SharkSSL
 | |
| Developer(s) | Real Time Logic LLC |
|---|---|
| Initial release | Version 1 November 2006 |
| Stable release | Version 3839 March 2016 |
| Written in | C and Assembly |
| Operating system | Multi-platform |
| Available in | English, Source Code |
| Type | Security library |
| License | Commercial |
| Website | https://realtimelogic.com/products/sharkssl/ |
SharkSSL is an SSL v3.0 TLS v1.0/1.1/1.2 implementation of the TLS and SSL protocol standard.[1][2][3] With its array of compile-time options and Raycrypto proprietary cryptographic algorithms, SharkSSL can be fine-tuned to a footprint that occupies less than 20 kB, while maintaining full x.509 authentication. COSIC Cryptography Researchers acknowledge SharkSSL for delivering the fastest, and smallest known implementation for Cortex-M processors.[4]
Library
The core SSL library is written in the C programming language and implements the SSL module, the basic cryptographic functions and provides various optional utility functions. Unlike OpenSSL and other implementations of TLS, SharkSSL is designed to fit on small embedded devices, with the minimum complete TLS stack capable of requiring a footprint of less than 20 kB with dependence on variable encryption selections. The library is modular, allowing each component, such as a cryptographic function, to be used in independence from the rest of the framework. Because the library is written in C format, without external dependencies, it maintains the ability to work with almost any industry standard operating system and platform architecture.
Design priorities
The SharkSSL concept is focused on code readability, documentation, and a loosely coupled design to maintain portability. It is designed with hardware crypto engines in mind, using ANSI C and Assembly-optimized big-integer libraries to allow use in embedded devices associated with the Internet of Things (IoT).[5] It uses a simple directory structure with fewer than 10,000 lines of code in the SSL client and server code portions. It provides support for all industry leading processors and may be used with or without hardware-assisted encryption. Unlike Open-source software security projects, where coding standards are unable to be enforced[6] SharkSSL uses a strict programming style to ensure consistent design principles and coding standard.[5]
Transport Agnostic API
SharkSSL provides a transport agnostic API that may be directly used with any network API, allowing it to be used with any other transport protocol, such as TCP or more lightweight protocols that an embedded system or sensor network may employ. These may include proprietary transport, ZigBee, Bluetooth or use for common applications, such as email, web encryption, file transfer, VoIP and wireless security authentication.[3]
Vulnerability Record
SharkSSL has never experienced a documented remote exploit attack, data bleed vulnerability, security bypass attack, signature verification or common name issue, or pointer violation error. SharkSSL is licensed as source code provided to verifiable legal entities.
Industry Use
SharkSSL has been used for securing cross-industry embedded devices since 2006 and may be found in applications such as: Industrial Automation, Programmable logic controllers, Medical devices, Glucose meters, Electricity meters, HVAC, Consumer electronics, Access Controls, Elevators and has been known to have been adopted by the following IoT alliance associations:
- Qualcomm Atheros QCA400X WiFi soluton promoted within the IoT Alljoin Alliance.[7]
- AndesCore IoT Knect community[8]
Features
- Compliant with SSLv3.0, TLSv1.0, TLSv1.1, and TLSv1.2[9]
- Elliptic curves & Suite B[2]
- RSA and Diffie-Hellman crypto libraries that can be re-targeted to dedicated DSP/SIMD engines
- Dual-role (client-server) stack
- Configurable session caching
- Zero-copy API
- Advanced embedded buffer management with no coding required to handle the SSL/TLS buffers (custom memory allocator may be specified)
- Multithreading support for optimal performance when used with a multitasking or process oriented operating system
- Integrated RTOS, HLOS, or BareMetal support[2]
- Hardware Encryption (AES, DES,Triple DES, RC4, RC5, MD5, SHA-1, SHA-2) support.[3]
- Secure Websocket Client
- Secure MQTT C Client
- Secure SMQ C Client for publish–subscribe IoT Communications[10][11]
- Internet of Things (IoT) Secure Demonstrations
- Certificate Management and Creation, (Including custom certificates)
See also
External links
References
- ↑ Embedded, SharkSSL-secures real-time connected LPC1000 based devices, July 2012
- 1 2 3 Embedded, SharkSSL is fastest smallest SSL for MCU driven applications, November 2014
- 1 2 3 Ulitzer, Real Time Logic Extends M2M Device Security and Encryption to NXP’s ARM Cortex-M MCU, June 2012
- ↑ N. Mouha, B. Mennink, A. Van Herrewege, D. Watanabe, B. Preneel, and I. Verbauwhede, "Chaskey: An Efficient MAC Algorithm for 32-bit Microcontrollers," In Selected Areas in Cryptography, 21st Annual International Workshop, SAC 2014, Lecture Notes in Computer Science 8781, A. Joux, and A. M. Youssef (eds.), Springer-Verlag, pp. 306-323, 2014: "An Efficient MAC Algorithm for 32-bit Microcontrollers", 2014
- 1 2 Connected World, Balancing Device Security and Design Cost, November 2014
- ↑ Ars Technica, Jon Brodkin, OpenSSL code beyond repair, claims creator of “LibreSSL” fork, April 2014
- ↑ MicriumDoc Spaces, Qualcomm QCA400X uses SharkSSL, April 2015
- ↑ SOCcentral, Real Time Logic Joins Andes Technology's New IoT Community to Provide Software Stack Solutions, August 2015
- ↑ Manufacturing Automation, Cryptographic Engine, April 2013
- ↑ EE Journal, Asserting Machine Control in the IoT, August 2015
- ↑ EE Journal, All About Messaging Protocols, April 2015