Progressively Securing RIOT-OS!

Similar documents
Considerations in Securing Connected Devices. Chris Conlon

SSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1

Information Security CS 526

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

WAP Security. Helsinki University of Technology S Security of Communication Protocols

Using Cryptography CMSC 414. October 16, 2017

Securing Internet Communication: TLS

Data Security and Privacy. Topic 14: Authentication and Key Establishment

Introduction and Overview. Why CSCI 454/554?

Transport Level Security

Cryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea

Public-key Infrastructure

Public-key Infrastructure

Open Source Internet Security

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

Configuring Secure Socket Layer HTTP

Distributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018

Securing Internet Communication

Internet security and privacy

CS November 2018

SSL Report: cartridgeworld.co.uk ( )

Overview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.

Configuring Secure Socket Layer HTTP

Chapter 4: Securing TCP connections

E-commerce security: SSL/TLS, SET and others. 4.1

Lecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.

Displaying SSL Configuration Information and Statistics

David Wetherall, with some slides from Radia Perlman s security lectures.

Network Security: TLS/SSL. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

CIS 5373 Systems Security

ovirt - PKI Alon Bar-Lev Red Hat

CPSC 467b: Cryptography and Computer Security

CS 356 Internet Security Protocols. Fall 2013

Encryption, Certificates and SSL DAVID COCHRANE PRESENTATION TO BELFAST OWASP CHAPTER OCTOBER 2018

State of TLS usage current and future. Dave Thompson

Findings for

SSL Report: printware.co.uk ( )

PROVING WHO YOU ARE TLS & THE PKI

Symantec Security Information Manager FIPS Operational Mode Guide

Transport Layer Security

Security Protocols and Infrastructures. Winter Term 2010/2011

APNIC elearning: Cryptography Basics

securing a host Matsuzaki maz Yoshinobu

Crypto meets Web Security: Certificates and SSL/TLS

Understand the TLS handshake Understand client/server authentication in TLS. Understand session resumption Understand the limitations of TLS

Technical / Community Update! FOSDEM

COSC 301 Network Management. Lecture 15: SSL/TLS and HTTPS

yassl Architecture and Design

Transport Layer Security

TLS1.2 IS DEAD BE READY FOR TLS1.3

But where'd that extra "s" come from, and what does it mean?

Overview. SSL Cryptography Overview CHAPTER 1

SSL Report: ( )

SSL Report: bourdiol.xyz ( )

Cryptography (Overview)

HTTPS--HTTP Server and Client with SSL 3.0

HOWTO: Setup FTP with TLS support

HTTPS--HTTP Server and Client with SSL 3.0

Kerberized Certificate Issuance Protocol (KX509)

Today s Lecture. Secure Communication. A Simple Protocol. Remote Authentication. A Simple Protocol. Rules. I m Alice. I m Alice

What is a Digital Certificate? Basic Problem. Digital Certificates, Certification Authorities, and Public Key Infrastructure. Sections

Digital Certificates, Certification Authorities, and Public Key Infrastructure. Sections

Lecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005

CPSC 467: Cryptography and Computer Security

Innovative uses as result of DNSSEC

Comparison of SSL/TLS libraries based on Algorithms/languages supported, Platform, Protocols and Performance. By Akshay Thorat

Network Security: TLS/SSL. Tuomas Aura T Network security Aalto University, Nov-Dec 2014

Computer Networking. What is network security? Chapter 7: Network security. Symmetric key cryptography. The language of cryptography

Chapter 6: Digital Certificates Introduction Authentication Methods PKI Digital Certificate Passing

SSL Report: sharplesgroup.com ( )

TLS/sRTP Voice Recording AddPac Technology

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Protocol Comparisons: OpenSSH, SSL/TLS (AT-TLS), IPSec

SSL/TLS Security Assessment of e-vo.ru

Security Protocols and Infrastructures. Winter Term 2015/2016

Sensitive Information in a Wired World

MTAT Applied Cryptography

CSE543 Computer and Network Security Module: Network Security

Universität Hamburg. SSL & Company. Fachbereich Informatik SVS Sicherheit in Verteilten Systemen. Security in TCP/IP. UH, FB Inf, SVS, 18-Okt-04 2

