Research Intern, Device Keystore as an MCP Tool for AI Agents

Description du poste:

Helsinki System Security Lab Internship 2026, Device Keystore as an MCP Tool for AI Agents

As AI agents gain the capability to use external tools, securely exposing cryptographic operations becomes increasingly important. Modern devices include hardware-backed keystores (e.g., TPM, Secure Element, Secure Enclave) that protect keys and enforce strict usage policies. Integrating these keystores into the Model Context Protocol (MCP) would allow AI agents to request signing, verification, or decryption operations while ensuring that private keys remain isolated and policies are respected.

The research problem is to design and prototype an architecture where a device keystore is safely exposed as an MCP tool, enabling LLM-driven cryptographic workflows. The key challenges include defining secure abstractions, preventing misuse, enforcing key policies, and ensuring that hardware-backed keys remain protected even when invoked by an AI-controlled agent.

Together with our experts, the student will:

* Study MCP tool design, device keystores, and secure API models.
* Design an architecture for exposing hardware-backed key operations to AI agents.
* Implement a proof-of-concept MCP tool supporting signing, verification, decryption, and certificate/attestation queries.
* Evaluate safety, usability, and policy enforcement in LLM-driven cryptographic workflows.
* Document results and the prototype as a Master's thesis.

We are looking for:

* Students who have completed most of their M.Sc. courses, in the field of CS/E.Eng
* Strong programming skills (Python, C or Rust, perhaps Go).
* Understanding of cryptography fundamentals and secure key handling.
* Familiarity with Linux, containerized environments, and hardware-backed. keystores.
* Sufficient skills to work and interact in English.
* Good team-working skills.
* Students with interest to do research and explore new challenges.

The following we count as advantage:

* Experience with TPM, Secure Enclave, Secure Element, PKCS#11, or similar keystore APIs.
* Knowledge of AI agent architectures, MCP, or secure toolcall design.
* Background in designing or evaluating secure interfaces and threat models.
* Interest in combining practical system security with emerging AI-agent technologies.

Location and internship period: This is a 6-month internship based at our Helsinki, Ruoholahti office.

The Helsinki Systems Security Laboratory in Huawei Finland (HSSL) drives renewal and mastery in the field of platform / device related security technologies for the mobile device. Our topical expertise lies in hardware-assisted isolation and system protection (hypervisor, TEE, kernel hardening) as well as functions like device key management, attestation and integrity