• Home

  • Technology

  • Chris Swan's presentation for Thingmonk 2014 - security protocols in constrained environments
18
copyright 2014 1 Security protocols in constrained environments Chris Swan, CTO @cpswan Cloud native networking

Chris Swan's presentation for Thingmonk 2014 - security protocols in constrained environments

Tags:

Embed Size (px)

Citation preview

Page 1: Chris Swan's presentation for Thingmonk 2014 - security protocols in constrained environments

copyright 2014 1

Security protocols in

constrained environments

Chris Swan, CTO

@cpswan

Cloud native networking

Page 2: Chris Swan's presentation for Thingmonk 2014 - security protocols in constrained environments

copyright 2014

TL;DR

System type Such as Will it work? The issue

Low end

embedded

Atmel 8-bit AVR

(most Arduino),

TI MSP-430

No SRAM

Mid-high end

embedded

Anything ARM

based (e.g. STM

Discovery, TI

Stellaris) inc.

Arduino Due

With some effort Library, key and

cipher suite

wrangling

Linux OS Raspberry Pi,

BeagleBone,

Arduino Yún

Yes -

Page 3: Chris Swan's presentation for Thingmonk 2014 - security protocols in constrained environments

copyright 2014

What would #FHB say?

3

Page 4: Chris Swan's presentation for Thingmonk 2014 - security protocols in constrained environments

copyright 2014

Agenda

• Anatomy of a security protocol • The key exchange dance

• Linux makes things easy

• Libraries for higher end microcontrollers

• SRAM on low end microcontrollers

• 2014 – things happened

• Summary

Page 5: Chris Swan's presentation for Thingmonk 2014 - security protocols in constrained environments

copyright 2014

Which security protocols?

The ‘S’ protocols:

Secure Sockets Layer (SSL) Superseded by Transport Layer Security (TLS)

Secure SHell (SSH)

Internet Protocol Security (IPsec)

Page 6: Chris Swan's presentation for Thingmonk 2014 - security protocols in constrained environments

copyright 2014

SSL Handshake

Page 7: Chris Swan's presentation for Thingmonk 2014 - security protocols in constrained environments

copyright 2014

Client Hello

Page 8: Chris Swan's presentation for Thingmonk 2014 - security protocols in constrained environments

copyright 2014

It’s a similar story for SSH

Page 9: Chris Swan's presentation for Thingmonk 2014 - security protocols in constrained environments

copyright 2014

and IPsec

Page 10: Chris Swan's presentation for Thingmonk 2014 - security protocols in constrained environments

copyright 2014

Linux makes this easy

If not already built in to a particular distribution then use

favourite package manager to get:

(no relation)

Page 11: Chris Swan's presentation for Thingmonk 2014 - security protocols in constrained environments

copyright 2014

Things get trickier with embedded But by no means impossible…

Page 12: Chris Swan's presentation for Thingmonk 2014 - security protocols in constrained environments

copyright 2014

Stack trades offs may be made

Page 13: Chris Swan's presentation for Thingmonk 2014 - security protocols in constrained environments

copyright 2014

But those keys won’t fit into 2K

At least not with anything resembling a useful application…

… regular Arduino struggles with MQTT and 1wire

Page 14: Chris Swan's presentation for Thingmonk 2014 - security protocols in constrained environments

copyright 2014

Things that happened…

14

Page 15: Chris Swan's presentation for Thingmonk 2014 - security protocols in constrained environments

copyright 2014

Things that are happening…

15

Page 16: Chris Swan's presentation for Thingmonk 2014 - security protocols in constrained environments

copyright 2014

Summary

System type Such as Will it work? The issue

Low end

embedded

Atmel 8-bit AVR

(most Arduino),

TI MSP-430

No SRAM

Mid-high end

embedded

Anything ARM

based (e.g. STM

Discovery, TI

Stellaris) inc.

Arduino Due

With some effort Library, key and

cipher suite

wrangling

Linux OS Raspberry Pi,

BeagleBone,

Arduino Yún

Yes -

Page 17: Chris Swan's presentation for Thingmonk 2014 - security protocols in constrained environments

