wolfSSL 2013 Technical and Community Update

Video thumbnail (Frame 0) Video thumbnail (Frame 1478) Video thumbnail (Frame 3228) Video thumbnail (Frame 5090) Video thumbnail (Frame 13191) Video thumbnail (Frame 18792) Video thumbnail (Frame 20420) Video thumbnail (Frame 27747) Video thumbnail (Frame 29710) Video thumbnail (Frame 30996) Video thumbnail (Frame 31662) Video thumbnail (Frame 32477) Video thumbnail (Frame 35606) Video thumbnail (Frame 36491) Video thumbnail (Frame 37132)
Video in TIB AV-Portal: wolfSSL 2013 Technical and Community Update

Formal Metadata

wolfSSL 2013 Technical and Community Update
Title of Series
CC Attribution 2.0 Belgium:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Release Date

Content Metadata

Subject Area
wolfSSL, author of the open source CyaSSL embedded SSL library has made significant progress in 2013 towards bringing the community a more usable, feature-rich, and better supported library for use in an ever-growing range of embedded platforms and environments. This talk will provide an overview of technical progress in the last year and news on the current state of wolfSSL. Details on what's new include the addition of new crypto ciphers and algorithms, better hardware cryptography support, more flexible abstraction layers, a JNI wrapper, new platform support, and better development tool integration.
Cellular automaton Bit Arithmetic progression Product (business)
Point (geometry) Cellular automaton Total S.A. Food energy Vector potential Sign (mathematics) Computer animation Internetworking Personal digital assistant Different (Kate Ryan album) Telecommunication Information security Library (computing)
Implementation Server (computing) Group action Wrapper (data mining) Multiplication sign Cellular automaton Cryptography Product (business) Web 2.0 Computer animation Website Escape character Proxy server Library (computing)
Point (geometry) Server (computing) Implementation Group action Open source Computer file Java applet Multiplication sign 1 (number) Water vapor Client (computing) Mereology Public key certificate Subset Product (business) Number Web 2.0 Semiconductor memory Computer configuration Single-precision floating-point format Operator (mathematics) Modul <Datentyp> Endliche Modelltheorie Information security Computing platform Enterprise architecture Algorithm Computer-generated imagery Software developer Cellular automaton Projective plane Electronic mailing list Mathematical analysis Planning Bit Cloud computing Cryptography Compiler Connected space Process (computing) Computer animation Screensaver Quantum Cycle (graph theory) Procedural programming Communications protocol Library (computing)
Point (geometry) Server (computing) Implementation Service (economics) Link (knot theory) Length Multiplication sign Patch (Unix) Client (computing) Inverse element Rule of inference Revision control Computer configuration Semiconductor memory Encryption Flag Extension (kinesiology) Information security Vulnerability (computing) Physical system Scripting language Default (computer science) Cellular automaton Bit Maxima and minima Price index Benchmark Frame problem Message passing Computer animation Hash function Buffer solution Communications protocol Row (database)
Group action Context awareness Multiplication sign Combinational logic Set (mathematics) Stack (abstract data type) Disk read-and-write head Public key certificate Sign (mathematics) Mathematics Endliche Modelltheorie Social class Cybersex Scripting language Area Bit Decipherment Message passing Process (computing) Internet service provider Buffer solution Cycle (graph theory) Arithmetic progression Spacetime Asynchronous Transfer Mode Functional (mathematics) Service (economics) Computer file Rule of inference Product (business) Inclusion map Latent heat Operator (mathematics) Analytic continuation Mathematical optimization Computing platform Addition Standard deviation Key (cryptography) Information Cellular automaton Physical law Projective plane Memory management Line (geometry) Axiom Cryptography Radius Computer animation Fiber bundle Pressure Library (computing)
Scripting language Default (computer science) Pairwise comparison Implementation Random number generation Mathematical analysis Water vapor Lattice (order) Stack (abstract data type) Element (mathematics) Computer animation Software Integrated development environment Operator (mathematics) Computer hardware
Enterprise architecture Default (computer science) Pairwise comparison Thread (computing) Random number generation Computer animation Source code Operating system Cuboid Cryptography Library (computing) Number
Pairwise comparison Arm Population density Computer animation Integrated development environment Computer cluster Office suite
Point (geometry) Server (computing) Group action Service (economics) Open source Code Multiplication sign Direction (geometry) Similarity (geometry) Information technology consulting Length of stay Computer programming Software testing Endliche Modelltheorie Computing platform Scripting language Email Standard deviation Validity (statistics) Software developer Cellular automaton Bit Process (computing) Computer animation Angle
Computer animation Computer programming Software developer Multiplication sign Office suite Mereology
Turing test Open source Personal digital assistant output Summierbarkeit Function (mathematics) Public key certificate
yeah finish it on the characters is going to talk about we go this is all embedded and both as a and the was also done a lot of progress in the last year and he's going to tell us about what has happened during this they so that you're really communicated with this microphone give the tool used earlier thanks guys for attending a session and the lost 1 in the bed there were of today as likely oldest today giving updated what we've done products lies last year and you are a little bit of an overview of our products for those who are familiar with the company or other pricey offer and item is this common and isothermal approval versus cell and I live in Bozeman Montana and so there's a picture of the value the isn't Andrea what you're
