1 / 9

Secure and Efficient TLS Implementations for Smart Devices

Explore communication relationships, security threats, and services in TLS implementations for smart objects. Learn about RFC 4101 and RFC 3552 recommendations for writing protocol models and security considerations. Discover TLS's flexibility, authentication, key exchange protocols, and session resumption. Consider various credentials, algorithms, and key validation techniques for data protection. Lower footprint may impact functionality and dependencies. Code compiled under Ubuntu Linux.

neci
Télécharger la présentation

Secure and Efficient TLS Implementations for Smart Devices

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Small(er) Footprint for TLS Implementations Hannes Tschofenig Smart Object Security workshop, March 2012, Paris

  2. How do the communication relationships look like? For example: Does your smart object talk to only a small set of pre-defined servers?

  3. Following the recommendations in RFC 4101 “Writing Protocol Models” helps to make these important design aspect transparent.

  4. What security threats do you care about? What security services do you have to offer?

  5. RFC 3552“Guidelines for Writing RFC Text on Security Considerations” offers valuable guidance.

  6. TLS (or DTLS) may be the right building block for your problem; it also offers a lot of flexibility. Different credentials (pre-shared secrets, passwords, asymmetric crypto, etc.) Various authentication and key exchange protocols Numerous algorithms for usage with data traffic protection Session Resumption (with and without server-side state) Alternative key validation techniques Possibility to replace record layer

  7. Unfortunately, there is no magic! Lower footprint means fewer functions or more dependencies/assumptions

  8. Note: The code was compiled under Ubuntu Linux using the -Os compiler flag setting for a 64- bit AMD machine.

  9. Parts omitted by raw public key implementation

More Related