Open Source Internet Security Company / Product Overview October, 2016 http://www.wolfssl.com (425) 245-8247 ABOUT US Founded: 2004 Location: Bozeman, MT Seattle, WA Portland, OR Our Focus: Open Source Embedded Security (for Applications, Devices, IoT, and the Cloud) Products: - wolfSSL - wolfSSL FIPS - wolfCrypt - wolfSSH - wolfMQTT - wolfSCEP - wolfSSL Inspection - yaSSL © Copyright 2016 wolfSSL A GROWING COMPANY! wolfSSL is Growing! 300 OEM Customers 15 Resale Partners 2011 3 employees 2012 9 employees 2013 11 employees 2014 15 employees 2015 19 employees © Copyright 2016 wolfSSL BROAD PARTNER PROGRAM Industry Partnerships © Copyright 2016 wolfSSL SECURING CONNECTIONS Smart Home Battlefield Communication Smart Grid VoIP M2M Cloud Services Factory Automation Automotive / Smart Cars Currently Securing Smart Energy Internet of Things 2 Billion Connections! Sensors Appliances IoT Connected Home Games Databases Applications Web Servers Mobile Phones Routers © Copyright 2016 wolfSSL WOLFSSL PRODUCTS wolfSSL wolfCrypt wolfMQTT wolfSSH Lightweight SSL/TLS Crypto Engine Lightweight MQTT Client Lightweight SSH Server wolfCrypt wolfCrypt FIPS SSL Sniffer wolfSSL JNI wolfSSL C# wolfSSL Java Wrapper wolfSSL C# Wrapper Secure SSL Proxy wolfSCEP Secure Update On top of Squid Proxy memcached © Copyright 2016 wolfSSL WOLFSSL PRODUCTS wolfSSL wolfCrypt wolfMQTT wolfSSH Lightweight SSL/TLS Crypto Engine Lightweight MQTT Client Lightweight SSH Server Dual Licensed! wolfCrypt wolfCrypt FIPS SSL Sniffer Commercial Open Source wolfSSL JNI wolfSSLLicense C# GPLv2 License wolfSSL Java Wrapper wolfSSL C# Wrapper Secure SSL Proxy wolfSCEP Secure Update On top of Squid Proxy memcached © Copyright 2016 wolfSSL WOLFSSL Lightweight SSL / TLS Library LIGHTWEIGHT. PORTABLE. C-BASED. ü Up to TLS 1.2 and DTLS 1.2 wolfSSL Lightweight SSL/TLS ü 20-100 kB footprint ü 1-36 kB RAM per session wolfCrypt ü Up to 20X Smaller than OpenSSL SSL Sniffer ü Long list of supported operating systems ü TLS 1.3 – Targeting Late 2016 (1st to Market) Windows, Linux, Mac OS X, Haiku, OpenWRT, iPhone (iOS), TRON/ITRON/uITRON, Micrium uC/OS, Solaris, ThreadX, VxWorks, Android, Nintendo Wii and FreeRTOS, SafeRTOS, Freescale MQX, … FreeBSD, NetBSD, OpenBSD, Gamecube through DevKitPro, Nucleus, TinyOS, HP/UX, ARC MQX embedded Linux, WinCE QNX, MontaVista, NonStop © Copyright 2016 wolfSSL WOLFSSL Lightweight SSL / TLS Library ADDITIONAL FEATURES: ü OpenSSL Compatibility Layer ü Web Server Integration ü Hardware Cryptography Support (STM32, Freescale Kinetis CAU/mmCAU, Coldfire, Microchip PIC32MZ, Cavium NITROX, Intel AES-NI/AVX1/AVX2/RDRAND/ RDSEED) ü NSA Suite-B Compatible ü FIPS 140-2 Level 1 Validated © Copyright 2016 wolfSSL WOLFCRYPT Cryptography Library PORTABLE MODULAR CRYPTOGRAPHY ü Previously called “CTaoCrypt” wolfCrypt Crypto Engine ü Working on splitting into separate product ü Progressive list of supported ciphers wolfCrypt FIPS ü Modular design, assembly optimizations AES (CBC, CTR, CCM, GCM), MD2, MD4, MD5, SHA-1, RSA, ECC, DSS, DH, EDH, NTRU DES, 3DES, Camellia, SHA-256, SHA-384, SHA-512, HMAC, PBKDF2, PKCS#5 … ARC4, RABBIT, HC-128, ChaCha20 BLAKE2b, RIPEMD-160, Poly1305 ECDH-ECDSA, ECDHE-ECDSA, ECDH-RSA, ECDHE-RSA, Curve25519, Ed25519 © Copyright 2016 wolfSSL WOLFCRYPT Cryptography Library Algorithms