Open Source Internet Security
Company / Product Overview October, 2016
http://www.wolfssl.com (425) 245-8247 ABOUT US
Founded: 2004
Location: Bozeman, MT Seattle, WA Portland, OR
Our Focus: Open Source Embedded Security (for Applications, Devices, IoT, and the Cloud)
Products: - wolfSSL - wolfSSL FIPS - wolfCrypt - wolfSSH - wolfMQTT - wolfSCEP - wolfSSL Inspection - yaSSL
© Copyright 2016 wolfSSL A GROWING COMPANY!
wolfSSL is Growing! 300 OEM Customers
15 Resale Partners
2011 3 employees
2012 9 employees
2013 11 employees
2014 15 employees
2015 19 employees
© Copyright 2016 wolfSSL BROAD PARTNER PROGRAM
Industry Partnerships
© Copyright 2016 wolfSSL SECURING CONNECTIONS
Smart Home Battlefield Communication Smart Grid VoIP M2M Cloud Services Factory Automation Automotive / Smart Cars
Currently Securing Smart Energy Internet of Things 2 Billion Connections! Sensors Appliances IoT
Connected Home Games Databases
Applications Web Servers Mobile Phones Routers © Copyright 2016 wolfSSL WOLFSSL PRODUCTS
wolfSSL wolfCrypt wolfMQTT wolfSSH Lightweight SSL/TLS Crypto Engine Lightweight MQTT Client Lightweight SSH Server
wolfCrypt wolfCrypt FIPS
SSL Sniffer
wolfSSL JNI wolfSSL C# wolfSSL Java Wrapper wolfSSL C# Wrapper
Secure SSL Proxy wolfSCEP Secure Update On top of Squid Proxy memcached
© Copyright 2016 wolfSSL WOLFSSL PRODUCTS
wolfSSL wolfCrypt wolfMQTT wolfSSH Lightweight SSL/TLS Crypto Engine Lightweight MQTT Client Lightweight SSH Server Dual Licensed! wolfCrypt wolfCrypt FIPS
SSL Sniffer
Commercial Open Source wolfSSL JNI wolfSSLLicense C# GPLv2 License wolfSSL Java Wrapper wolfSSL C# Wrapper
Secure SSL Proxy wolfSCEP Secure Update On top of Squid Proxy memcached
© Copyright 2016 wolfSSL WOLFSSL Lightweight SSL / TLS Library
LIGHTWEIGHT. PORTABLE. C-BASED.
ü Up to TLS 1.2 and DTLS 1.2 wolfSSL Lightweight SSL/TLS ü 20-100 kB footprint
ü 1-36 kB RAM per session wolfCrypt ü Up to 20X Smaller than OpenSSL SSL Sniffer ü Long list of supported operating systems ü TLS 1.3 – Targeting Late 2016 (1st to Market)
Windows, Linux, Mac OS X, Haiku, OpenWRT, iPhone (iOS), TRON/ITRON/uITRON, Micrium uC/OS, Solaris, ThreadX, VxWorks, Android, Nintendo Wii and FreeRTOS, SafeRTOS, Freescale MQX, … FreeBSD, NetBSD, OpenBSD, Gamecube through DevKitPro, Nucleus, TinyOS, HP/UX, ARC MQX embedded Linux, WinCE QNX, MontaVista, NonStop
© Copyright 2016 wolfSSL WOLFSSL Lightweight SSL / TLS Library
ADDITIONAL FEATURES:
ü OpenSSL Compatibility Layer
ü Web Server Integration
ü Hardware Cryptography Support (STM32, Freescale Kinetis CAU/mmCAU, Coldfire, Microchip PIC32MZ, Cavium NITROX, Intel AES-NI/AVX1/AVX2/RDRAND/ RDSEED)
ü NSA Suite-B Compatible
ü FIPS 140-2 Level 1 Validated
© Copyright 2016 wolfSSL WOLFCRYPT Cryptography Library
PORTABLE MODULAR CRYPTOGRAPHY
ü Previously called “CTaoCrypt” wolfCrypt Crypto Engine ü Working on splitting into separate product ü Progressive list of supported ciphers wolfCrypt FIPS ü Modular design, assembly optimizations
AES (CBC, CTR, CCM, GCM), MD2, MD4, MD5, SHA-1, RSA, ECC, DSS, DH, EDH, NTRU DES, 3DES, Camellia, SHA-256, SHA-384, SHA-512, HMAC, PBKDF2, PKCS#5 … ARC4, RABBIT, HC-128, ChaCha20 BLAKE2b, RIPEMD-160, Poly1305 ECDH-ECDSA, ECDHE-ECDSA, ECDH-RSA, ECDHE-RSA, Curve25519, Ed25519
© Copyright 2016 wolfSSL WOLFCRYPT Cryptography Library
Algorithms
MD2, MD4, MD5, SHA-1, SHA-2, SHA-3, Hash Func ons RIPEMD DES, 3DES, AES, Camellia Block Ciphers ARC4, RABBIT, HC-128, ChaCha20 Stream Ciphers AES-GCM, AES-CCM, Poly1305 Authen cated Ciphers RSA, ECC, DSS, DH, EDH Public Key Op ons HMAC, PBKDF2 Password-based Key Deriva on
© Copyright 2016 wolfSSL WOLFSSL JNI wolfSSL JNI Wrapper
BRINGING WOLFSSL TO JAVA USERS
Java App ü JNI wrapper around wolfSSL
ü Full support for DTLS 1.2 wolfSSL JNI wolfSSL Java Wrapper Current Java (including Android) does not have support for DTLS 1.2
Native wolfSSL ü Users no longer need to write their own!
ü Same licensing model – GPLv2 or commercial
© Copyright 2016 wolfSSL WOLFMQTT MQTT Client with TLS support
LIGHTWEIGHT OPEN MESSAGING PROTOCOL
ü Based on MQTT v3.1.1 specification
ü Small size: 3.6kB wolfMQTT Lightweight MQTT Client
ü QoS Levels 0-2, support for TCP or TLS
ü Examples and support available
ü Used in upcoming wolfSSL Secure Firmware Update package
© Copyright 2016 wolfSSL WOLFSCEP Simple Cer ficate Enrollment Protocol
PORTABLE SCEP IMPLEMENTATION
ü Issuing and revocation of certificates wolfSCEP
ü Protocol originally developed by CISCO
ü Lightweight, portable SCEP implementation
ü Uses wolfCrypt for crypto operations
© Copyright 2016 wolfSSL WOLFSSH Lightweight SSH Server
PORTABLE SSH SERVER
ü SSH == “Secure Shell” wolfSSH Lightweight SSH Server ü Often used for remote access, file transfer
ü Uses wolfCrypt primitives under the hood
ü Currently in development – Release Planned for 2016!
© Copyright 2016 wolfSSL HARDWARE CRYPTOGRAPHY
STM32F217 (ARM Cortex-M3, 120 MHz ) 25
20
15
So ware Crypto
MB/sec Hardware Crypto 10
5
0 AES DES 3DES MD5 SHA
© Copyright 2016 wolfSSL HARDWARE CRYPTOGRAPHY
Kine s K60 mmCAU vs. wolfCrypt So ware 6
5
4
3 So ware
MB / sec. Hardware
2
1
0 AES DES DES3 MD5 SHA SHA-256
© Copyright 2016 wolfSSL HARDWARE CRYPTOGRAPHY
Intel Crypto Support
• AES-NI – Hardware-accelerated AES available in some Intel chips – Typically 3-5 mes faster than so ware AES
• AVX1/2 – Accelerates SHA hash func ons
• RDRAND/RDSEED – Random number genera on in hardware
© Copyright 2016 wolfSSL SECURE YOUR DEVICE wolfSSL Kickstart Time: 1 Week
– Cryptography valida on – Hardware crypto support – Unburden your engineers from the details of cryptography – Get your cryptography done right!
• Possible uses – Get wolfSSL brought up on a board!
© Copyright 2016 wolfSSL DOWNLOAD WOLFSSL TODAY! wolfssl.com github.com
© Copyright 2016 wolfSSL LEARN MORE wolfssl.com
Open Source Internet Security
Email: [email protected] Phone: (425) 245-8247
© Copyright 2016 wolfSSL SSL INSPECTION (SSL SNIFFER)
Features
• Collect and decrypt SSL / TLS traffic Decrypt and Inspect
Client Server SSL / TLS • Possible uses:
- Analyzing Network Problems - Detec ng network misuse by internal and external users - Monitoring network usage and data in mo on - Debugging client/server communica ons
© Copyright 2016 wolfSSL SECURE MEMCACHE
Features
• Enable encryp on between memcache servers and clients • Memcache + SSL = 4X faster than direct to database
Ask about our BETA version, available now!
© Copyright 2016 wolfSSL SECURE MEMCACHE
Benchmarks:
Queries per Second New TLS Connec ons per Second
30000 1500
20000
1000
10000
500 DB cache AES RC4 HC-128 OpenSSL RSA CyaSSL RSA CyaSSL NTRU
© Copyright 2016 wolfSSL