copyright 2014

Further reading

PolarSSL tutorial

https://polarssl.org/kb/how-to/polarssl-tutorial

AVR32753: AVR32 UC3 How to connect to an SSL-server

http://www.atmel.com/Images/doc32111.pdf

STM32 Discovery: Porting Polar SSL

http://hobbymc.blogspot.co.uk/2011/02/stm32-discovery-porting-polar-ssl.html

Netflix tech Blog: Message Security Layer: A Modern Take on Securing

Communication

http://techblog.netflix.com/2014/10/message-security-layer-modern-take-on.html

https://polarssl.org/kb/how-to/polarssl-tutorial
https://polarssl.org/kb/how-to/polarssl-tutorial
https://polarssl.org/kb/how-to/polarssl-tutorial
https://polarssl.org/kb/how-to/polarssl-tutorial
https://polarssl.org/kb/how-to/polarssl-tutorial
http://www.atmel.com/Images/doc32111.pdf
http://hobbymc.blogspot.co.uk/2011/02/stm32-discovery-porting-polar-ssl.html
http://hobbymc.blogspot.co.uk/2011/02/stm32-discovery-porting-polar-ssl.html
http://hobbymc.blogspot.co.uk/2011/02/stm32-discovery-porting-polar-ssl.html
http://hobbymc.blogspot.co.uk/2011/02/stm32-discovery-porting-polar-ssl.html
http://hobbymc.blogspot.co.uk/2011/02/stm32-discovery-porting-polar-ssl.html
http://hobbymc.blogspot.co.uk/2011/02/stm32-discovery-porting-polar-ssl.html
http://hobbymc.blogspot.co.uk/2011/02/stm32-discovery-porting-polar-ssl.html
http://hobbymc.blogspot.co.uk/2011/02/stm32-discovery-porting-polar-ssl.html
http://hobbymc.blogspot.co.uk/2011/02/stm32-discovery-porting-polar-ssl.html
http://techblog.netflix.com/2014/10/message-security-layer-modern-take-on.html
http://techblog.netflix.com/2014/10/message-security-layer-modern-take-on.html
http://techblog.netflix.com/2014/10/message-security-layer-modern-take-on.html
http://techblog.netflix.com/2014/10/message-security-layer-modern-take-on.html
http://techblog.netflix.com/2014/10/message-security-layer-modern-take-on.html
http://techblog.netflix.com/2014/10/message-security-layer-modern-take-on.html
http://techblog.netflix.com/2014/10/message-security-layer-modern-take-on.html
http://techblog.netflix.com/2014/10/message-security-layer-modern-take-on.html
http://techblog.netflix.com/2014/10/message-security-layer-modern-take-on.html
http://techblog.netflix.com/2014/10/message-security-layer-modern-take-on.html
http://techblog.netflix.com/2014/10/message-security-layer-modern-take-on.html
Page 18: Chris Swan's presentation for Thingmonk 2014 - security protocols in constrained environments

copyright 2014 18

Chicago, US

[email protected]

+1 888 444 3962

Questions?


The swan's tale

The swan's tale

Documents
Constrained Waves

Constrained Waves

Entertainment & Humor
Why Open Source with Drive IoT Innovation - Thingmonk

Why Open Source with Drive IoT Innovation - Thingmonk

Technology
Persona Constrained Posterior Stabilized (CPS) Surgical · PDF fileINTR Constrained Posterior Stabilized (CPS) Surgical Technique Introduction The Constrained Posterior Stabilized

Persona Constrained Posterior Stabilized (CPS) Surgical · PDF fileINTR Constrained Posterior Stabilized (CPS) Surgical Technique Introduction The Constrained Posterior Stabilized

Documents
Black Swan's On Cue Newsletter - Autumn 2016

Black Swan's On Cue Newsletter - Autumn 2016

Documents
Eclipse IoT - Day 0 of thingmonk 2016

Eclipse IoT - Day 0 of thingmonk 2016

Technology
Data Gravity, IoT, and Time Series - ThingMonk 2015

Data Gravity, IoT, and Time Series - ThingMonk 2015

Internet
Optimal Design of Magnetorheological Dampers Constrained ... · PDF fileOptimal Design of Magnetorheological Dampers Constrained ... Optimal Design of Magnetorheological Dampers Constrained

Optimal Design of Magnetorheological Dampers Constrained ... · PDF fileOptimal Design of Magnetorheological Dampers Constrained ... Optimal Design of Magnetorheological Dampers Constrained

Documents
SILVER - Swan's Market Cohousing

SILVER - Swan's Market Cohousing

Documents
Constrained MSSM

Constrained MSSM

Documents
The TAO Linearly-Constrained Augmented Lagrangian Method for PDE-Constrained Optimization · 2012. 3. 2. · Our linearly-constrained augmented Lagrangian method for solving PDE-constrained

The TAO Linearly-Constrained Augmented Lagrangian Method for PDE-Constrained Optimization · 2012. 3. 2. · Our linearly-constrained augmented Lagrangian method for solving PDE-constrained

