Chris Swan, profile picture
Uploaded byChris Swan
PPTX, PDF5,133 views

Security protocols in constrained environments

Security protocols like SSL, TLS, and SSH can be implemented on low-power embedded systems but with some challenges. On low-end 8-bit AVR microcontrollers like those in most Arduinos, security protocols are not feasible due to insufficient SRAM. Mid-to-high-end ARM-based microcontrollers can support security protocols with effort to configure libraries, keys, and cipher suites. Linux-based systems like the Raspberry Pi easily support security protocols using package managers. The main issues are limited memory on low-end systems and needing to handle libraries, keys, and cipher suites for higher-end embedded platforms.

Embed presentation

Downloaded 37 times
Security protocols in constrained environments Chris Swan @cpswan
TL;DR System type Such as Will it work? The issue Low end embedded Atmel 8-bit AVR (most Arduino), TI MSP-430 No SRAM Mid-high end embedded Anything ARM based (e.g. STM Discovery, TI Stellaris) inc. Arduino Due With some effort Library, key and cipher suite wrangling Linux OS Raspberry Pi, BeagleBone, Arduino Yún Yes -
Agenda • Anatomy of a security protocol – The key exchange dance • • • • Linux makes things easy Libraries for higher end microcontrollers SRAM on low end microcontrollers Summary
Which security protocols? The ‘S’ protocols: Secure Sockets Layer (SSL) Superseded by Transport Layer Security (TLS) Secure SHell (SSH) Internet Protocol Security (IPsec)
SSL Handshake
Client Hello
It’s a similar story for SSH
and IPsec
Linux makes this easy If not already built in to a particular distribution then use favourite package manager to get: (no relation)
Things get trickier with embedded But by no means impossible…
Stack trades offs may be made
But those keys won’t fit into 2K At least not with anything resembling a useful application… … Arduino struggles with MQTT and 1wire
Summary System type Such as Will it work? The issue Low end embedded Atmel 8-bit AVR (most Arduino), TI MSP-430 No SRAM Mid-high end embedded Anything ARM based (e.g. STM Discovery, TI Stellaris) inc. Arduino Due With some effort Library, key and cipher suite wrangling Linux OS Raspberry Pi, BeagleBone, Arduino Yún Yes -
Questions?
Further reading PolarSSL tutorial https://polarssl.org/kb/how-to/polarssl-tutorial AVR32753: AVR32 UC3 How to connect to an SSL-server http://www.atmel.com/Images/doc32111.pdf STM32 Discovery: Porting Polar SSL http://hobbymc.blogspot.co.uk/2011/02/stm32discovery-porting-polar-ssl.html

More Related Content

PDF
FVCP 20191113
byLorin Olsen
 
PDF
Hack wifi password using kali linux
byHelder Oliveira
 
PPTX
IPsec vpn
bysharetech
 
PPTX
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
byir. Carmelo Zaccone
 
PPTX
ITNetworkSecurity_GabrielBorlean
byGabriel Borlean (CCNP, CCDP)
 
ODP
Acid
byMichael Boman
 
PPT
Secure shell ppt
bysravya raju
 
PDF
SSH
byZach Dennis
 
FVCP 20191113
byLorin Olsen
 
Hack wifi password using kali linux
byHelder Oliveira
 
IPsec vpn
bysharetech
 
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
byir. Carmelo Zaccone
 
ITNetworkSecurity_GabrielBorlean
byGabriel Borlean (CCNP, CCDP)
 
Acid
byMichael Boman
 
Secure shell ppt
bysravya raju
 
SSH
byZach Dennis
 

Similar to Security protocols in constrained environments

PDF
Chris Swan's presentation for Thingmonk 2014 - security protocols in constra...
byCohesive Networks
 
PPTX
Securing the Internet of Things
byPaul Fremantle
 
PPTX
mbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystem
byarmmbed
 
PDF
Survey of Operating Systems for the IoT Environment
byEswar Publications
 
PPT
Securing Syslog On FreeBSD
byAlbert Mietus
 
PPT
securing_syslog_onFreeBSD
bywebuploader
 
PDF
Securing a Raspberry Pi and other DIY IoT devices
byIan Kluft
 
PDF
Resilient IoT Security: The end of flat security models
byMilosch Meriac
 
PDF
The 5 elements of IoT security
byJulien Vermillard
 
PDF
IRJET - Cryptographic Communication between Two ESP32 Devices
byIRJET Journal
 
Chris Swan's presentation for Thingmonk 2014 - security protocols in constra...
byCohesive Networks
 
Securing the Internet of Things
byPaul Fremantle
 
mbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystem
byarmmbed
 
Survey of Operating Systems for the IoT Environment
byEswar Publications
 
Securing Syslog On FreeBSD
byAlbert Mietus
 
securing_syslog_onFreeBSD
bywebuploader
 
Securing a Raspberry Pi and other DIY IoT devices
byIan Kluft
 
Resilient IoT Security: The end of flat security models
byMilosch Meriac
 
The 5 elements of IoT security
byJulien Vermillard
 
IRJET - Cryptographic Communication between Two ESP32 Devices
byIRJET Journal
 

More from Chris Swan

PDF
IoTSF Webinar Sep 2025 - Software Supply Chain Security
byChris Swan
 
PDF
Software Bill of Materials (SBOMs) for C applications [FOSDEM 2025]
byChris Swan
 
