibits an increase in execution time compared to standard OpenSSL software for data block sizes of 4 MB, with a manageable overhead of 32 ms. This overhead is deemed acceptable, given the security enhancements introduced by the architecture. The research underscores the significance of leveraging OP-TEE in addressing emergent cybersecurity challenges, thus bolstering the resilience of OpenSSL software in ensuring the security of connected devices.File | Dimensione | Formato | |
---|---|---|---|
2024_SMACD___OP_TEE_powered_OpenSSL_Engine_enhancing_Digital_Signature_security_for_i_MX7_Architecture.pdf
accesso aperto
Tipologia:
2. Post-print / Author's Accepted Manuscript
Licenza:
PUBBLICO - Tutti i diritti riservati
Dimensione
188.87 kB
Formato
Adobe PDF
|
188.87 kB | Adobe PDF | Visualizza/Apri |
OP-TEE_powered_OpenSSL_Engine_enhancing_Digital_Signature_security_for_ARM_Architectures.pdf
non disponibili
Tipologia:
2a Post-print versione editoriale / Version of Record
Licenza:
Non Pubblico - Accesso privato/ristretto
Dimensione
246.42 kB
Formato
Adobe PDF
|
246.42 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/11583/2992728