Author Topic: SSH / SSL  (Read 11492 times)

Offline CyberTiVo

  • Newbie
  • *
  • Posts: 3
    • View Profile
SSH / SSL
« on: August 07, 2007, 06:51:36 PM »
How easy/hard is it to enable encryption to and from the device?  Can we use Open Source software and recompile it?  Would you have to do it or us?

Offline mark

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 3234
    • View Profile
    • uTasker
Re: SSH / SSL
« Reply #1 on: August 07, 2007, 09:13:13 PM »
Hi

Encryption is a complicated and wide topic so a general answer is not that easy.
Typically OpenSSL is used as the base of many such tasks - this is a complete open source library containing a wide range of the algorithms required and can be freely compiled and linked into any project (it is C-code - see the book "OpenSSL Network security with OpenSSL" published by O'Reilly - ISBN: 0-596-00270-X).

There are some uTasker based projects (POS) which have used parts of this, but not for encryption of a HTTP connection (HTTPS).

For small footprint devices the required memory space (both FLASH code space and RAM work space) can be a bit restrictive and some of the algorithms are rather processor intensive. For this reason an SSL tunneling technique may be suitable in some cases, which offloads the effort to a proxy. Take a look at the open source STUNNEL project at www.stunnel.org and its Internet draft at http://muffin.doit.org/docs/rfc/tunneling_ssl.html. This allows the devices themselves to use standard and simple unsecured HTTP connections within a secure SSL environment.

Regards

Mark


Offline CyberTiVo

  • Newbie
  • *
  • Posts: 3
    • View Profile
Re: SSH / SSL
« Reply #2 on: August 07, 2007, 11:34:31 PM »
Thanks, I new space would be an issue.  Maybe we can strip it down to a minimum.

Offline mark

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 3234
    • View Profile
    • uTasker
Re: SSH / SSL
« Reply #3 on: August 08, 2007, 09:41:38 AM »
Hi

I don't know what the space requirements will be (it depends on which functions are used, and which ones these then also require) but this will be known once the required routines are linked into a test project. Most of the algorithms work with temporary memory on heap so the RAM requirements can only really be determined by running these routines (OpenSSL runs on a PC so I tend to use a manipulated malloc version to monitor this. On the target it is best to calculate about +20..30% RAM overhead due to memory holes which inevitably occur in the malloc managements.)

OpenSSL has been written by experts who have ensured that the code doesn't compromise security - that means that the code tends to be conservative. It is however not advisable to change things without detailed knowledge of the process that it is performing. The possible result of incorrect use of the available library routines or of changes to code are security holes in the system which compromises its usefulness. These holes can probably be detected by knowledgable hackers but not necessarily identified by programmers who are using the code incorrectly.

The use of the library involves some knowledge of the security issues involved and adherence to its guidelines to ensure that its purpose is retained. Therefore generally the program size will be dictated by the functions used in their standard form, with probably limited capability of code size optimisations.

Regards

Mark

Offline CyberTiVo

  • Newbie
  • *
  • Posts: 3
    • View Profile
Re: SSH / SSL
« Reply #4 on: August 09, 2007, 01:48:51 PM »
Thanks for the detailed explaination.