MD2, MD4, MD5, SHA-1, SHA-2, SHA-3, Hash FuncXons RIPEMD DES, 3DES, AES, Camellia Block Ciphers ARC4, RABBIT, HC-128, ChaCha20 Stream Ciphers AES-GCM, AES-CCM, Poly1305 AuthenXcated Ciphers RSA, ECC, DSS, DH, EDH Public Key OpXons HMAC, PBKDF2 Password-based Key Derivaon © Copyright 2016 wolfSSL WOLFSSL JNI wolfSSL JNI Wrapper BRINGING WOLFSSL TO JAVA USERS Java App ü JNI wrapper around wolfSSL ü Full support for DTLS 1.2 wolfSSL JNI wolfSSL Java Wrapper Current Java (including Android) does not have support for DTLS 1.2 Native wolfSSL ü Users no longer need to write their own! ü Same licensing model – GPLv2 or commercial © Copyright 2016 wolfSSL WOLFMQTT MQTT Client with TLS support LIGHTWEIGHT OPEN MESSAGING PROTOCOL ü Based on MQTT v3.1.1 specification ü Small size: 3.6kB wolfMQTT Lightweight MQTT Client ü QoS Levels 0-2, support for TCP or TLS ü Examples and support available ü Used in upcoming wolfSSL Secure Firmware Update package © Copyright 2016 wolfSSL WOLFSCEP Simple CerXficate Enrollment Protocol PORTABLE SCEP IMPLEMENTATION ü Issuing and revocation of certificates wolfSCEP ü Protocol originally developed by CISCO ü Lightweight, portable SCEP implementation ü Uses wolfCrypt for crypto operations © Copyright 2016 wolfSSL WOLFSSH Lightweight SSH Server PORTABLE SSH SERVER ü SSH == “Secure Shell” wolfSSH Lightweight SSH Server ü Often used for remote access, file transfer ü Uses wolfCrypt primitives under the hood ü Currently in development – Release Planned for 2016! © Copyright 2016 wolfSSL HARDWARE CRYPTOGRAPHY STM32F217 (ARM Cortex-M3, 120 MHz ) 25 20 15 So`ware Crypto MB/sec Hardware Crypto 10 5 0 AES DES 3DES MD5 SHA © Copyright 2016 wolfSSL HARDWARE CRYPTOGRAPHY KineHs K60 mmCAU vs. wolfCrypt Soware 6 5 4 3 So`ware MB / sec. Hardware 2 1 0 AES DES DES3 MD5 SHA SHA-256 © Copyright 2016 wolfSSL HARDWARE CRYPTOGRAPHY Intel Crypto Support • AES-NI – Hardware-accelerated AES available in some Intel chips – Typically 3-5 Xmes faster than so`ware AES • AVX1/2 – Accelerates SHA hash funcXons • RDRAND/RDSEED – Random number generaon in hardware © Copyright 2016 wolfSSL SECURE YOUR DEVICE wolfSSL Kickstart Time: 1 Week – Cryptography validaon – Hardware crypto support – Unburden your engineers from the details of cryptography – Get your cryptography done right! • Possible uses – Get wolfSSL brought up on a board! © Copyright 2016 wolfSSL DOWNLOAD WOLFSSL TODAY! wolfssl.com github.com © Copyright 2016 wolfSSL LEARN MORE wolfssl.com Open Source Internet Security Email: [email protected] Phone: (425) 245-8247 © Copyright 2016 wolfSSL SSL INSPECTION (SSL SNIFFER) Features • Collect and decrypt SSL / TLS traffic Decrypt and Inspect Client Server SSL / TLS • Possible uses: - Analyzing Network Problems - DetecXng network misuse by internal and external users - Monitoring network usage and data in moXon - Debugging client/server communicaons © Copyright 2016 wolfSSL SECURE MEMCACHE Features • Enable encrypXon between memcache servers and clients • Memcache + SSL = 4X faster than direct to database Ask about our BETA version, available now! © Copyright 2016 wolfSSL SECURE MEMCACHE Benchmarks: Queries per Second New TLS ConnecHons per Second 30000 1500 20000 1000 10000 500 DB cache AES RC4 HC-128 OpenSSL RSA CyaSSL RSA CyaSSL NTRU © Copyright 2016 wolfSSL .