Security protocols in constrained environments

4,070 views

Published on

From Open Source Hardware Users Group (OSHUG #31)

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
4,070
On SlideShare
0
From Embeds
0
Number of Embeds
2,452
Actions
Shares
0
Downloads
33
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Security protocols in constrained environments

  1. 1. Security protocols in constrained environments Chris Swan @cpswan
  2. 2. TL;DR System type Such as Will it work? The issue Low end embedded Atmel 8-bit AVR (most Arduino), TI MSP-430 No SRAM Mid-high end embedded Anything ARM based (e.g. STM Discovery, TI Stellaris) inc. Arduino Due With some effort Library, key and cipher suite wrangling Linux OS Raspberry Pi, BeagleBone, Arduino Yún Yes -
  3. 3. Agenda • Anatomy of a security protocol – The key exchange dance • • • • Linux makes things easy Libraries for higher end microcontrollers SRAM on low end microcontrollers Summary
  4. 4. Which security protocols? The ‘S’ protocols: Secure Sockets Layer (SSL) Superseded by Transport Layer Security (TLS) Secure SHell (SSH) Internet Protocol Security (IPsec)
  5. 5. SSL Handshake
  6. 6. Client Hello
  7. 7. It’s a similar story for SSH
  8. 8. and IPsec
  9. 9. Linux makes this easy If not already built in to a particular distribution then use favourite package manager to get: (no relation)
  10. 10. Things get trickier with embedded But by no means impossible…
  11. 11. Stack trades offs may be made
  12. 12. But those keys won’t fit into 2K At least not with anything resembling a useful application… … Arduino struggles with MQTT and 1wire
  13. 13. Summary System type Such as Will it work? The issue Low end embedded Atmel 8-bit AVR (most Arduino), TI MSP-430 No SRAM Mid-high end embedded Anything ARM based (e.g. STM Discovery, TI Stellaris) inc. Arduino Due With some effort Library, key and cipher suite wrangling Linux OS Raspberry Pi, BeagleBone, Arduino Yún Yes -
  14. 14. Questions?
  15. 15. Further reading PolarSSL tutorial https://polarssl.org/kb/how-to/polarssl-tutorial AVR32753: AVR32 UC3 How to connect to an SSL-server http://www.atmel.com/Images/doc32111.pdf STM32 Discovery: Porting Polar SSL http://hobbymc.blogspot.co.uk/2011/02/stm32discovery-porting-polar-ssl.html

×