seeing nearby so we have today seasons to take in there to offer their own so and
the growing company is the amount of all the
fate of the world were a total of 10 people 5 full-time and 5 part-time uh based in US 3 3 countries and 6 different cities Simon boson Montana you have people in Seattle Washington Portland Oregon and copper so Brazil of every the California and then a guarantee here and so it's a couple more of them we had last year so it is a good sign and we assume that we see our main correct Seattle secures over 500 million and points on the internet those endpoints that are a really diverse as a cells requires all technologies anything connecting to the Internet but it could be a potential use case Francisella could go library and so there in for machine-to-machine communication the home energy to SR parametres accepted so a conventional this and over
brief overview of products that we offer gone with that tag well what's new and then flows in time for guessed asking questions you may have as
the product lineup Adolphus's solve all our main product is called the as it's a lightweight embeddable as a cell until less library and it is backfire will scriptscript engine which ships with that and then it also includes a a passive SSL inspection features all I will groups the cryptography library slightly engine and we have an embedded web server and embeddable web server called down Gazzaley WS and we can new practice here called oversold GNI which is simply JNI wrapper around Seattle and then we have a couple of X issue we don't currently have our website yet but we haven't allowed and available to those interested so we have a salt proxy and built on top of squared we have a secure memcached implementation and of the escape implementation so again our main products see
as all and I mention it's a lightweight embeddable SSL library and the whole library footprint ranges from 20 to 100 kilobytes depending on how you build it and the title that option is a 0 mean PSK so that a subset using here like other appreciate piece I foresee and anti also point to only a hundred kilobytes will give you pretty much a full SSL stack using embedded optimized compiler the um RAM usages is low as well 1 2 36 kilobytes per session and so this is not only important so Embedded World cares about memory usage that is the enterprise and cloud services and because you're going of millions of connections coming and the limited by year-end you ran memory and then it's also very portable so 1 of our main open-source competitors is open as and oftentimes it's it's quite a burden to take the whole package and ported it over to here but it operates a summer device and times companies this'll devote a single engineer to steer working of a cell and mercy of we we pretty much important everything we've encountered so far and you can use a number of operations and we support and and they're always working for every new ones every day the old group desire is our cryptography library it produces policy talk and was bundled in together with Seattle so the 1 and the same and this year we've been working on separating amounted to separate products and so there's a lot of people who only 1 could go and not necessarily as SSL so very single distiller download astray Kiefer library and if that's you desire battery modular so the only 1 use a yes a new project you can spot the source from the file and stick around your project without having to put everything else and it's pretty much supports all your standard Cyprus we is also progressive ones and we the HC 128 rabbits screen savers and a while ago we support and true public the algorithm which is the quantum resistance public from security innovation and then we get about the Blake 2 shot 3 finalists to address that today and that since is that we do every day all day has a job I would like to give our users the most cutting-edge technology when uh we have about web server is built on top of Monday's which is also an open source web server and so did my use and put Seattle into it and I can get the whole entire bundled and then the other on the web server uh in very small so a hundred kilobytes with SSL support at 20 kilobytes without it is 1 of the plane http connection um and it's not truly up the list of features all over being embedded web server see get CGI analysis I and IV restrictions etc. and also repairable so is 1 of the 2 new products of introduced this year so 1st soldier I is simply a GNI wraparound see as all the in C and we had a customer who really work back to my details from point to which the Java implementation currently doesn't have detail support and so up until this point we will have to take that as a library like commences cell or Ciel's 1 right there on wraparound so hopefully this all this provides you going off the shelf solution and then they decide I should mention our licensing model a little bit our our company if here uh the dual licensed under the GPL and a commercial license so all the products are open source and mirrors were born out of my skill they want cleaner muscle cell implementations that they knew the license to and they could safely shipped with their commercial licences and so we actually C + + as a cell library called the and and then eventually wrote C of water the embedded market really minus C library and so we follow that lysing model now almost ourselves and products the 2nd approach we introduced this year is the 1st of client so simple certificate enrollment protocol and so this lets client go out and in all of the steps a in retrieve back a certificate which they can then use to authenticate to and never and we start with the same principle that we've learned through all of our procedure of all being portable and so it abstracted out all the most of the layers that you encounter as problems when you're moving over to a new platform and then it did users will script underneath as the crypt library that's currently under development prejudice wrapping it up and public safety so it should make it onto a website problem unless the police the the cycle now about what's new
