Towards a More Flexible IoT SAFE Implementation

The Internet of Things (IoT) is disseminating our daily life and gets ubiquitous not only in industry. With this growth, device and communications security is increasingly important. Hardware Security Modules (HSMs) are integrated into IoT devices to provide a "Root of Trust", and protect confidential key material. Due to lack of standardization, HSM manufacturers implement proprietary interfaces. To ease integration of hardware security, and enable interoperability, the GSMA proposes IoT SAFE, a standardized interface. In this work, IoT SAFE is evaluated and compared against the interfaces of proprietary HSMs. Improvements are proposed to reduce complexity, increase flexibility, and ease the integration into Transport Layer Security (TLS) libraries. The evaluation shows that the TLS handshake performance can be improved significantly for ECC and RSA certificate-based client authentication. The message count between HSM and hosting device is reduced by approximately 40% and 25%, respectively.