Security and Connectivity for the IoT Edge
Embedded TLS Client/Server Overview
Embedded device security is always a concern when building a networked embedded device. Allegro’s RomSTL is a small, resource sensitive TLS client and server solution specifically written for use in embedded systems. RomSTL is standards-based, hardware and software platform agnostic, and written from the ground up for efficient use of Allegro’s FIPS 140-2 cryptography. RomSTL supports the latest RFCs for TLS v1.3 as well as providing support for Suite B crypto algorithms. The full suite of Advanced Edition products support IPv6 and IPv4 operation to meet your embedded device development needs.
RomSTL – Embedded TLS
RomSTL is a small, resource sensitive TLS client and server solution specifically engineered for rigors of embedded computing. Pre-integrated with Allegro’ Secure IoT Suite, RomSTL makes it easy to enable TLS in your embedded designs quickly, easily, while reducing risk. RomSTL supports the latest RFC standards for TLS v1.1, TLS v1.2, and TLS v1.3 secure server and client sessions. The encryption protocols interoperate with any secure browser or server and include RSA, RC4, DES, 3DES, SHA, AES, and Suite B algorithms. Additionally, RomSTL is tightly integrated with RomCert, an embedded implementation of Online Certificate Status Protocol (OCSP) and Simple Certificate Enrollment Protocol (SCEP), that makes embedding security certificate management into resource sensitive embedded systems and consumer electronics fast, easy and reliable, while decreasing time to market. With the included libraries and certificate services, your engineering team can easily build embedded devices that can participate in secure communications. RomSTL is delivered as standard ANSI-C source and built upon a highly portable and field proven abstraction layer enabling it to work with any RTOS or TCP/IP stack.
TLS and Embedded Systems
TLS Transport Layer Security) is used to create an authenticated and encrypted channel, often referred to as an encrypted tunnel, between two endpoints on an unsecured network. Open standards define peer negotiation for algorithm selection and public key exchange of secret session keys and X.509 certificates. Originally utilized by OEMS to provide secure communications when performing device management, TLS is now widely used on the Internet to secure all types of transactions and exchange of data.
The combination of ubiquitous network communications (wired or wireless) and the sheer growth of low power processor capabilities has created the perfect storm for embedded network enabled devices. Networked embedded systems are pervasive in all types of networks including: medical, energy, safety, smart grid, transportation, consumer, government applications and more. All have their own unique needs to manage and securely transport data over a network. The overwhelming choice for secure transport of data has been and will continue to be TLS.
TLS is a modernized version of SSL (Secure Socket Layer). SSL is still used by many systems, but SSL is no longer considered to provide adequate security. The SSL protocol should not be used in new secure systems designs, but RomSTL can be configured to support SSL to interact with legacy systems.
DTLS is a variant of TLS which uses UDP connections rather than TCP connections to exchange secure information. Open standards define peer negotiation for algorithm selection and public key exchange of secret session keys and X.509 certificates. For various reasons, the use of DTLS is finding a foothold in consumer based embedded applications. RomSTL supports DTLS client and server sessions as well as TLS client and server sessions.
Small code footprint
More resources available for application features
ANSI C Source Code Distribution
Broad processor architecture support eases porting and support
Processor, RTOS, and TCP/IP stack agnostic
Allegro’s products will work with new or existing hardware and software designs
Interface files for leading RTOS vendors provided
Minimizes porting effort, increase time to market
Shipping in millions of products worldwide
Pre-integrated with RomPager Embedded Web Server
Save your development team time
No licensing or development issues related to GPL
Eliminates worries about compatibility
Support for hardware crypto acceleration
Allows development team to design with software or hardware assisted crypto
- RFC 2246 – The TLS Protocol Version 1.0
- RFC 3268 – Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS)
- RFC 4279 – Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)
- RFC 4346 – The Transport Layer Security (TLS) Protocol Version 1.1
- RFC 4347 – Datagram Transport Layer Security
- RFC 4366 – Transport Layer Security (TLS) Extensions
- RFC 8446 – The Transport Layer Security (TLS) Protocol Version 1.2
- Processor Architecture – Works with any 16-bit, 32-bit or 64-bit processor
- Operating System(OS) – Works with any OS vendor and will function without an OS if needed
- TCP/IP Stack – Works with any vendor implementation
- Filesystem – Works with any vendor implementation and will function without a filesystem if needed
- Compiler – ANSI C