PDF
Cyber Resilience Act - CTO Lunch Club 20241129
byChris Swan
 
PDF
Rules of Engagement for Forking a Dependency (SOSS Community Day Europe 2024)
byChris Swan
 
PDF
Showing that you care about security for your open source (hardware) project
byChris Swan
 
PDF
Fluttercon 2024: Showing that you care about security - OpenSSF Scorecards fo...
byChris Swan
 
PDF
LNETM - Atsign - Privacy with Personal Data Services
byChris Swan
 
PDF
SOOCon24 - Showing that you care about security - OpenSSF Scorecards
byChris Swan
 
PDF
All Day DevOps 2023 - Implementing OSSF Scorecards Across an Organisation.pdf
byChris Swan
 
PDF
Fluttercon Berlin 23 - Dart & Flutter on RISC-V
byChris Swan
 
PDF
QConNY 2023 - Implementing OSSF Scorecards Across an Organisation
byChris Swan
 
PDF
Flutter SV Meetup Oct 2022 - End to end encrypted IoT with Dart and Flutter
byChris Swan
 
PDF
QConSF 2022 - Backends in Dart
byChris Swan
 
PDF
London IoT Meetup Sep 2022 - End to end encrypted IoT
byChris Swan
 
PDF
Flutter Vikings 2022 - End to end IoT with Dart and Flutter
byChris Swan
 
PDF
EMFcamp2022 - What if apps logged into you, instead of you logging into apps?
byChris Swan
 
PDF
Devoxx UK 2022 - Application security: What should the attack landscape look ...
byChris Swan
 
PDF
Flutter Festival London 2022 - End to end IoT with Dart and Flutter
byChris Swan
 
PDF
Full Stack Squared 2022 - Power of Open Source
byChris Swan
 
PDF
Flutter Vikings 2022 - Full Stack Dart
byChris Swan
 
IoTSF Webinar Sep 2025 - Software Supply Chain Security
byChris Swan
 
Software Bill of Materials (SBOMs) for C applications [FOSDEM 2025]
byChris Swan
 
Cyber Resilience Act - CTO Lunch Club 20241129
byChris Swan
 
Rules of Engagement for Forking a Dependency (SOSS Community Day Europe 2024)
byChris Swan
 
Showing that you care about security for your open source (hardware) project
byChris Swan
 
Fluttercon 2024: Showing that you care about security - OpenSSF Scorecards fo...
byChris Swan
 
LNETM - Atsign - Privacy with Personal Data Services
byChris Swan
 
SOOCon24 - Showing that you care about security - OpenSSF Scorecards
byChris Swan
 
All Day DevOps 2023 - Implementing OSSF Scorecards Across an Organisation.pdf
byChris Swan
 
Fluttercon Berlin 23 - Dart & Flutter on RISC-V
byChris Swan
 
QConNY 2023 - Implementing OSSF Scorecards Across an Organisation
byChris Swan
 
Flutter SV Meetup Oct 2022 - End to end encrypted IoT with Dart and Flutter
byChris Swan
 
QConSF 2022 - Backends in Dart
byChris Swan
 
London IoT Meetup Sep 2022 - End to end encrypted IoT
byChris Swan
 
Flutter Vikings 2022 - End to end IoT with Dart and Flutter
byChris Swan
 
EMFcamp2022 - What if apps logged into you, instead of you logging into apps?
byChris Swan
 
Devoxx UK 2022 - Application security: What should the attack landscape look ...
byChris Swan
 
Flutter Festival London 2022 - End to end IoT with Dart and Flutter
byChris Swan
 
Full Stack Squared 2022 - Power of Open Source
byChris Swan
 
Flutter Vikings 2022 - Full Stack Dart
byChris Swan
 

Recently uploaded

PPTX
AN Introduction to UNIX File System—An Approach
bysonjuktaweb
 
PDF
How Application Performance Monitoring Tools Are Used in Performance Testing
byhenrycavill30521
 
PDF
A Brief Introduction About Christopher Elwell Woburn
byChristopher Elwell Woburn
 
PDF
Small Business Automation: A Comprehensive Cost and ROI Guide
byAmelia Swank
 
PDF
Unit 1.2 Components of a Computer System.pdf
bySanieBautista
 
PPT
Carole BirdCarole BirdCarole BirdCarole Bird.ppt
byk4n3kictf
 
PPTX
Compare and contrast types of attacks.pptx
bysyednaqihassan14
 
DOCX
Top Websites To ⭐Buy ⭐Old ⭐Gmail ⭐Accounts (PVA & Bulk) (5).docx
byBuy Old Gmail Accounts
 
