The document discusses security protocols relevant to various embedded systems, focusing on their compatibility with low and mid-high end microcontrollers. It emphasizes the challenges and solutions in implementing protocols like SSL/TLS, SSH, and IPsec, particularly in constrained environments. Additional resources for further reading on securing communications are also provided.

1. copyright 2014 1
Security protocols in
constrained environments
Chris Swan, CTO
@cpswan
Cloud native networking

2. copyright 2014
TL;DR
System type Such as Will it work? The issue
Low end
embedded
Atmel 8-bit AVR
(most Arduino),
TI MSP-430
No SRAM
Mid-high end
embedded
Anything ARM
based (e.g. STM
Discovery, TI
Stellaris) inc.
Arduino Due
With some effort Library, key and
cipher suite
wrangling
Linux OS Raspberry Pi,
BeagleBone,
Arduino Yún
Yes -

3. copyright 2014
What would #FHB say?
3

4. copyright 2014
Agenda
• Anatomy of a security protocol
• The key exchange dance
• Linux makes things easy
• Libraries for higher end microcontrollers
• SRAM on low end microcontrollers
• 2014 – things happened
• Summary

5. copyright 2014
Which security protocols?
The ‘S’ protocols:
Secure Sockets Layer (SSL)
Superseded by Transport Layer Security (TLS)
Secure SHell (SSH)
Internet Protocol Security (IPsec)

6. copyright 2014
SSL Handshake

7. copyright 2014
Client Hello

8. copyright 2014
It’s a similar story for SSH

9. copyright 2014
and IPsec

10. copyright 2014
Linux makes this easy
If not already built in to a particular distribution then use
favourite package manager to get:
(no relation)

11. copyright 2014
Things get trickier with embedded
But by no means impossible…

12. copyright 2014
Stack trades offs may be made

13. copyright 2014
But those keys won’t fit into 2K
At least not with anything resembling a useful application…
… regular Arduino struggles with MQTT and 1wire

14. copyright 2014
Things that happened…
14

15. copyright 2014
Things that are happening…
15

16. copyright 2014
Summary
System type Such as Will it work? The issue
Low end
embedded
Atmel 8-bit AVR
(most Arduino),
TI MSP-430
No SRAM
Mid-high end
embedded
Anything ARM
based (e.g. STM
Discovery, TI
Stellaris) inc.
Arduino Due
With some effort Library, key and
cipher suite
wrangling
Linux OS Raspberry Pi,
BeagleBone,
Arduino Yún
Yes -

17. copyright 2014
Further reading
PolarSSL tutorial
https://polarssl.org/kb/how-to/polarssl-tutorial
AVR32753: AVR32 UC3 How to connect to an SSL-server
http://www.atmel.com/Images/doc32111.pdf
STM32 Discovery: Porting Polar SSL
http://hobbymc.blogspot.co.uk/2011/02/stm32-discovery-porting-polar-ssl.html
Netflix tech Blog: Message Security Layer: A Modern Take on Securing
Communication
http://techblog.netflix.com/2014/10/message-security-layer-modern-take-on.html

18. copyright 2014 18
Chicago, US
ContactMe@cohesiveft.com
+1 888 444 3962
Questions?