Session ID: FTF-INS-F1145 June, 2015 HANDS-ON WORKSHOP Create Secure Network-Connected Embedded Systems with CyaSSL and Kinetis SDK 1 Copyright 2015 wolfSSL Inc. SESSION INTRODUCTION • Abstract • Secure your data communications with TLS/SSL for embedded systems, now available in an easy-to-use package for Kinetis SDK and MQX™ RTOS. Learn how to enable secure web server connections to browsers and mobile devices as well as web client connections to the cloud. • Presenters • Chris Conlon | wolfSSL Inc. | Software Engineer • Timing • 1 Hour : Presentation (Protocol, technology overview) • 1 Hour : Hands-on Lab with FRDM-K64F 2 #FTF2015 Copyright 2015 wolfSSL Inc. SESSION OBJECTIVES • Gain overview knowledge of SSL / TLS protocols • Learn about TLS and cryptography performance • Gain insight into best practices for using TLS on devices • Learn how to enable secure web server communication, using demos included in the CyaSSL patch for the Kinetis SDK • Learn the advantages to using wolfSSL and CyaSSL on Freescale platforms • Get hands on experience, directly from experts at wolfSSL 3 #FTF2015 Copyright 2015 wolfSSL Inc. AGENDA 1. Introduction and History of wolfSSL 2. Overview of SSL / TLS, and Cryptography 3. X.509 and Certificates 4. Overview of wolfSSL Embedded SSL / TLS 5. Using CyaSSL with Freescale KDS IDE and Kinetis MCUs 6. Using Wireshark to Inspect a TLS Connection 7. Hands On Lab: HTTPS Server Example with CyaSSL, KDS, and FRDM-K64F 8. Additional Tips and Tricks about CyaSSL (Time Permitting) 4 #FTF2015 Copyright 2015 wolfSSL Inc. ABOUT WOLFSSL Founded: 2004 Products: - wolfSSL - wolfSSL FIPS Location: Bozeman, MT - wolfCrypt Seattle, WA - wolfSSH - wolfSCEP Portland, OR - wolfSSL Inspection - yaSSL Our Focus: Open Source Embedded Security (for Applications, Devices, IoT, and the Cloud) 200 OEM Customers 2011 3 employees 2012 9 employees 10 Resale Partners 2013 11 employees 2014 15 employees Currently Securing 2015 17 employees 1 Billion Connections! 5 #FTF2015 Copyright 2015 wolfSSL Inc. WOLFSSL LIGHTWEIGHT SSL/TLS • Advantages to wolfSSL: • Written from the Ground Up. wolfSSL owns the Copyright • Built for Portability, Modularity, and Performance • Strong, collaborative partnership with Freescale • Commitment to new ciphers, features, and addressing ongoing security threats • Current SSL/TLS/DTLS protocol support up to TLS 1.2 and DTLS 1.2 • Community, User, and Professional vetted since 2006 6 #FTF2015 Copyright 2015 wolfSSL Inc. WOLFSSL LIGHTWEIGHT SSL/TLS • Advantages to wolfSSL: • Dedicated support via [email protected] and direct phone support • Free Presales Support! 7 #FTF2015 Copyright 2015 wolfSSL Inc. OVERVIEW OF SSL / TLS GOALS, HISTORY 16 #FTF2015 Copyright 2015 wolfSSL Inc. SSL / TLS : HISTORY AND PROTOCOLS • SSL / TLS / DTLS versions 1995 SSL 2.0 1996 SSL 3.0 Notes: • SSL 2.0 is insecure 1999 TLS 1.0 • SSL = “Secure Sockets Layer” 2006 TLS 1.1 DTLS 1.0 • TLS = “Transport Layer Security” 2008 TLS 1.2 • DTLS = “Datagram TLS” 2012 DTLS 1.2 17 #FTF2015 Copyright 2015 wolfSSL Inc. SSL / TLS : GOALS • Enables secure client/server communication Privacy + Prevent eavesdropping Authentication + Prevent impersonation Integrity + Prevent modification 18 #FTF2015 Copyright 2015 wolfSSL Inc. TLS : SIMPLIFIED ANALOGY Goals: A. Talk to the desired person B. Talk privately (securely) ? ? Alice Bob 19 #FTF2015 Copyright 2015 wolfSSL Inc. TLS : SIMPLIFIED ANALOGY Goals: A. Talk to the desired person B. Talk privately (securely) Drivers Drivers License License Alice Bob 20 #FTF2015 Copyright 2015 wolfSSL Inc. TLS : SIMPLIFIED ANALOGY Goals: A. Talk to the desired person B. Talk privately (securely) Drivers Drivers License License Alice Bob 21 #FTF2015 Copyright 2015 wolfSSL Inc. TLS : SIMPLIFIED ANALOGY Goals: A. Talk to the desired person B. Talk privately (securely) Drivers Drivers License License Alice Bob 22 #FTF2015 Copyright 2015 wolfSSL Inc. TLS : SIMPLIFIED ANALOGY Goals: • Talk to the desired peer • X.509 Certificates (RSA, ECC) • Talk privately (securely) • Encryption, Integrity checks 23 #FTF2015 Copyright 2015 wolfSSL Inc. MITM ATTACKS • Man in the Middle Attacks • One of the most prominent attacks TLS tries to prevent Device Server Attacker 24 #FTF2015 Copyright 2015 wolfSSL Inc. SSL / TLS TECHNICAL OVERVIEW, RFC’S, HANDSHAKE 25 #FTF2015 Copyright 2015 wolfSSL Inc. TLS : PROTOCOL SPECS Protocol Specifications • RFC 6101: SSL 3.0 • RFC 2246: TLS 1.0 • RFC 4346: TLS 1.1 • RFC 5246: TLS 1.2 • “Draft”: TLS 1.3 26 #FTF2015 Copyright 2015 wolfSSL Inc. TLS : PROTOCOLS AND LOCATION Protocols Secured by SSL/TLS SSL SSL Change SSL Alert LDAP, Handshake Cipher Spec HTTP Protocol etc. SMTP, Protocol Protocol HTTP etc. SSL Record Layer Application Layer TCP Transport Layer IP Internet Layer Network Access Network Layer 27 #FTF2015 Copyright 2015 wolfSSL Inc. TLS : SUB PROTOCOLS 1 Handshake Protocol • Responsible for negotiating a session, includes: 2 • Session identifier • Peer certificate • Compression method 3 • Cipher spec (A) • Master secret 4 (B) • “is resumable” 28 #FTF2015 Copyright 2015 wolfSSL Inc. TLS : SUB PROTOCOLS Client Server 1 1 Client Hello Cryptographic Info (SSL version, supported ciphers, etc.) 2 3 Server Hello 2 Cipher Suite Verify server cert, Server Certificate check crypto Server Key Exchange (public key) parameters ( Client Certificate Request ) Server Hello Done 4 3 Client Key Exchange 5 ( Certificate Verify ) Verify client cert ( Client Certificate ) (if required) 6 (A) Change Cipher Spec 4 (B) Client Finished 7 Change Cipher Spec Server Finished 8 Exchange Messages (Encrypted) 29 #FTF2015 Copyright 2015 wolfSSL Inc. TLS : SUB PROTOCOLS 1 Handshake Protocol • Client Hello ! 2 • Sent when client first connects to server • Includes • Protocol version 3 • Random structure • Session ID (A) • Cipher suites (B) 4 • Compression methods • Extensions 30 #FTF2015 Copyright 2015 wolfSSL Inc. TLS : SUB PROTOCOLS 1 Handshake Protocol • " Server Hello 2 • Sent in response to Client Hello • Only when it can find acceptable set of algorithms • Includes 3 • Protocol version • Random (A) (B) • Session ID 4 • Cipher suite • Compression method • Extensions 31 #FTF2015 Copyright 2015 wolfSSL Inc. TLS : SUB PROTOCOLS 1 Handshake Protocol • Hello Extensions 2 • Signature Algorithms • Which signature / hash pairs may be used 3 • Maximum Fragment Length • Set maximum SSL record