SlideShare une entreprise Scribd logo

Security protocols in constrained environments

Télécharger en tant que PPTX, PDF
Chris Swan
Chris Swan

From Open Source Hardware Users Group (OSHUG #31)

Technologie
1  sur  15
Security protocols in constrained environments Chris Swan @cpswan
TL;DR System type Such as Will it work? The issue Low end embedded Atmel 8-bit AVR (most Arduino), TI MSP-430 No SRAM Mid-high end embedded Anything ARM based (e.g. STM Discovery, TI Stellaris) inc. Arduino Due With some effort Library, key and cipher suite wrangling Linux OS Raspberry Pi, BeagleBone, Arduino Yún Yes -
Agenda • Anatomy of a security protocol – The key exchange dance • • • • Linux makes things easy Libraries for higher end microcontrollers SRAM on low end microcontrollers Summary
Which security protocols? The ‘S’ protocols: Secure Sockets Layer (SSL) Superseded by Transport Layer Security (TLS) Secure SHell (SSH) Internet Protocol Security (IPsec)
SSL Handshake
Client Hello
It’s a similar story for SSH
and IPsec
Linux makes this easy If not already built in to a particular distribution then use favourite package manager to get: (no relation)
Things get trickier with embedded But by no means impossible…
Stack trades offs may be made
But those keys won’t fit into 2K At least not with anything resembling a useful application… … Arduino struggles with MQTT and 1wire
Summary System type Such as Will it work? The issue Low end embedded Atmel 8-bit AVR (most Arduino), TI MSP-430 No SRAM Mid-high end embedded Anything ARM based (e.g. STM Discovery, TI Stellaris) inc. Arduino Due With some effort Library, key and cipher suite wrangling Linux OS Raspberry Pi, BeagleBone, Arduino Yún Yes -
Questions?
Further reading PolarSSL tutorial https://polarssl.org/kb/how-to/polarssl-tutorial AVR32753: AVR32 UC3 How to connect to an SSL-server http://www.atmel.com/Images/doc32111.pdf STM32 Discovery: Porting Polar SSL http://hobbymc.blogspot.co.uk/2011/02/stm32discovery-porting-polar-ssl.html

Recommandé

FVCP 20191113
FVCP 20191113FVCP 20191113
FVCP 20191113
Lorin Olsen
 
Hack wifi password using kali linux
Hack wifi password using kali linuxHack wifi password using kali linux
Hack wifi password using kali linux
Helder Oliveira
 
IPsec vpn
IPsec vpnIPsec vpn
IPsec vpn
sharetech
 
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
ir. Carmelo Zaccone
 
ITNetworkSecurity_GabrielBorlean
ITNetworkSecurity_GabrielBorleanITNetworkSecurity_GabrielBorlean
ITNetworkSecurity_GabrielBorlean
Gabriel Borlean (CCNP, CCDP)
 
Acid
AcidAcid
Acid
Michael Boman
 
Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell ppt
sravya raju
 
SSH
SSHSSH
SSH
Zach Dennis
 

Recommandé

FVCP 20191113
FVCP 20191113FVCP 20191113
FVCP 20191113
Lorin Olsen
 
Hack wifi password using kali linux
Hack wifi password using kali linuxHack wifi password using kali linux
Hack wifi password using kali linux
Helder Oliveira
 
IPsec vpn
IPsec vpnIPsec vpn
IPsec vpn
sharetech
 
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
Future Internet Week - IPv6 the way forward: IPv6 and security from a user’s ...
ir. Carmelo Zaccone
 
ITNetworkSecurity_GabrielBorlean
ITNetworkSecurity_GabrielBorleanITNetworkSecurity_GabrielBorlean
ITNetworkSecurity_GabrielBorlean
Gabriel Borlean (CCNP, CCDP)
 
Acid
AcidAcid
Acid
Michael Boman
 
Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell ppt
sravya raju
 
SSH
SSHSSH
SSH
Zach Dennis
 
Chris Swan's presentation for Thingmonk 2014 - security protocols in constra...
Chris Swan's presentation for Thingmonk 2014 - security protocols in constra...Chris Swan's presentation for Thingmonk 2014 - security protocols in constra...
Chris Swan's presentation for Thingmonk 2014 - security protocols in constra...
Cohesive Networks
 
BCS_PKI_part1.ppt
BCS_PKI_part1.pptBCS_PKI_part1.ppt
BCS_PKI_part1.ppt
UskuMusku1
 
