Application And Security Analysis Of PAKE Protocol Based On TrustZone Technology

IoT(Internet of Things)security has always been the research focus in the field of security applications.And restricted by various factors such as poor computing power and inconsistent standards,edge node has become the weakest part in the IoT security system.In that case,researchers shall improve the the security of edge node applications from a multitude of factors such as hardware security,network security,operating system security,and operating environment security in response to security threats resulting from edge nodes.To begin with,the PAKE protocol and TEE related technical characteristics were summarized and combined in the consideration of communication security factors.On this basis,SAE Protocol library,a network security communication library was developed and designed based on Trust Zone technology using the SAE protocol library,which can provide a secure network communication service interface for edge node applications.In this way,the security of upper-layer application network transmission data can be effectively protected.Moreover,application scenarios of the SAE protocol library system were analyzed to implement three core functions,including the key agreement authentication function,the data secure transmission function,and the authentication credential management function.At the same time,the security of the SAE protocol library was enhanced from multiple dimensions through the comprehensive utilization of various security design methods.Secondly,basic frameworks and underlying implementation principles of the OPTEE secure storage mechanism were summarized by referring to the official documents of the OPTEE system and its secure storage function source code implementation with a consideration of the storage security factor.Besides,the hardware root key and chip ID in the system were replaced by constant keys due to the open source characteristics of the OP-TEE system.In other words,the ciphertext data stored by the mechanism is probably be restored.Further,Ree Data Recovery,a tool for recovering REE storage data of the OP-TEE system was proposed to better investigate the implementation principle of the OPTEE storage mechanism.Also,the overall structure of the tool,the implementation process and details of implementing key algorithms were elaborated.Finally,testing schemes were designed for the SAE protocol library and the Ree Data Recovery tool,proving the effectiveness of corresponding functions of these two software components through the functional use case tests.