Encryption. INST 346, Section 0201 April 3, 2018

Transport Layer Security

Defending Computer Networks Lecture 23: Transport Layer Security. Stuart Staniford Adjunct Professor of Computer Science

Requirements from the. Functional Package for Transport Layer Security (TLS)

Comodo Certificate Manager Software Version 5.0

Chapter 8 Web Security

Comodo Certificate Manager Software Version 5.6

Action List Modify Configuration Mode Commands

Security Protocols. Professor Patrick McDaniel CSE545 - Advanced Network Security Spring CSE545 - Advanced Network Security - Professor McDaniel

Coming of Age: A Longitudinal Study of TLS Deployment

CIP Security Phase 1 Secure Transport for EtherNet/IP

SharkFest 17 Europe. SSL/TLS Decryption. uncovering secrets. Wednesday November 8th, Peter Wu Wireshark Core Developer

Information Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1

HP Instant Support Enterprise Edition (ISEE) Security overview

PureVPN's OpenVPN Setup Guide for pfsense (2.3.2)

Configuring SSL Security

Configuring Secure Socket Layer HTTP

TLS 1.1 Security fixes and TLS extensions RFC4346

Introduction to Cryptography Lecture 11

IBM Education Assistance for z/os V2R1

Internet Security. - IPSec, SSL/TLS, SRTP - 29th. Oct Lee, Choongho

Transcription:

+ Progressively Securing RIOT-OS! USABILITY AND NECESSITY OF SSL / TLS Slide 1 / 33

We re going to talk about: 1. Why is security important? 2. What is SSL? 3. Where is SSL being used? 4. Features: What to look for in an SSL library? Slide 2 / 33

Why is Security Important? Number of connected devices is ever increasing Frequent Road-blocks: Lack of understanding Insufficient funding Tight deadlines Slide 3 / 33

Why is Security Important? Ivan Ristic: Internet SSL Survey 2010 http://www.ssllabs.com Alexa Top 1M Use SSL 12% AlexaTop 1M Sites 120,000 Use SSL (12%) Slide 4 / 33

What is SSL? X509, Encryption, handshakes, and more. Slide 5 / 33

What is SSL? Enables secure client / server communication, providing: Privacy Authentication Integrity + Prevent eavesdropping + Prevent impersonation + Prevent modification Slide 6 / 33

Where does SSL fit? Layered between Transport and Application layers Protocols Secured by SSL/TLS SSL Handshake Protocol SSL Change Cipher Spec Protocol SSL Alert Protocol HTTP LDAP, etc. HTTP SMTP, etc. SSL Record Layer Application Layer TCP IP Network Access Transport Layer Internet Layer Network Layer Slide 7 / 33

SSL: Authentication Do you really know who you re communicating with??? Alice Bob Slide 8 / 33

SSL: Authentication Generate a key pair (private and public key) Private Public Public Private Alice Bob Slide 9 / 33

SSL: Authentication X.509 Certificate == Wrapper around public key Private X509 Cert Public Public X509 Cert Private Alice Bob Slide 10 / 33