Cours4.pptx
Cours4.pptxCours4.pptx
Cours4.pptx
Bellaj Badr
 
Light Weight Cryptography for IOT.pptx
Light Weight Cryptography for IOT.pptxLight Weight Cryptography for IOT.pptx
Light Weight Cryptography for IOT.pptx
DineshBoobalan
 
DEFCON 23 - Gregory Pickett - staying persistant in software defined networks
DEFCON 23 - Gregory Pickett - staying persistant in software defined networksDEFCON 23 - Gregory Pickett - staying persistant in software defined networks
DEFCON 23 - Gregory Pickett - staying persistant in software defined networks
Felipe Prado
 
The Security layer
The Security layerThe Security layer
The Security layer
Swetha S
 
Access over Ethernet: Insecurites in AoE
Access over Ethernet: Insecurites in AoEAccess over Ethernet: Insecurites in AoE
Access over Ethernet: Insecurites in AoE
amiable_indian
 
BruCON 2010 Lightning Talks - DIY Grid Computing
BruCON 2010 Lightning Talks - DIY Grid ComputingBruCON 2010 Lightning Talks - DIY Grid Computing
BruCON 2010 Lightning Talks - DIY Grid Computing
tomaszmiklas
 
Pki by Steve Lamb
Pki by Steve LambPki by Steve Lamb
Pki by Steve Lamb
Information Security Awareness Group
 
DevDay: Cryptographic Agility, Kostas Chalkias
DevDay: Cryptographic Agility, Kostas ChalkiasDevDay: Cryptographic Agility, Kostas Chalkias
DevDay: Cryptographic Agility, Kostas Chalkias
R3
 
How Secure is TCP/IP - A review of Network Protocol
How Secure is TCP/IP - A review of Network ProtocolHow Secure is TCP/IP - A review of Network Protocol
How Secure is TCP/IP - A review of Network Protocol
ssuserc49ec4
 
Difference between ECC and RSA PublicKey
Difference between ECC and RSA PublicKeyDifference between ECC and RSA PublicKey
Difference between ECC and RSA PublicKey
triptigoyaal
 
SREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
SREcon Europe 2016 - Full-mesh IPsec network at Hosted GraphiteSREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
SREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
HostedGraphite
 
"Containers do not contain"
"Containers do not contain""Containers do not contain"
"Containers do not contain"
Maciej Lasyk
 
Bloombase Spitfire StoreSafe Security Server Specifications
Bloombase Spitfire StoreSafe Security Server SpecificationsBloombase Spitfire StoreSafe Security Server Specifications
Bloombase Spitfire StoreSafe Security Server Specifications
Bloombase
 
Moein
MoeinMoein
Moein
itrraincity
 
Encryption Primer por Cathy Nolan
Encryption Primer por Cathy NolanEncryption Primer por Cathy Nolan
Encryption Primer por Cathy Nolan
Joao Galdino Mello de Souza
 
amer-network-sihubconferances-security.ppt
amer-network-sihubconferances-security.pptamer-network-sihubconferances-security.ppt
amer-network-sihubconferances-security.ppt
navidkamrava
 
Encryption And Decryption Using AES Algorithm
Encryption And Decryption Using AES AlgorithmEncryption And Decryption Using AES Algorithm
Encryption And Decryption Using AES Algorithm
Ahmed Raza Shaikh
 
re:Cap RVA - A Recap of AWS re:Invent 2019
re:Cap RVA - A Recap of AWS re:Invent 2019re:Cap RVA - A Recap of AWS re:Invent 2019
re:Cap RVA - A Recap of AWS re:Invent 2019
Ford Prior
 
LNETM - Atsign - Privacy with Personal Data Services
LNETM - Atsign - Privacy with Personal Data ServicesLNETM - Atsign - Privacy with Personal Data Services
LNETM - Atsign - Privacy with Personal Data Services
Chris Swan
 
SOOCon24 - Showing that you care about security - OpenSSF Scorecards
SOOCon24 - Showing that you care about security - OpenSSF ScorecardsSOOCon24 - Showing that you care about security - OpenSSF Scorecards
SOOCon24 - Showing that you care about security - OpenSSF Scorecards
Chris Swan
 

