Embedded Security for Devices

Embedded Security for Devices
July, 2014
www.wolfssl.com
(425) 245-8247
About wolfSSL
Founded:
2004
Location:
Bozeman, MT
Seattle, WA
Portland, OR
Our Focus: Open Source Embedded Security
(for Applications, Devices, and the Cloud)
Products:
- CyaSSL, yaSSL
- wolfCrypt
- yaSSL Embedded Web Server
© Copyright 2014 wolfSSL
CyaSSL Embedded SSL Library
Features
• Standards up to TLS 1.2 and DTLS 1.2
• Minimum footprint size of 20-100 kB
• Minimum RAM usage: 1-36kB
•
•
•
•
•
Web server integration (yaSSLEWS, Lighttpd, Mongoose, GoAhead)
OpenSSL Compatibility Layer
Support for multiple Hardware Crypto modules (ex: Microchip PIC32MZ)
NSA Suite-B Compatible
Microchip MPLAB Harmony Compatible
• 20 times smaller than OpenSSL!
© Copyright 2014 wolfSSL
CyaSSL Embedded SSL Library
Algorithm Support
MD2, MD4, MD5, SHA-1, SHA-2, SHA-3,
RIPEMD
Hash Functions
DES, 3DES, AES, Camellia
Block Ciphers
ARC4, RABBIT, HC-128
Stream Ciphers
AES-GCM, AES-CCM
Authenticated Ciphers
RSA, ECC, DSS, DH, EDH
Public Key Options
HMAC, PBKDF2
Password-based Key Derivation
Supported Environments
Bare Metal / No OS
Win32/64, Linux, Mac OS X, Solaris, ThreadX, VxWorks, FreeBSD,
NetBSD, OpenBSD, embedded Linux, Haiku, OpenWRT, iPhone (iOS),
Android, Nintendo Wii and Gamecube through DevKitPro, QNX,
MontaVista, OpenCL, NonStop, Tron/itron/microitron, Micrium’s uC
OS, FreeRTOS, SafeRTOS, Freescale MQX, Nucleus, TinyOS, HP/UX
© Copyright 2014 wolfSSL
OR
yaSSL Embedded Web Server
Features
•
•
•
•
•
•
Fast, lightweight, easy-to-use web server
Default size, with CyaSSL enabled (HTTPS) of less than 200kB
Embeddable size without SSL of 40kB
Source is a single .c file for simplicity
Multiple operating environments supported
CGI Support, Aliases, Resumed Downloads, IP Restrictions and much more
• Commercial support and licenses available, royalty-free
© Copyright 2014 wolfSSL
What is SSL / TLS?
• Layered between Transport and Application Layers
Protocols Secured by
SSL/TLS
SSL
Handshake
Protocol
SSL Change
Cipher Spec
Protocol
SSL Alert
Protocol
HTTP
LDAP,
etc.
HTTP
SSL Record Layer
SMTP,
etc.
Application Layer
TCP
Transport Layer
IP
Internet Layer
Network Access
Network Layer
© Copyright 2014 wolfSSL
What is SSL / TLS?
• Enables secure client/server communication by providing:
Privacy
+ Prevent eavesdropping
Authentication
+ Prevent impersonation
Integrity
+ Prevent modification
• Uses variety of encryption algorithms to secure data
Hashing Functions
MD5, SHA, SHA256 …
Block and Stream Ciphers
DES, 3DES, AES, ARC4 …
Public Key Options
RSA, ECC, NTRU …
© Copyright 2014 wolfSSL
“ CIPHER SUITE ”
What is SSL / TLS?
• A common “CIPHER SUITE” is negotiated during the “SSL Handshake”
Protocol_keyexchange_WITH_bulkencryption_mode_messageauth
SSL_RSA_WITH_DES_CBC_SHA
SSL_DHE_RSA_WITH_DES_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
© Copyright 2014 wolfSSL
What is SSL / TLS?
Simplified SSL Handshake
Diagram
© Copyright 2014 wolfSSL
What is SSL / TLS?
• Current SSL / TLS / DTLS Versions
Notes:
1995
1996
SSL 2.0
SSL 3.0
1999
2006
2008
TLS 1.0
TLS 1.1
TLS 1.2
2012
DTLS 1.2
•
•
•
•
SSL 2.0 is insecure
SSL = “Secure Sockets Layer”
TLS = “Transport Layer Security”
DTLS = “Datagram TLS”
DTLS 1.0
© Copyright 2014 wolfSSL
Contact wolfSSL
http://www.wolfssl.com
Your one-stop for everything wolfSSL.
Email: [email protected]
Phone: (425) 245-8247
© Copyright 2014 wolfSSL
Similar pages