SSL: X.509 Certificates X509 Cert Slide 11 / 33 -----BEGIN CERTIFICATE----- MIIEmDCCA4CgAwIBAgIJAIdKdb6RZtg9MA0GCSqGSIb3DQEBBQUAMIGOMQswCQYD VQQGEwJVUzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFuZDEOMAwG A1UEChMFeWFTU0wxFDASBgNVBAsTC1Byb2dyYW1taW5nMRYwFAYDVQQDEw13d3cu ewfzc2wuy29tmr0wgwyjkozihvcnaqkbfg5pbmzvqhlhc3nslmnvbtaefw0xmtew MjQxODIxNTVaFw0xNDA3MjAxODIxNTVaMIGOMQswCQYDVQQGEwJVUzEPMA0GA1UE CBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFuZDEOMAwGA1UEChMFeWFTU0wxFDAS BgNVBAsTC1Byb2dyYW1taW5nMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJ KoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBAMMD0Sv+OaQyRTtTyIQrKnx0mr2qKlIHR9amNrIHMo7Quml7xsNE ntsbsp0takklz7uhdcg2lersg/elus8n+e/s8yeee5sdr5q/zcx/zsrppuguivvk NPfFsBST9Wd7Onp44QFWVpGmE0KN0jxAnEzv0YbfN1EbDKE79fGjSjXk4c6W3xt+ v06x0bdoqagwga8gc0muxxrntdkcb42gwohamtaduh5aciix11jljhowzu8zza7/ egx7wbid1e5ydvbto6m7o5lencjzdiwz2yrzvcbbbfqsu/8ltmtrefrx04zagbow Y7VyTjDEl4SGLVYv1xX3f8Cu9fxb5fuhutMCAwEAAaOB9jCB8zAdBgNVHQ4EFgQU M9hFZtdohxh+VA1wJ5HHJteFZcAwgcMGA1UdIwSBuzCBuIAUM9hFZtdohxh+VA1w J5HHJteFZcChgZSkgZEwgY4xCzAJBgNVBAYTAlVTMQ8wDQYDVQQIEwZPcmVnb24x ETAPBgNVBAcTCFBvcnRsYW5kMQ4wDAYDVQQKEwV5YVNTTDEUMBIGA1UECxMLUHJv Z3JhbW1pbmcxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkqhkiG9w0BCQEW DmluZm9AeWFzc2wuY29tggkAh0p1vpFm2D0wDAYDVR0TBAUwAwEB/zANBgkqhkiG 9w0BAQUFAAOCAQEAHHxCgSmeIc/Q2MFUb8yuFAk4/2iYmpVTdhh75jB27CgNdafe 4M2O1VUjakcrTo38fQaj2A+tXtYEyQAz+3cn07UDs3shdDELSq8tGrOTjszzXz2Q P8zjVRmRe3gkLkoJuxhOYS2cxgqgNJGIcGs7SEe8eZSioE0yR1TCo9wu0lFMKTkR /+IVXliXNvbpBgaGDo2dlQNysosZfOkUbqGIc2hYbXFewtXTE9Jf3uoDvuIAQOXO /easmvfd67tmrmsvgvrgyqjh9jndkktsxgov+efmsmogskwqoeu0w2fnmus2euua cmynokp2j/4ivip927fvqe4fybfxfhsr4eovwa== -----END CERTIFICATE-----

SSL: X.509 Certificates X509 Cert Certificate: Data: Version: 3 (0x2) Serial Number: 87:4a:75:be:91:66:d8:3d Signature Algorithm: sha1withrsaencryption Issuer: C=US, ST=Oregon, L=Portland, O=wolfSSL, OU=Programming, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity Not Before: Oct 24 18:21:55 2011 GMT Not After : Jul 20 18:21:55 2014 GMT Subject: C=US, ST=Oregon, L=Portland, O=wolfSSL, OU=Programming, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaencryption Public-Key: (2048 bit) Modulus: 00:c3:03:d1:2b:fe:39:a4 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0 X509v3 Authority Key Identifier: keyid:33:d8:45:66:d7:68:87:18:7e:54:0d:70:27:91:c7:26:d7:85:65:c0 DirName:/C=US/ST=Oregon/L=Portland/O=wolfSSL/OU=Programming/CN=www.wolfssl.com/emailAddress=info@w olfssl.com serial:87:4a:75:be:91:66:d8:3d Slide 12 / 33 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha1withrsaencryption 1c:7c:42:81:29:9e:21:cf:d0:d8

SSL: Authentication Alice and Bob exchange CA-signed public keys Private X509 Cert CA Public Public X509 Cert CA Private Alice Bob Slide 13 / 33

SSL: Authentication How do you get a CA-signed cert? Buy VeriSign, DigiCert, Comodo, etc. - Costs $$$ - Trusted Create Created yourself (self-sign) - Free! - Trusted (if you control both sides) Slide 14 / 33

