Embedded Security for Devices July, 2014 www.wolfssl.com (425) 245-8247 About wolfSSL Founded: 2004 Location: Bozeman, MT Seattle, WA Portland, OR Our Focus: Open Source Embedded Security (for Applications, Devices, and the Cloud) Products: - CyaSSL, yaSSL - wolfCrypt - yaSSL Embedded Web Server © Copyright 2014 wolfSSL CyaSSL Embedded SSL Library Features • Standards up to TLS 1.2 and DTLS 1.2 • Minimum footprint size of 20-100 kB • Minimum RAM usage: 1-36kB • • • • • Web server integration (yaSSLEWS, Lighttpd, Mongoose, GoAhead) OpenSSL Compatibility Layer Support for multiple Hardware Crypto modules (ex: Microchip PIC32MZ) NSA Suite-B Compatible Microchip MPLAB Harmony Compatible • 20 times smaller than OpenSSL! © Copyright 2014 wolfSSL CyaSSL Embedded SSL Library Algorithm Support MD2, MD4, MD5, SHA-1, SHA-2, SHA-3, RIPEMD Hash Functions DES, 3DES, AES, Camellia Block Ciphers ARC4, RABBIT, HC-128 Stream Ciphers AES-GCM, AES-CCM Authenticated Ciphers RSA, ECC, DSS, DH, EDH Public Key Options HMAC, PBKDF2 Password-based Key Derivation Supported Environments Bare Metal / No OS Win32/64, Linux, Mac OS X, Solaris, ThreadX, VxWorks, FreeBSD, NetBSD, OpenBSD, embedded Linux, Haiku, OpenWRT, iPhone (iOS), Android, Nintendo Wii and Gamecube through DevKitPro, QNX, MontaVista, OpenCL, NonStop, Tron/itron/microitron, Micrium’s uC OS, FreeRTOS, SafeRTOS, Freescale MQX, Nucleus, TinyOS, HP/UX © Copyright 2014 wolfSSL OR yaSSL Embedded Web Server Features • • • • • • Fast, lightweight, easy-to-use web server Default size, with CyaSSL enabled (HTTPS) of less than 200kB Embeddable size without SSL of 40kB Source is a single .c file for simplicity Multiple operating environments supported CGI Support, Aliases, Resumed Downloads, IP Restrictions and much more • Commercial support and licenses available, royalty-free © Copyright 2014 wolfSSL What is SSL / TLS? • Layered between Transport and Application Layers Protocols Secured by SSL/TLS SSL Handshake Protocol SSL Change Cipher Spec Protocol SSL Alert Protocol HTTP LDAP, etc. HTTP SSL Record Layer SMTP, etc. Application Layer TCP Transport Layer IP Internet Layer Network Access Network Layer © Copyright 2014 wolfSSL What is SSL / TLS? • Enables secure client/server communication by providing: Privacy + Prevent eavesdropping Authentication + Prevent impersonation Integrity + Prevent modification • Uses variety of encryption algorithms to secure data Hashing Functions MD5, SHA, SHA256 … Block and Stream Ciphers DES, 3DES, AES, ARC4 … Public Key Options RSA, ECC, NTRU … © Copyright 2014 wolfSSL “ CIPHER SUITE ” What is SSL / TLS? • A common “CIPHER SUITE” is negotiated during the “SSL Handshake” Protocol_keyexchange_WITH_bulkencryption_mode_messageauth SSL_RSA_WITH_DES_CBC_SHA SSL_DHE_RSA_WITH_DES_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA © Copyright 2014 wolfSSL What is SSL / TLS? Simplified SSL Handshake Diagram © Copyright 2014 wolfSSL What is SSL / TLS? • Current SSL / TLS / DTLS Versions Notes: 1995 1996 SSL 2.0 SSL 3.0 1999 2006 2008 TLS 1.0 TLS 1.1 TLS 1.2 2012 DTLS 1.2 • • • • SSL 2.0 is insecure SSL = “Secure Sockets Layer” TLS = “Transport Layer Security” DTLS = “Datagram TLS” DTLS 1.0 © Copyright 2014 wolfSSL Contact wolfSSL http://www.wolfssl.com Your one-stop for everything wolfSSL. Email: [email protected] Phone: (425) 245-8247 © Copyright 2014 wolfSSL