security protocols in constrained environments
DESCRIPTION
From Open Source Hardware Users Group (OSHUG #31)TRANSCRIPT
![Page 1: Security protocols in constrained environments](https://reader033.vdocument.in/reader033/viewer/2022061300/54c863d04a79590c2a8b4584/html5/thumbnails/1.jpg)
Security protocols in constrained environments
Chris Swan@cpswan
![Page 2: Security protocols in constrained environments](https://reader033.vdocument.in/reader033/viewer/2022061300/54c863d04a79590c2a8b4584/html5/thumbnails/2.jpg)
TL;DRSystem type Such as Will it work? The issue
Low end embedded Atmel 8-bit AVR (most Arduino),TI MSP-430
No SRAM
Mid-high end embedded
Anything ARM based (e.g. STM Discovery, TI Stellaris) inc. Arduino Due
With some effort Library, key and cipher suite wrangling
Linux OS Raspberry Pi, BeagleBone, Arduino Yún
Yes -
![Page 3: Security protocols in constrained environments](https://reader033.vdocument.in/reader033/viewer/2022061300/54c863d04a79590c2a8b4584/html5/thumbnails/3.jpg)
Agenda
• Anatomy of a security protocol– The key exchange dance
• Linux makes things easy• Libraries for higher end microcontrollers• SRAM on low end microcontrollers• Summary
![Page 4: Security protocols in constrained environments](https://reader033.vdocument.in/reader033/viewer/2022061300/54c863d04a79590c2a8b4584/html5/thumbnails/4.jpg)
Which security protocols?
The ‘S’ protocols:
Secure Sockets Layer (SSL)Superseded by Transport Layer Security (TLS)
Secure SHell (SSH)
Internet Protocol Security (IPsec)
![Page 5: Security protocols in constrained environments](https://reader033.vdocument.in/reader033/viewer/2022061300/54c863d04a79590c2a8b4584/html5/thumbnails/5.jpg)
SSL Handshake
![Page 6: Security protocols in constrained environments](https://reader033.vdocument.in/reader033/viewer/2022061300/54c863d04a79590c2a8b4584/html5/thumbnails/6.jpg)
Client Hello
![Page 7: Security protocols in constrained environments](https://reader033.vdocument.in/reader033/viewer/2022061300/54c863d04a79590c2a8b4584/html5/thumbnails/7.jpg)
It’s a similar story for SSH
![Page 8: Security protocols in constrained environments](https://reader033.vdocument.in/reader033/viewer/2022061300/54c863d04a79590c2a8b4584/html5/thumbnails/8.jpg)
and IPsec
![Page 9: Security protocols in constrained environments](https://reader033.vdocument.in/reader033/viewer/2022061300/54c863d04a79590c2a8b4584/html5/thumbnails/9.jpg)
Linux makes this easy
If not already built in to a particular distribution then use favourite package manager to get:
(no relation)
![Page 10: Security protocols in constrained environments](https://reader033.vdocument.in/reader033/viewer/2022061300/54c863d04a79590c2a8b4584/html5/thumbnails/10.jpg)
Things get trickier with embedded
But by no means impossible…
![Page 11: Security protocols in constrained environments](https://reader033.vdocument.in/reader033/viewer/2022061300/54c863d04a79590c2a8b4584/html5/thumbnails/11.jpg)
Stack trades offs may be made
![Page 12: Security protocols in constrained environments](https://reader033.vdocument.in/reader033/viewer/2022061300/54c863d04a79590c2a8b4584/html5/thumbnails/12.jpg)
But those keys won’t fit into 2K
At least not with anything resembling a useful application…
… Arduino struggles with MQTT and 1wire
![Page 13: Security protocols in constrained environments](https://reader033.vdocument.in/reader033/viewer/2022061300/54c863d04a79590c2a8b4584/html5/thumbnails/13.jpg)
SummarySystem type Such as Will it work? The issue
Low end embedded Atmel 8-bit AVR (most Arduino),TI MSP-430
No SRAM
Mid-high end embedded
Anything ARM based (e.g. STM Discovery, TI Stellaris) inc. Arduino Due
With some effort Library, key and cipher suite wrangling
Linux OS Raspberry Pi, BeagleBone, Arduino Yún
Yes -
![Page 14: Security protocols in constrained environments](https://reader033.vdocument.in/reader033/viewer/2022061300/54c863d04a79590c2a8b4584/html5/thumbnails/14.jpg)
Questions?
![Page 15: Security protocols in constrained environments](https://reader033.vdocument.in/reader033/viewer/2022061300/54c863d04a79590c2a8b4584/html5/thumbnails/15.jpg)
Further reading
PolarSSL tutorialhttps://polarssl.org/kb/how-to/polarssl-tutorial
AVR32753: AVR32 UC3 How to connect to an SSL-server http://www.atmel.com/Images/doc32111.pdf
STM32 Discovery: Porting Polar SSLhttp://hobbymc.blogspot.co.uk/2011/02/stm32-discovery-porting-polar-ssl.html