SSL: Encryption Uses a variety of encryption algorithms to secure data Hashing Functions Block and Stream Ciphers Public Key Options MD4, MD5, SHA DES, 3DES, AES, ARC4 RSA, DSS CIPHER SUITE Slide 15 / 33

SSL: Encryption A common CIPHER SUITE is negotiated Protocol_keyexchange_WITH_bulkencryption_mode_messageauth SSL_RSA_WITH_DES_CBC_SHA SSL_DHE_RSA_WITH_DES_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA Slide 16 / 33

SSL: Handshake Client Server 1 Client Hello Cryptographic Info (SSL version, supported ciphers, etc.) 3 Verify server cert, check crypto parameters 2 Server Hello Cipher Suite Server Certificate Server Key Exchange (public key) ( Client Certificate Request ) Server Hello Done 4 Client Key Exchange ( Certificate Verify ) ( Client Certificate ) 5 Verify client cert (if required) 6 Change Cipher Spec Client Finished 7 Change Cipher Spec Server Finished 8 Exchange Messages (Encrypted) Slide 17 / 33

Where is SSL used? Everywhere! Slide 18 / 39

SSL: Where is it used? Energy Monitoring Gaming Databases Sensors VoIP M2M communication And much more... Slide 19 / 33

What to look for? When shopping for an SSL stack. Slide 20 / 33

1: Protocols Support for current protocols? 1995 1996 1999 2006 2008 SSL 2.0 SSL 3.0 TLS 1.0 TLS 1.1 TLS 1.2 DTLS 1.0 Notes: SSL 2.0 is insecure SSL = Secure Sockets Layer TLS = Transport Layer Security DTLS = Datagram TLS 2012 DTLS 1.2 Slide 21 / 33

2: Ciphers Support for needed cipher suites? Public Key Block / Stream Hash RSA, DSS, DH, NTRU DES, 3DES, AES, ARC4, RABBIT, HC- 128 MD2, MD4, MD5, SHA- 128, SHA-256, RIPEMD Ex: TLS_RSA_WITH_AES_128_CBC_SHA Slide 22 / 33

3: Memory Usage ROM / RAM usage 1400 160 150 1200 1 200 140 1000 120 ROM (kb) 800 600 400 RAM (kb) 100 80 60 40 200 30 20 3 0 0 Slide 23 / 33

4: Simple to Use Learning curve? Myth: Encryption is too hard to use. Slide 24 / 33

5: Portability OS support out-of-the-box? Customizable? Slide 25 / 33

5: Portability In Progress!

6: Hardware Acceleration Support for hardware acceleration? You bet! Assembly code optimizations Absolutely! Slide 26 / 33

7: License Flexible license model? Does it meet your license needs? GPLv2 / Commercial MIT BSD GPL LGPL Commercial Proprietary Slide 27 / 33

8: Maturity Track record? wolfssl has only had 3 critical vulnerabilities since it s inception in 2004 all of which were immediately fixed and a RELEASE went out to our customers in under 48 hours! Code origin? Clean house implementation! Actively developed? wolfssl targets a RELEASE every 3 months. Slide 28 / 33

9: Compatibility Is interoperability testing being conducted? Jenkins Continuous Integration. Constantly adding more OE s to our slave network. What browsers is the library actively tested against? Chrome, IE, EDGE, Firefox, Safari and more. Slide 29 / 33

10: Crypto Access Direct access to crypto? Many reasons: - Direct encryption - Code Signing - Verifying hashes, etc. Slide 30 / 33

11: Support What happens if: Something goes wrong You can t get it to work on your system New vulnerability comes out You need a new cipher/feature Is there support available to help you out? Slide 31 / 33

SSL: Shopping List 1. Protocols 2. Ciphers 3. Memory Usage 4. Simple to Use 5. Portability 6. Hardware Acceleration 7. License 8. Maturity 9. Compatibility 10. Crypto Access 11. Support Slide 32 / 33

+ Thanks! www.wolfssl.com kaleb@wolfssl.com info@wolfssl.com Slide 33 / 33

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback