Hi, I know that an 8bit microcontroller can be used to be a simple web server. This is very good for putting embedded controller devices on a network. What about if I need to have security in there, such as SSL? I don't thik an 8bit micro can handle SSL. Is there any chip out there i can use to offload my SSL stuff? Thanks, Mike
Network enabled device with SSL?
Started by ●January 31, 2004
Reply by ●January 31, 20042004-01-31
mike@illinoisalumni.org (Michael Valencia) wrote in message news:<e24c5549.0401310457.13b2fd9a@posting.google.com>...> Hi, > I know that an 8bit microcontroller can be used to be a simple web > server. This is very good for putting embedded controller devices on a > network. > > What about if I need to have security in there, such as SSL? I don't > thik an 8bit micro can handle SSL.Rabbit Semiconductor will release a core module with an 8-bit Rabbit processor next month that handles SSL very well without any extra hardware to accelerate encryption and decryption. Initial authentication takes 2-3 seconds, throughput is about 120K bits/s. A certificate creation utility is included. The integrated HTTPS server will work with all major browsers without changing default security settings. www.rabbitsemiconductor.com> Is there any chip out there i can > use to offload my SSL stuff? > > Thanks, > Mike
Reply by ●January 31, 20042004-01-31
Brian Murtha wrote:> A certificate creation utility is included. > > The integrated HTTPS server will work with all major browsers without > changing default security settings.Maybe I'm reading this too literally, but normally when you issue your own certs the root is not trusted by browsers - this causes browsers to popup a warning when the server is accessed. Easily corrected within an enterprise, but not practical for public use. Are you saying you've worked around this, and how? If not, are you planning to support certs from major issuers for public applications? That's pretty impressive to squeeze a respectable SSL server into an 8-bit MCU! What encryption method(s) does it support?
Reply by ●January 31, 20042004-01-31
Michael Valencia <mike@illinoisalumni.org> wrote:> What about if I need to have security in there, such as SSL? I don't > thik an 8bit micro can handle SSL. Is there any chip out there i can > use to offload my SSL stuff? >We certainly managed to put MD5 + 3DES onto a PIC18 a couple of years back, but we decided against full SSL - we reckoned it was better to move the security into the application protocol (including some challenge-response techniques to add proof against replays and tampering). We also came up with a scheme for an "SSL Assistant" which is the subject of a patent application and I probably can't discuss here yet. pete -- pete@fenelon.com "there's no room for enigmas in built-up areas"
Reply by ●January 31, 20042004-01-31
Richard wrote:> Brian Murtha wrote: > >>A certificate creation utility is included. >> >>The integrated HTTPS server will work with all major browsers without >>changing default security settings. > > > Maybe I'm reading this too literally, but normally when you issue your > own certs the root is not trusted by browsers - this causes browsers to > popup a warning when the server is accessed. Easily corrected within an > enterprise, but not practical for public use.Selfsigned certificates are the only doable way unless you want to spend big bucks. Either they trust your device or leave it. Rene -- Ing.Buero R.Tschaggelar - http://www.ibrtses.com & commercial newsgroups - http://www.talkto.net
Reply by ●January 31, 20042004-01-31
"Richard" <rh86@azglobal.com> wrote in message news:401C05F6.990A5E18@azglobal.com...> Maybe I'm reading this too literally, but normally when you issue your > own certs the root is not trusted by browsers - this causes browsers to > popup a warning when the server is accessed. Easily corrected within an > enterprise, but not practical for public use.The only feasible way to deal with the flaming ridiculousness of certicificates in web browsers is to self-sign the certificates. You could have a local (organizational) CA that signs them if you really want to play the PKI game, but now there's two certs embedded in the device and you're now managing a local CA.> Are you saying you've worked around this, and how? If not, are you > planning to support certs from major issuers for public applications?I would imagine that if you've got a static IP address, and if you spend the bucks then you can happily get Verisign / Thawte to take your money and sign a cert for you. Import cert into Rabbit and enjoy the little 'key' icon in your web browser. This cert, of course, means nothing regarding the actual authentication of the device in question - it just ties an IP address to a name (valid credit card holder). Alternately, assign a static IP address to your device, generate and sign your own cert, import into device, and let the user accept press 'enter' when the warning pops up. From then on, no warning. Enjoy little 'key' icon in your web browser. If the decive can change IP addresses once in the field (user configuration, or DHCP), then you need some way to generate the cert on the device itself - not really a problem. There's really no other way to give the user SSL on a device where the IP address is apt to change. Consider network devices (routers, managed switches, etc) - their IP devices are unknown when they leave the factory, and some users (think they) want SSL to connect to the box's management web server. The simple solution is generate a new self-signed cert whenever the management IP address changes. http://www.schneier.com/paper-pki.html> That's pretty impressive to squeeze a respectable SSL server into an > 8-bit MCU! What encryption method(s) does it support?Not DES let alone 3DES - see some earlier posts in this group. RSA key lengths weren't disclosed. Kelly
Reply by ●January 31, 20042004-01-31
Richard <rh86@azglobal.com> wrote in message news:<401C05F6.990A5E18@azglobal.com>...> Brian Murtha wrote: > > A certificate creation utility is included. > > > > The integrated HTTPS server will work with all major browsers without > > changing default security settings. > > Maybe I'm reading this too literally, but normally when you issue your > own certs the root is not trusted by browsers - this causes browsers to > popup a warning when the server is accessed. Easily corrected within an > enterprise, but not practical for public use.You still have to go through a signing authority such as VeriSign for that.> Are you saying you've worked around this, and how? If not, are you > planning to support certs from major issuers for public applications? > > That's pretty impressive to squeeze a respectable SSL server into an > 8-bit MCU!The trick was in developing some new processor instructions that speed some of the arithmetic up: http://www.rabbitsemiconductor.com/documentation/docs/manuals/Rabbit2000/InstructionReference/index.html> What encryption method(s) does it support?RSA public-key encryption routines (includes PKCS encoding) Multi-precision arithmetic for RSA RC4 symmetric bulk cipher routines SHA-1 message digest MD5 message digest
Reply by ●February 2, 20042004-02-02
NetBurner , www.netburner.com has had SSL availible for their embedded modules for more than a year. On 31 Jan 2004 04:57:47 -0800, mike@illinoisalumni.org (Michael Valencia) wrote:>Hi, >I know that an 8bit microcontroller can be used to be a simple web >server. This is very good for putting embedded controller devices on a >network. > >What about if I need to have security in there, such as SSL? I don't >thik an 8bit micro can handle SSL. Is there any chip out there i can >use to offload my SSL stuff? > >Thanks, >Mike
Reply by ●February 2, 20042004-02-02
"Kelly Hall" <hall@priest.com> wrote in message news:<Z9VSb.20107> Not DES let alone 3DES - see some earlier posts in this group.We implented just what was needed for out-of-the-box compatibility with browsers for the first release. We'll see about DES if the demand is there.> RSA key > lengths weren't disclosed.The key length for initial public key exchange is 512 bits. After that, 128 bit keys are used.> Kelly