fragment size (A) (B) 4 • Several more… 32 #FTF2015 Copyright 2015 wolfSSL Inc. TLS : SUB PROTOCOLS 1 Handshake Protocol • " Server Certificate 2 • Server’s certificate chain sent to client • X.509v3 certificates • Must be compatible with selected key exchange 3 method (A) 4 (B) 33 #FTF2015 Copyright 2015 wolfSSL Inc. TLS : SUB PROTOCOLS 1 Handshake Protocol • " Server Key Exchange 2 • Sent when cert message doesn’t contain enough data for client to exchange premaster secret: • DHE_DSS 3 • DHE_RSA • DHE_ANON (A) (B) 4 *Or rather, when “ephemeral” suites are used. 34 #FTF2015 Copyright 2015 wolfSSL Inc. TLS : SUB PROTOCOLS 1 Handshake Protocol • " (Certificate Request) 2 • Server request for client certificate 3 • Used when “mutual authentication” is done (A) 4 (B) 35 #FTF2015 Copyright 2015 wolfSSL Inc. TLS : SUB PROTOCOLS 1 Handshake Protocol • " Server Hello Done 2 • Indicates end of Server Hello 3 • After sending, server waits for client response (A) 4 (B) 36 #FTF2015 Copyright 2015 wolfSSL Inc. TLS : SUB PROTOCOLS 1 Handshake Protocol • Client Authenticates Server 2 • Using cert sent previously and loaded CA certs 3 (A) 4 (B) 37 #FTF2015 Copyright 2015 wolfSSL Inc. TLS : SUB PROTOCOLS 1 Handshake Protocol • (Client Certificate) ! 2 • Only sent if server requests it 3 • If no cert available, must send empty one (A) 4 (B) 38 #FTF2015 Copyright 2015 wolfSSL Inc. TLS : SUB PROTOCOLS 1 Handshake Protocol • Client Key Exchange ! 2 • Sets the premaster secret: • RSA-encrypted premaster secret message 3 • Client DH public value (A) 4 (B) 39 #FTF2015 Copyright 2015 wolfSSL Inc. TLS : SUB PROTOCOLS 1 Handshake Protocol • Certificate Verify ! 2 • Used to provide explicit verification of the client certificate • Client signs some data* with private key 3 • Server tries to decrypt with public key (A) 4 (B) *concatenation of all handshake messages thus far 40 #FTF2015 Copyright 2015 wolfSSL Inc. TLS : SUB PROTOCOLS 1 Handshake Protocol • Change Cipher Spec ! 2 • Switches to agreed upon cipher suite, compression, etc. 3 (A) 4 (B) 41 #FTF2015 Copyright 2015 wolfSSL Inc. TLS : SUB PROTOCOLS 1 Handshake Protocol • Finished ! 2 • Verifies that key exchange and authentication process was successful. • First message sent under negotiated algorithms, 3 keys, and secrets. (A) 4 (B) 42 #FTF2015 Copyright 2015 wolfSSL Inc. TLS : SUB PROTOCOLS 1 Handshake Protocol • " Change Cipher Spec 2 • Same purpose as client’s 3 (A) 4 (B) 43 #FTF2015 Copyright 2015 wolfSSL Inc. TLS : SUB PROTOCOLS 1 Handshake Protocol • " Finished 2 • Same purpose as client’s 3 (A) 4 (B) 44 #FTF2015 Copyright 2015 wolfSSL Inc. TLS : SUB PROTOCOLS 1 Change Cipher Spec Protocol • Signals transitions in ciphering strategies 2 • Sent by both client and server 3 • Notifies receiving party that subsequent records will be protected under newly negotiated CipherSpec (A) and keys 4 (B) 45 #FTF2015 Copyright 2015 wolfSSL Inc. TLS : SUB PROTOCOLS 1 Alert Protocol • Convey severity and description of alert 2 • Either “warning” or “fatal” • Fatal results in immediate termination of connection 3 • Encrypted and compressed as per CipherSpec (A) 4 (B) 46 #FTF2015 Copyright 2015 wolfSSL Inc. TLS : SUB PROTOCOLS