Cryptographic Interfaces for Secure IoT Devices (G12c)
The interfaces exposed by popular cryptographic libraries, like OpenSSL or BouncyCastle, are designed for general-purpose computers and not always suitable for small IoT devices. In those devices, the secret keys are kept confidential, protected by hardware mechanisms with restrict access to the raw key material. To use cryptographic functionality implemented by the hardware, the system software must use a custom cryptographic API exposed by the hardware’s firmware.
The design of those APIs may not be obvious. Cryptographic interfaces specified by the GlobalPlatform (TEE Internal Core) or PSA Certified (PSA Cryptographic API) are known to a limited audience, working on those specific topics, but seem to be useful in multiple contexts. The goal of this talk is to introduce the concept behind those interfaces to a broader audience. The final part of the talk discusses changes to those interfaces required by the upcoming post-quantum cryptographic schemes.