PDF
Xemelgo - RFID Industry Predictions for 2026
byRich Rogers
 
PDF
AI Driven & AI Native Development AI native development
byZainKarim7
 
PPTX
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
PDF
Ai In Courts Ai in courts AI in court AI in court
byZainKarim7
 
PDF
What is Voice User Interface (VUI) Definition & Examples.pdf
byDesign Studio UI UX
 
PPTX
UNIT III TYPOLOGY OF CRIME AND CRIMINAL BEHAVIOUR (1).pptx
bybloodyhumanoid
 
PPT
Information and Communication Technologies and Power
byJeffrey Hart
 
PPTX
Corporate AI Training to AI Enable a Company Workforce
byStélio Inácio
 
PDF
Top Benefits of Using KVM VPS Hosting for Growing Businesses
byEthernet Servers
 
PDF
IAI-Unit1-notes useful.............................
bydinesh620610
 
PDF
“Lessons from Yesterday's Tomorrowland” by Scott M. Graffius
byScott M. Graffius
 
PDF
Artificial Intelligence(AI) full Book.pdf
bydeyanimesh299
 
AN Introduction to UNIX File System—An Approach
bysonjuktaweb
 
How Application Performance Monitoring Tools Are Used in Performance Testing
byhenrycavill30521
 
A Brief Introduction About Christopher Elwell Woburn
byChristopher Elwell Woburn
 
Small Business Automation: A Comprehensive Cost and ROI Guide
byAmelia Swank
 
Unit 1.2 Components of a Computer System.pdf
bySanieBautista
 
Carole BirdCarole BirdCarole BirdCarole Bird.ppt
byk4n3kictf
 
Compare and contrast types of attacks.pptx
bysyednaqihassan14
 
Top Websites To ⭐Buy ⭐Old ⭐Gmail ⭐Accounts (PVA & Bulk) (5).docx
byBuy Old Gmail Accounts
 
Xemelgo - RFID Industry Predictions for 2026
byRich Rogers
 
AI Driven & AI Native Development AI native development
byZainKarim7
 
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
Ai In Courts Ai in courts AI in court AI in court
byZainKarim7
 
What is Voice User Interface (VUI) Definition & Examples.pdf
byDesign Studio UI UX
 
UNIT III TYPOLOGY OF CRIME AND CRIMINAL BEHAVIOUR (1).pptx
bybloodyhumanoid
 
Information and Communication Technologies and Power
byJeffrey Hart
 
Corporate AI Training to AI Enable a Company Workforce
byStélio Inácio
 
Top Benefits of Using KVM VPS Hosting for Growing Businesses
byEthernet Servers
 
IAI-Unit1-notes useful.............................
bydinesh620610
 
“Lessons from Yesterday's Tomorrowland” by Scott M. Graffius
byScott M. Graffius
 
Artificial Intelligence(AI) full Book.pdf
bydeyanimesh299
 

Security protocols in constrained environments

  • 1.
    Security protocols inconstrained environments Chris Swan @cpswan
  • 2.
    TL;DR System type Such as Willit work? The issue Low end embedded Atmel 8-bit AVR (most Arduino), TI MSP-430 No SRAM Mid-high end embedded Anything ARM based (e.g. STM Discovery, TI Stellaris) inc. Arduino Due With some effort Library, key and cipher suite wrangling Linux OS Raspberry Pi, BeagleBone, Arduino Yún Yes -
  • 3.
    Agenda • Anatomy ofa security protocol – The key exchange dance • • • • Linux makes things easy Libraries for higher end microcontrollers SRAM on low end microcontrollers Summary
  • 4.
    Which security protocols? The‘S’ protocols: Secure Sockets Layer (SSL) Superseded by Transport Layer Security (TLS) Secure SHell (SSH) Internet Protocol Security (IPsec)
  • 5.
  • 6.
  • 7.
    It’s a similarstory for SSH
  • 8.
  • 9.
    Linux makes thiseasy If not already built in to a particular distribution then use favourite package manager to get: (no relation)
  • 10.
    Things get trickierwith embedded But by no means impossible…
  • 11.
    Stack trades offsmay be made
  • 12.
    But those keyswon’t fit into 2K At least not with anything resembling a useful application… … Arduino struggles with MQTT and 1wire
  • 13.
    Summary System type Such as Willit work? The issue Low end embedded Atmel 8-bit AVR (most Arduino), TI MSP-430 No SRAM Mid-high end embedded Anything ARM based (e.g. STM Discovery, TI Stellaris) inc. Arduino Due With some effort Library, key and cipher suite wrangling Linux OS Raspberry Pi, BeagleBone, Arduino Yún Yes -
  • 14.
  • 15.
    Further reading PolarSSL tutorial https://polarssl.org/kb/how-to/polarssl-tutorial AVR32753:AVR32 UC3 How to connect to an SSL-server http://www.atmel.com/Images/doc32111.pdf STM32 Discovery: Porting Polar SSL http://hobbymc.blogspot.co.uk/2011/02/stm32discovery-porting-polar-ssl.html