Contenu connexe

Similaire à Security protocols in constrained environments

How Secure is TCP/IP - A review of Network Protocol
How Secure is TCP/IP - A review of Network ProtocolHow Secure is TCP/IP - A review of Network Protocol
How Secure is TCP/IP - A review of Network Protocol
ssuserc49ec4
 
Bloombase Spitfire StoreSafe Security Server Specifications
Bloombase Spitfire StoreSafe Security Server SpecificationsBloombase Spitfire StoreSafe Security Server Specifications
Bloombase Spitfire StoreSafe Security Server Specifications
Bloombase
 

Similaire à Security protocols in constrained environments (20)

Chris Swan's presentation for Thingmonk 2014 - security protocols in constra...
Chris Swan's presentation for Thingmonk 2014 - security protocols in constra...Chris Swan's presentation for Thingmonk 2014 - security protocols in constra...
Chris Swan's presentation for Thingmonk 2014 - security protocols in constra...
 
BCS_PKI_part1.ppt
BCS_PKI_part1.pptBCS_PKI_part1.ppt
BCS_PKI_part1.ppt
 
Cours4.pptx
Cours4.pptxCours4.pptx
Cours4.pptx
 
Light Weight Cryptography for IOT.pptx
Light Weight Cryptography for IOT.pptxLight Weight Cryptography for IOT.pptx
Light Weight Cryptography for IOT.pptx
 
DEFCON 23 - Gregory Pickett - staying persistant in software defined networks
DEFCON 23 - Gregory Pickett - staying persistant in software defined networksDEFCON 23 - Gregory Pickett - staying persistant in software defined networks
DEFCON 23 - Gregory Pickett - staying persistant in software defined networks
 
The Security layer
The Security layerThe Security layer
The Security layer
 
Access over Ethernet: Insecurites in AoE
Access over Ethernet: Insecurites in AoEAccess over Ethernet: Insecurites in AoE
Access over Ethernet: Insecurites in AoE
 
BruCON 2010 Lightning Talks - DIY Grid Computing
BruCON 2010 Lightning Talks - DIY Grid ComputingBruCON 2010 Lightning Talks - DIY Grid Computing
BruCON 2010 Lightning Talks - DIY Grid Computing
 
Pki by Steve Lamb
Pki by Steve LambPki by Steve Lamb
Pki by Steve Lamb
 
DevDay: Cryptographic Agility, Kostas Chalkias
DevDay: Cryptographic Agility, Kostas ChalkiasDevDay: Cryptographic Agility, Kostas Chalkias
DevDay: Cryptographic Agility, Kostas Chalkias
 
How Secure is TCP/IP - A review of Network Protocol
How Secure is TCP/IP - A review of Network ProtocolHow Secure is TCP/IP - A review of Network Protocol
How Secure is TCP/IP - A review of Network Protocol
 
Difference between ECC and RSA PublicKey
Difference between ECC and RSA PublicKeyDifference between ECC and RSA PublicKey
Difference between ECC and RSA PublicKey
 
SREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
SREcon Europe 2016 - Full-mesh IPsec network at Hosted GraphiteSREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
SREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
 
"Containers do not contain"
"Containers do not contain""Containers do not contain"
"Containers do not contain"
 
Bloombase Spitfire StoreSafe Security Server Specifications
Bloombase Spitfire StoreSafe Security Server SpecificationsBloombase Spitfire StoreSafe Security Server Specifications
Bloombase Spitfire StoreSafe Security Server Specifications
 
Moein
MoeinMoein
Moein
 
Encryption Primer por Cathy Nolan
Encryption Primer por Cathy NolanEncryption Primer por Cathy Nolan
Encryption Primer por Cathy Nolan
 
amer-network-sihubconferances-security.ppt
amer-network-sihubconferances-security.pptamer-network-sihubconferances-security.ppt
amer-network-sihubconferances-security.ppt
 
Encryption And Decryption Using AES Algorithm
Encryption And Decryption Using AES AlgorithmEncryption And Decryption Using AES Algorithm
Encryption And Decryption Using AES Algorithm
 
re:Cap RVA - A Recap of AWS re:Invent 2019
re:Cap RVA - A Recap of AWS re:Invent 2019re:Cap RVA - A Recap of AWS re:Invent 2019
re:Cap RVA - A Recap of AWS re:Invent 2019
 

