Usable Security for an IoT OS: Integrating the Zoo of Embedded Crypto Components Below a Common API

TL;DR

This paper presents a unified cryptographic API for the RIOT IoT operating system, enabling seamless access to diverse hardware crypto features, improving security usability and portability across many platforms.

Contribution

It introduces a common cryptographic interface for RIOT that supports hardware acceleration and ID-based key handling, enhancing security and usability in resource-constrained IoT devices.

Findings

Uniform API has negligible overhead.

Supports diverse cryptographic hardware and software backends.

Enhances security, portability, and flexibility in IoT OS.

Abstract

IoT devices differ widely in crypto-supporting hardware, ranging from no hardware support to powerful accelerators supporting numerous of operations including protected key storage. An operating system should provide uniform access to these heterogeneous hardware features, which is a particular challenge in the resource constrained IoT. Effective security is tied to the usability of cryptographic interfaces. A thoughtful API design is challenging, and it is beneficial to re-use such an interface and to share the knowledge of programming embedded security widely. In this paper, we integrate an emerging cryptographic interface into usable system-level calls for the IoT operating system RIOT, which runs on more than 240 platforms. This interface supports ID-based key handling to access key material in protected storage without exposing it to anyone. Our design foresees hardware acceleration on all available variants; our implementation integrates diverse cryptographic hardware and software backends via the uniform interface. Our performance measurements show that the overhead of the uniform API with integrated key management is negligible compared to the individual crypto operation. Our approach enhances the usability, portability, and flexibility of cryptographic support in the IoT.