and old than last year and by the more interesting part for people who violated are steel about what we do so we
fixed the lucky 13 attack and not mn candy came to us beforehand and polls about them and they're very helpful and in helping us 1 pushing the patch inverse seals look this and so the look lucky 13 was a timing attack so you can monitor how much time it takes you as a sole records back and using that eventually the the point X which is pretty amazing actually come back and the beginning of Cops those guesses for figuring that out the and so we should be protected against them um we've had detail of support for a couple years now so details datagram TLS so it's meant to be used over unreliable protocol such as UDP and because they can use the reliability in our packets and stuff that TCP has its former complex and so we have reduced the couple of reliability enhancements since now we have a couple more users using it and it's really popular rule streaming media and avoid and we have added spot for details 1 . 2 so there's the 2 versions of the shelter 1 . on . 2 and 1 going to just pretty much updating it to the level until at some point to and adding the ADA diesel authenticated encryption and was associated data and so not only in but also authenticates messages we have some support for some new Telus extensions and so server name indication or as an as an our decline specify which service connecting to as can be and useful and you have multiple servers hosted on the same location and with a virtual for example now in this next frame length which allows the client to negotiated different Maximus already size so by default a cell uses a 16 killed by record and so that they're not all that big but they can grow up to that and so on and then declined you have to reserve 16 kilobytes flag buffer and so all attends if you don't have much memory which we will encounter people every day you it's a struggle for them to fit an extra 16 kilobytes into there is a self alignment and the kind can use this negotiate down the smaller maxim fragment size and then the 3rd 1 introduces truncated age max so traditionally have several like shot is used to form the bacteria and which is easily 160 bits and so with this the client can again be reserved bandwidth and shrink down to 80 % and curly there's Miami security weaknesses known by using a given in and act as of the full hash implementation for any financial 1 and when you configuring Seattle is not account system by default in Linux so you is that enable DOS next option we have that uh as I mentioned the shot 3 finalists Blake to answering from 256 to
512 died links and actually produce the amount of the company philosophy pretty well so as to not only of the polite way but also so fast you can see here is there at the top of the wall script implementation benchmark that's that's another shot
imitation and and actions on the fly from the we faster than 5 and if if think about optimise it correctly we a mode to ATS CCM so counter with CBC Mac and enabled using naval 80 a cc and now available user serious that C and i'd H and using those functions and when used with the along of the cell you gain a more sigh you Hopkins between our space we use in the streets and pressure pre-shared keys I we have some discussions with NTT who developed familiar and I work with them dead
familiar to our seals library has both script the and finally the box over like I guess so against exposed through that the indicted files and we give the user some new functions work and again you have a new services we had the 384 cyber are a generic now supports shot 512 and we enhance radius and I support up to supporting the optimizing for CNN GCM so ADS knives Intel hardware-accelerated and the I think they say 5 to 10 times speed improvement over standard areas and so they have 1 instruction with specific for a means a deciphers and now we have for for that the what kind of a by product of our rules project was the addition of some these PKC of some of the speakers standards and begin the assignment which is cryptographic methods in fact is used signing could messages allow users and assign 1 bundle and wraps up Callahan onion and that and he's a landscape and also had put your question last couple years for both of these and cycle the caseous 10 certificate signing your class and so let's clan make a CSR CA which then turns out into the sign of public key contained in that sending back actual associated his chest as a couple things operability wise we support for persistent session cash so you can now persist procession cash and do file or a buffer and so here you can see relevant functions the files buffers and and enable it would session and along the same lines the ability to persist Perseus to the cash as the other 2 again files 1st and we had a couple of things that to come call the axiom anatomic recall that formatting incorrect operations and a trip to verify so if you are a model or a just and that can do this in 1 fell you can actually write back and until this colliery December however model directly uh which some some user really really want and sometimes can for provider performance increases law and then in along the same lines we added some public-key callbacks so for us a sign verify include and this is center you can unload certificates once all of them into SSL context so if you need to refresh the that cash for some reason and you are and down the existing 1 without destroying all entire context I would see a carry out so far could additions and me and examples and documentation and they're example made it easier for users to give a little bit more information on the the main questions again is about resource usage and so I would had the ability to track stagnated in memory allocation to her after examples and then also increase the IP piece 6 apart and since a lot more people seem to be the inner experimenting whether you are using and production we did not pass the API documentation which is a pretty good improvement over what we had before and we actually have API docs for most functions now and molecule as documentation is continuous work in progress and so it will continue slavery and probably 80 per cent of our customers referring to their operates the summer platform a combination of TCP IP stack and accepted and so we get tiny questions about hoarding so we've created an early supporting head which covers everything from India to assembly optimization to library settings and math libraries that is uh although it onto you'll recall that's we call Baxter's swapping and I around as a seller or something besides TCP IP and i'm logging Kullback stirring and convex etc. should all be mentioned in here no 1 did you resource