Documents
A brief intro to UX for the internet of things: Thingmonk 2013

A brief intro to UX for the internet of things: Thingmonk 2013

Design
Constrained Banks, Constrained Borrowers: Bank Liquidity

Constrained Banks, Constrained Borrowers: Bank Liquidity

Documents
Constrained Quantization

Constrained Quantization

Documents
Constrained Optimal

Constrained Optimal

Documents
Financially Constrained Long-Range Transportation Plan ... · FINANCIALLY CONSTRAINED LONG-RANGE TRANSPORTATION PLAN ... FINANCIALLY CONSTRAINED LONG-RANGE TRANSPORTATION PLAN

Financially Constrained Long-Range Transportation Plan ... · FINANCIALLY CONSTRAINED LONG-RANGE TRANSPORTATION PLAN ... FINANCIALLY CONSTRAINED LONG-RANGE TRANSPORTATION PLAN

Documents
Living life on the edge - Thingmonk 2016

Living life on the edge - Thingmonk 2016

Technology
Constrained Tundra

Constrained Tundra

Documents
Multivariate Analysis - II: Constrained Ordinationcc.oulu.fi/~jarioksa/opetus/metodi/mmmbeam2.pdf · Constrained Ordination Methods Constrained Ordination 1 Distance-based Redundancy

Multivariate Analysis - II: Constrained Ordinationcc.oulu.fi/~jarioksa/opetus/metodi/mmmbeam2.pdf · Constrained Ordination Methods Constrained Ordination 1 Distance-based Redundancy

Documents
Numerical Methods for PDE-Constrained Optimization ...lruthot/courses/PDECO/2016... · PDE-Constrained Optimization Doktorandenkolleg, Weißensee 2016 ... PDE-Constrained Optimization

Numerical Methods for PDE-Constrained Optimization ...lruthot/courses/PDECO/2016... · PDE-Constrained Optimization Doktorandenkolleg, Weißensee 2016 ... PDE-Constrained Optimization

Documents
Deadline Constrained Packet Scheduling in Wireless Networkingkeshi.ubiwna.org/2014IoTComm/readinglist/Deadline Constrained Pa… · Deadline Constrained Packet Scheduling in Wireless

Deadline Constrained Packet Scheduling in Wireless Networkingkeshi.ubiwna.org/2014IoTComm/readinglist/Deadline Constrained Pa… · Deadline Constrained Packet Scheduling in Wireless

Documents
AN EVALUATION OF THE TIME CONSTRAINED AND RESOURCE CONSTRAINED SCHEDULING … AN EVALUATION OF THE TIME CONSTRAINED AND RESOURCE CONSTRAINED SCHEDULING FEATURES OF ... Constrained

AN EVALUATION OF THE TIME CONSTRAINED AND RESOURCE CONSTRAINED SCHEDULING … AN EVALUATION OF THE TIME CONSTRAINED AND RESOURCE CONSTRAINED SCHEDULING FEATURES OF ... Constrained

Documents
Constrained optimisation

Constrained optimisation

Documents
Constrained Optimization

Constrained Optimization

Documents
Chris Swan's CloudExpo Europe presentation "Waves of adoption for Network Function Virtualisation"

Chris Swan's CloudExpo Europe presentation "Waves of adoption for Network Function Virtualisation"

Technology
Chris Swan's ONUG NYC talk - Container Networks

Chris Swan's ONUG NYC talk - Container Networks

Technology
Chris Swan's VPC presentation from the Brighton AWS user group

Chris Swan's VPC presentation from the Brighton AWS user group

Technology
Constrained Graph Variational Autoencoders for Molecule Designpapers.nips.cc/paper/8005-constrained-graph-variational... · 2019-02-19 · Constrained Graph Variational Autoencoders

Constrained Graph Variational Autoencoders for Molecule Designpapers.nips.cc/paper/8005-constrained-graph-variational... · 2019-02-19 · Constrained Graph Variational Autoencoders

Documents
Constrained Clustering Algorithms: Practical Issues …edu/pubs/meares-phd.pdf · Constrained Clustering Algorithms: Practical Issues and Applications ... Constrained Clustering Algorithms:

Constrained Clustering Algorithms: Practical Issues …edu/pubs/meares-phd.pdf · Constrained Clustering Algorithms: Practical Issues and Applications ... Constrained Clustering Algorithms:

Documents
Chris Swan's CloudExpo Europe presentation "Keeping control when moving applications to the cloud"

Chris Swan's CloudExpo Europe presentation "Keeping control when moving applications to the cloud"

Technology