This paper presents a novel approach to enhancing the security of OpenSSL software for ARM architectures by leveraging an open source Trusted Execution Environment (TEE), so-called OP-TEE. The approach involves establishing communication between an OpenSSL Engine and a secure execution environment within OP-TEE, protecting cryptographic operations and sensitive data (e.g. private keys) against potential hardware and software vulnerabilities. The architecture is tested on a Digital Signature scenario using an ARM SoM based on the NXP/Freescale i.MX7 processor. The study unveils that the proposed architecture incurs a latency overhead due to the connection to OP-TEE. Conversely, the architecture exhibits an increase in execution time compared to standard OpenSSL software for data block sizes of 4 MB, with a manageable overhead of 32 ms. This overhead is deemed acceptable, given the security enhancements introduced by the architecture. The research underscores the significance of leveraging OP-TEE in addressing emergent cybersecurity challenges, thus bolstering the resilience of OpenSSL software in ensuring the security of connected devices.
Volante, F., Barchi, F., Patti, E., Bottaccioli, L., Barbierato, L. (2024). OP-TEE powered OpenSSL Engine enhancing Digital Signature security for ARM Architectures. 345 E 47TH ST, NEW YORK, NY 10017 USA : Institute of Electrical and Electronics Engineers Inc. [10.1109/smacd61181.2024.10745433].
OP-TEE powered OpenSSL Engine enhancing Digital Signature security for ARM Architectures
Barchi, Francesco;
2024
Abstract
This paper presents a novel approach to enhancing the security of OpenSSL software for ARM architectures by leveraging an open source Trusted Execution Environment (TEE), so-called OP-TEE. The approach involves establishing communication between an OpenSSL Engine and a secure execution environment within OP-TEE, protecting cryptographic operations and sensitive data (e.g. private keys) against potential hardware and software vulnerabilities. The architecture is tested on a Digital Signature scenario using an ARM SoM based on the NXP/Freescale i.MX7 processor. The study unveils that the proposed architecture incurs a latency overhead due to the connection to OP-TEE. Conversely, the architecture exhibits an increase in execution time compared to standard OpenSSL software for data block sizes of 4 MB, with a manageable overhead of 32 ms. This overhead is deemed acceptable, given the security enhancements introduced by the architecture. The research underscores the significance of leveraging OP-TEE in addressing emergent cybersecurity challenges, thus bolstering the resilience of OpenSSL software in ensuring the security of connected devices.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