Plus de Chris Swan

SOOCon24 - Showing that you care about security - OpenSSF Scorecards
SOOCon24 - Showing that you care about security - OpenSSF ScorecardsSOOCon24 - Showing that you care about security - OpenSSF Scorecards
SOOCon24 - Showing that you care about security - OpenSSF Scorecards
Chris Swan
 
All Day DevOps 2023 - Implementing OSSF Scorecards Across an Organisation.pdf
All Day DevOps 2023 - Implementing OSSF Scorecards Across an Organisation.pdfAll Day DevOps 2023 - Implementing OSSF Scorecards Across an Organisation.pdf
All Day DevOps 2023 - Implementing OSSF Scorecards Across an Organisation.pdf
Chris Swan
 
QConNY 2023 - Implementing OSSF Scorecards Across an Organisation
QConNY 2023 - Implementing OSSF Scorecards Across an OrganisationQConNY 2023 - Implementing OSSF Scorecards Across an Organisation
QConNY 2023 - Implementing OSSF Scorecards Across an Organisation
Chris Swan
 
EMFcamp2022 - What if apps logged into you, instead of you logging into apps?
EMFcamp2022 - What if apps logged into you, instead of you logging into apps?EMFcamp2022 - What if apps logged into you, instead of you logging into apps?
EMFcamp2022 - What if apps logged into you, instead of you logging into apps?
Chris Swan
 
Devoxx UK 2022 - Application security: What should the attack landscape look ...
Devoxx UK 2022 - Application security: What should the attack landscape look ...Devoxx UK 2022 - Application security: What should the attack landscape look ...
Devoxx UK 2022 - Application security: What should the attack landscape look ...
Chris Swan
 

Plus de Chris Swan (20)

LNETM - Atsign - Privacy with Personal Data Services
LNETM - Atsign - Privacy with Personal Data ServicesLNETM - Atsign - Privacy with Personal Data Services
LNETM - Atsign - Privacy with Personal Data Services
 
SOOCon24 - Showing that you care about security - OpenSSF Scorecards
SOOCon24 - Showing that you care about security - OpenSSF ScorecardsSOOCon24 - Showing that you care about security - OpenSSF Scorecards
SOOCon24 - Showing that you care about security - OpenSSF Scorecards
 
All Day DevOps 2023 - Implementing OSSF Scorecards Across an Organisation.pdf
All Day DevOps 2023 - Implementing OSSF Scorecards Across an Organisation.pdfAll Day DevOps 2023 - Implementing OSSF Scorecards Across an Organisation.pdf
All Day DevOps 2023 - Implementing OSSF Scorecards Across an Organisation.pdf
 
Fluttercon Berlin 23 - Dart & Flutter on RISC-V
Fluttercon Berlin 23 - Dart & Flutter on RISC-VFluttercon Berlin 23 - Dart & Flutter on RISC-V
Fluttercon Berlin 23 - Dart & Flutter on RISC-V
 
QConNY 2023 - Implementing OSSF Scorecards Across an Organisation
QConNY 2023 - Implementing OSSF Scorecards Across an OrganisationQConNY 2023 - Implementing OSSF Scorecards Across an Organisation
QConNY 2023 - Implementing OSSF Scorecards Across an Organisation
 
Flutter SV Meetup Oct 2022 - End to end encrypted IoT with Dart and Flutter
Flutter SV Meetup Oct 2022 - End to end encrypted IoT with Dart and FlutterFlutter SV Meetup Oct 2022 - End to end encrypted IoT with Dart and Flutter
Flutter SV Meetup Oct 2022 - End to end encrypted IoT with Dart and Flutter
 
QConSF 2022 - Backends in Dart
QConSF 2022 - Backends in DartQConSF 2022 - Backends in Dart
QConSF 2022 - Backends in Dart
 
London IoT Meetup Sep 2022 - End to end encrypted IoT
London IoT Meetup Sep 2022 - End to end encrypted IoTLondon IoT Meetup Sep 2022 - End to end encrypted IoT
London IoT Meetup Sep 2022 - End to end encrypted IoT
 
Flutter Vikings 2022 - End to end IoT with Dart and Flutter
Flutter Vikings 2022 - End to end IoT with Dart and FlutterFlutter Vikings 2022 - End to end IoT with Dart and Flutter
Flutter Vikings 2022 - End to end IoT with Dart and Flutter
 
EMFcamp2022 - What if apps logged into you, instead of you logging into apps?
EMFcamp2022 - What if apps logged into you, instead of you logging into apps?EMFcamp2022 - What if apps logged into you, instead of you logging into apps?
EMFcamp2022 - What if apps logged into you, instead of you logging into apps?
 