are always going to new chips to so we have for for microchips up 32 m x n and the uh also burglary reflects the TPC TCP IP stack and so now we work with negative harmony had to the development environment the just was released this year the Our wolf actually shipped with harmony by default so it as soon as you download harmony your water billionaire in there and if you want see you you can download it and it should work seamlessly and maybe in the in the future we've added support for some Freescale stuff so there's some other hardware-based random number generators on DA inherent the uh no easily in a warmer by simple defined and you just add support for the elements here you which of their their hardware optimized script operations and and I think the next so it'll yeah so here's the a comparison between our software seek out the implementation and the Freescale analysis in the New in the meeting of 20 per cent to 13 hundred per cent increase in speed is the same
thing and the ground so on an embedded chips like in the news also for users
we as for the cab nitrites which is another and Mormon enterprise a rock and a hard rock proposed solution and right now we do blocking that which most solid at the libraries do hopefully sometime in the next year or so will Bill that like encryptor which still really really increase the performance numbers are for uh we had for the HP-UX operating system and better thread afford as well as default and I'll come back that so out of the box if you using the other so that's another we should work
we present to the STM 32 chips and as well as integrated into the harbor crypto and a random number generator and the easier the performance comparison again between oranges our software implementation in green is our is the best candidate to prepare the benefits of substantial improvement for users we've been working pretty close
with Kyle this last year I would bring to the MDK arm and has a low is integrated into the indicate 5 development environment and were actually a softer back now that you get to cows website you can download offices alright alright and through the the
Council's so you have to compare what's endowment anymore and which we think it's pretty cool when you are pretty they're doing it so far the density at the back the so this come all the
technical news server the highlights released from a
couple items of business news you may remember us of the which we were last year and Los us that would have to change the name to Walther cell and we just think of the alliance with our company values and culture and all xi the communicate effectively they they were called in groups and they share 1 here and like open source developers and we have a couple more developers to attain so you get things angle that faster as we increase our on-site consulting activity and we align shared will we got kick start consulting program so somebody can send us our the entire platform will for a softer evidence and of back the and a big ball hallways in United States a big item is is it's 1 predestine validation for all script and so this is a crypto-module validation that like government and some businesses look for in encryptor models of that point to the code and so it's a free long process to go through this you know were from 6 to 12 months and was waiting and time for allowed to verify things and so we will get this wrapped up in in the next half will present score before lucky the and with that will bring a whole bunch in the documentation the seals North Korea will bring all but tests and and similar things we've tried to streamline our support process a little bit better and of the growth using the standard direct e-mail Gödel overwhelming social service and ask her now you'll you'll be issues of our ticket when you know us and hope will work a little better and we try to keep customers has very has risen users so think that's that's pretty
much what I have my update of what we've done this year and that will turn entry questions yourself about office seller and related technologies during part of this the US was the you know it was only in the of the program and he had the less so it is question and I we can probably say we're not compromise by the NSA had and we actually we keep an eye on contributions very
closely the work of this so think governance all have some some questionable things they were so tense but but we don't we have for developers them you know they're going all the time and we can really tell you that we have been compromised so I he could not
find a the the I know you and yeah you should be able to do anything about regarding like using open source C as all they should be pretty much lockable uh minus all as a solid so it's a natural mean giving the example of this in 1 of the he asked what read heavily based if you the again so the that's not a lot of work begin to use it so they didn't do will a different they have BIO the method of input output and and so we 1st Pacific imagine we offer users the ability to create certificates and also signed and now that CSI CSI and all the the rope you have to make the sum of the candidate it again it could be no no we have 2 cases of support that there's a chance that in mind I yeah would get answers a question ture we're back to you and there was about 1 to what ceremony artistic have other as an thanks for attending Prof fears