Root of Trust

 Oct.2019-Dec.2019: A secure IoT solution by using SIM.

Technical Stack:

• Raspberry Pi
• mbedTLS
• ECDSA and ECDHE

Experience:

• Customized mbedTLS library, replaced most of the TLS cryptographic operations by using SIM card applet operations, including using SIM card to store client key pair and X509 certificate, calculate ECDSA signature and ECDHE session key. 

Secure Element based Provisioning SDK

A mobile digital Car Key SDK by using eSE on Huawei and Samsung handphones, used as Digital Card Keys to operate your car.

Technical Stack:

• Android Java Programming
• Junit, Mockito and PowerMockito
• Global Platform Card Specification
• Secure Channel Protocol (SCP02)
• Server Certificate Pining

Reference:

Gemalto Mobile Wallet

This is a demonstration App for the Gemalto Mobile Wallet solution. Users can add a credit card to their wallet and use it for payment. To do the payment, the user just needs to present the QR code to the merchant to scan.

Technical Stack:

• iOS Objective-C Programming
• OCMock
• OAuth v1.0 Authentication
• WhiteBox Crypto
• Secure Enclave ECIES encryption and decryption
• App Protection: Anti-tampering, Anti-debug, Anti-hooking, Jailbreak detection, App re-signing detection.

Experience:

• Designed the mechanism to prevent app re-signing on iOS by parsing MachO format.
• Enhanced the security of payment flow by using Secure Enclave as part of the payment key calculation. 

    

Provisioning Factory for Hardware TEE

A mobile digital Car Key SDK by using Hardware TEE (Trusted Execution Environment) technology, used as Digital Card Keys to operate your car.

Technical Stack:

• Android Java Programming
• Junit, Mockito, PowerMockito, Robolectric.
• Trustsonic TEE
• Certificate Pinning

Reference: Volkswagen Secure Sharing of Virtual Keys Case Study

Software TEE - Virtual Car Key

This is an App for our IoT solution to serve our valuable customers (Valeo). You can upload your TA (a file with some configurations) to our backend server, After then they can download the TA and run it.

You can use this app to lock and unlock the car, door with our smart lock, you can even start and stop the car engine, depending on the TA you uploaded to our backend server.

To be able to operate it with our smart lock, you need to “Install TA” first, then you can “Run TA”, if you have our smart lock, you should be enabled to do the operation as you configured in the TA on our server.

Technical Stack:

• Android Java Programming
• iOS Objective-C Programming
• Native C programming
• WhiteBox Crypto with Key Rotation for every 3 months
• Secure Channel Protocol
• App Protection: Anti-tampering, Anti-debug, Anti-hooking, Root/Jailbreak detection, Android App re-signing detection.

Experience:

• Built CI/CD pipelines with Jenkins, up to 10 customized deliverables for different customers. 
• Created a Python script to generate certificate public key hash for certificate pinning. 
• Implemented the mechanism to renew the White-Box keys for every 2-3 months. 
• Worked with server team to improve the network performance by reducing the commands from the server. 
• Worked with external labs (UL and APPLUS) and internal lab to do pen-testing for the application. 
• Fixed memory leakage issues and crash issue caused by CPU cache. 

Reference Link: https://mymotorwheels.wordpress.com/2016/09/21/valeo-partnered-with-gemalto-to-secure-its-virtual-car-key-valeo-inblue/