Helsinki System Security Lab Internship (1H/2025 or summer 2025)

GlobalPlatform TPS Credential Store Service

Looking for a summer internship? Join us at Huawei! At Huawei, innovation is at the heart of everything we do. We transform bold ideas into groundbreaking products and services that redefine industries. Bring your passion and dedication, and you’ll have the opportunity to make a real impact. Our team of forward-thinking professionals collaborates to develop world-class technology that empowers millions of people globally. We're committed to digital transformation, sustainability, and creating a more connected, intelligent world. If you're passionate about Security technology and want to contribute to this exciting area, we'd love to invite you join us!

GlobalPlatform (GP) [1] is a standardization organization that focuses on secure components (Secure Elements (SE) and Trusted Execution Environment (TEE)) and their commercial use in consumer products. In recent years, GP has been specifying a common layer above the secure components where their usage would be transparent to the application requiring security services. Trusted Platform Services (TPS) specification effort [2] is nearing its first milestone as first TPS specifications are expected to be published by first quarter of 2025. Huawei has been major contributor to the TPS and have world leading expertise in the area.

In GlobalPlatform, the TPS standardization is entering a second phase, and of the next tasks is to identify new TPS Services that should be standardized. At Huawei, we are visioning a service that could be used by Identity Wallets, i.e., a TPS Credential Store Service. This service would be able to securely store end user’s credentials, e.g., Verifiable Credentials (VCs), and provide them to a trusted third party for credential verifications, e.g., as Verifiable Presentations (VPs). Relevant for this work would be the forthcoming EUDI Wallet [3] and their functionality in mobile devices, W3C specifications such as Verification Credentials specification [4] and De-centralized Identity (DID) specification [5], OpenID Connect specifications like Self-Issued OpenID Provider (SIOP) [6], and ISO/IEC specifications like Mobile Driving License (mDL) specification family [7,8] and forthcoming Identity Management via Mobile Devices (mID-App) specification family [9-15]. Also, Google has worked on similar functionalities for Android [16,17].

In this work, the intern to HSSL will together with our experts participate in a project where the TPS Credential Store Service is designed and potentially implemented. From student’s perspective the task will start with a literature survey and proceed with designing the framework for the TPS Credential Store service. We hope that the results of this project can be used in future standardization efforts in GlobalPlatform.

[1] https://globalplatform.org

[2] https://globalplatform.org/technical-committees/trusted-platform-services-tps-committee/

[3] https://github.com/eu-digital-identity-wallet

[4] https://www.w3.org/TR/vc-data-model-2.0/

[5] https://www.w3.org/TR/did-core/

[6] https://openid.net/specs/openid-connect-self-issued-v2-1_0.html

[7] ISO/IEC 18013-5: https://www.iso.org/standard/69084.html

[8] ISO/IEC 18013-7: https://www.iso.org/standard/82772.html

[9] ISO/IEC 23220-1: https://www.iso.org/standard/74910.html

[10] ISO/IEC TS 23220-2 (under development): https://www.iso.org/standard/86782.html

[11] ISO/IEC TS 23220-3 (under development): https://www.iso.org/standard/86783.html

[12] ISO/IEC TS 23220-4 (under development): https://www.iso.org/standard/86785.html

[13] ISO/IEC TS 23220-5 (under development): https://www.iso.org/standard/86786.html

[14] ISO/IEC TS 23220-6 (under development): https://www.iso.org/standard/86787.html

[15] ISO/IEC AWI 23220-7 (under development): https://www.iso.org/standard/90046.html

[16] https://source.android.com/docs/security/features/identity-credentials

[17] https://developer.android.com/reference/android/security/identity/package-summary

We are looking for:

• A M.Sc. thesis worker (i.e. you write the thesis for your university, in an industry-sponsored manner). In special cases we also may consider this topic to be a summer internship, in that case the applicant should have completed most of their M.Sc. Courses (CS/E.Eng).
• Background (courses) in platform security, cryptography, security protocols, or equivalent
• Good/excellent skills to absorb material, and interact in English
• Good teamwork skills

The following we count as advantage:

• Familiarity with standardization and EUDI Wallet.
• Coding experience with some programming language.
• An interest to do research and explore new challenges.

Location and internship period: This is a 6-month internship based at our Helsinki, Ruoholahti office.

The Helsinki Systems Security Laboratory in Huawei Finland (HSSL) drives renewal and mastery in the field of platform / device related security technologies for the mobile device. Our topical expertise lies in hardware-assisted isolation and system protection (hypervisor, TEE, kernel hardening) as well as functions like device key management, attestation and integrity.