Devoxx UK 2022 - Application security: What should the attack landscape look ...
Devoxx UK 2022 - Application security: What should the attack landscape look ...Devoxx UK 2022 - Application security: What should the attack landscape look ...
Devoxx UK 2022 - Application security: What should the attack landscape look ...
 
Flutter Festival London 2022 - End to end IoT with Dart and Flutter
Flutter Festival London 2022 - End to end IoT with Dart and FlutterFlutter Festival London 2022 - End to end IoT with Dart and Flutter
Flutter Festival London 2022 - End to end IoT with Dart and Flutter
 
Full Stack Squared 2022 - Power of Open Source
Full Stack Squared 2022 - Power of Open SourceFull Stack Squared 2022 - Power of Open Source
Full Stack Squared 2022 - Power of Open Source
 
Flutter Vikings 2022 - Full Stack Dart
Flutter Vikings 2022 - Full Stack DartFlutter Vikings 2022 - Full Stack Dart
Flutter Vikings 2022 - Full Stack Dart
 
Droidcon London 2021 - Full Stack Dart
Droidcon London 2021 - Full Stack DartDroidcon London 2021 - Full Stack Dart
Droidcon London 2021 - Full Stack Dart
 
Keeping a project going
Keeping a project goingKeeping a project going
Keeping a project going
 
Dart on Arm - Flutter Bangalore June 2021
Dart on Arm - Flutter Bangalore June 2021Dart on Arm - Flutter Bangalore June 2021
Dart on Arm - Flutter Bangalore June 2021
 
TMS9995 on RC2014
TMS9995 on RC2014TMS9995 on RC2014
TMS9995 on RC2014
 
CloudCamp London Nov 2019 Intro
CloudCamp London Nov 2019 IntroCloudCamp London Nov 2019 Intro
CloudCamp London Nov 2019 Intro
 
DevSecOps Days London - Teaching 'Shift Left on Security'
DevSecOps Days London - Teaching 'Shift Left on Security'DevSecOps Days London - Teaching 'Shift Left on Security'
DevSecOps Days London - Teaching 'Shift Left on Security'
 

Dernier

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
 

Dernier (20)

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 

Security protocols in constrained environments

  • 1. Security protocols in constrained environments Chris Swan @cpswan
  • 2. TL;DR System type Such as Will it work? The issue Low end embedded Atmel 8-bit AVR (most Arduino), TI MSP-430 No SRAM Mid-high end embedded Anything ARM based (e.g. STM Discovery, TI Stellaris) inc. Arduino Due With some effort Library, key and cipher suite wrangling Linux OS Raspberry Pi, BeagleBone, Arduino Yún Yes -
  • 3. Agenda • Anatomy of a security protocol – The key exchange dance • • • • Linux makes things easy Libraries for higher end microcontrollers SRAM on low end microcontrollers Summary
  • 4. Which security protocols? The ‘S’ protocols: Secure Sockets Layer (SSL) Superseded by Transport Layer Security (TLS) Secure SHell (SSH) Internet Protocol Security (IPsec)
  • 7. It’s a similar story for SSH
  • 9. Linux makes this easy If not already built in to a particular distribution then use favourite package manager to get: (no relation)
  • 10. Things get trickier with embedded But by no means impossible…
  • 11. Stack trades offs may be made
  • 12. But those keys won’t fit into 2K At least not with anything resembling a useful application… … Arduino struggles with MQTT and 1wire
  • 13. Summary System type Such as Will it work? The issue Low end embedded Atmel 8-bit AVR (most Arduino), TI MSP-430 No SRAM Mid-high end embedded Anything ARM based (e.g. STM Discovery, TI Stellaris) inc. Arduino Due With some effort Library, key and cipher suite wrangling Linux OS Raspberry Pi, BeagleBone, Arduino Yún Yes -
  • 15. Further reading PolarSSL tutorial https://polarssl.org/kb/how-to/polarssl-tutorial AVR32753: AVR32 UC3 How to connect to an SSL-server http://www.atmel.com/Images/doc32111.pdf STM32 Discovery: Porting Polar SSL http://hobbymc.blogspot.co.uk/2011/02/stm32discovery-porting-polar-ssl.html