Page d'accueil

Developement and deployment of a TPM-based cryptographic backend on an embedded target

Internet connectivity via satellite is increasingly prevalent, yet this mode of communication presents distinct security concerns. Similar to conventional Internet connections, satellite-based communication is subject to limitations dictated by physical factors; however, it also contends with significant budget constraints for the link. Striking a balance between heightened security and optimal performance significantly influences the viability of the solution. An effective compromise between security and speed involves leveraging a performance-enhanced proxy. This intermediary entity manages the requisite cryptographic operations between clients and routers, subsequently transmitting the encrypted data to the satellite link. The overarching objective is to minimize reliance on the vulnerable link posed by communication with a satellite positioned 35,000 km above the Earth's surface.

The employment of a Trusted Platform Module (TPM) emerges as a promising avenue to execute these cryptographic operations while upholding a robust security posture. This project endeavours to assess the practicability of such an approach and to construct a streamlined iteration of a key management system utilizing a TPM.

The devised solution encompasses all essential cryptographic primitives for executing an elliptic curve Diffie-Hellman key exchange and has exhibited highly promising outcomes. The process of key exchange and transmission of the initial data packet was completed within a matter of seconds. Although this pace might be considered weak in the context of a terrestrial link, achieving this level of efficiency in communication with a satellite situated over a vast distance of thirty-seven thousand kilometers underscores a truly encouraging advancement.