Verifiable TLS/DTLS

HCC’s Transport Layer Security (TLS) or Datagram Transport Layer Security (DTLS) is a highly optimized software module designed to provide secure network communications for embedded devices. The software is developed using a rigorous adherence to MISRA C:2012 and is available with a full MISRA compliance report.

 

The importance of using a strong development process and source code control has been emphasized by a number of high-profile security problems caused by source code errors. Network security requires a high degree of quality and traditional methods of ‘freestyle coding’ and test do not provide sufficient guarantees of correctness.

HCC’s TLS/DTLS is a framework for secure communication in computer networks, based on the TCP/IP or UDP protocols. The module supports Secure Sockets Layer (SSL) 3.0 but this is deprecated as TLS 1.2 is the recommended standard. The TLS and DTLS module forms part of HCC’s MISRA-compliant TCP/IP stack and is designed specifically for use with it.

This module provides five options:

  • TLS interfacing to HCC’s MISRA-compliant TCP.
  • TLS interfacing to a TCP Sockets interface.
  • DTLS interfacing to HCC’s MISRA-compliant UDP.
  • DTLS interfacing to a UDP Sockets interface.
  • TLS interfacing to HCC’s EAP-TLS module (EAP is the Extensible Authentication Protocol). The EAP-TLS module interfaces to the TLS RAW interface.

The TLS/DTLS implementation can be used as client or server (host). The module provides the following guaranteed capabilities, regardless of the components that lie beneath it:

  • Privacy – it ensures that nobody else can read the message.
  • Authenticity – it ensures that each party really is talking to the peer they think they are talking to.
  • Integrity – it ensures that the data payload has not been modified/tampered with.

Note: You may not require all three of the above capabilities for all use cases; HCC can advise on this.

Features
  • Conforms to the HCC Advanced Embedded Framework.
  • Designed for integration with both RTOS and non-RTOS based systems.
  • MISRA-compliant with a full MISRA compliance report provided.
  • Designed for microcontrollers, ensuring a low memory footprint. This is typically around 20 KB of ROM or 8 KB of RAM.
  • Typically uses a standard Sockets interface, allowing easy integration with many embedded applications.
  • Supports TLS 1.2 (RFC 5246) and SSL 3.0 and is verifiable. TLS 1.2 has been superseded by TLS 1.3. Support for TLS 1.0/1.1 has been deprecated.
  • Supports DTLS version 1.2 (RFC 6347). Support for version DTLS 1.0 has been deprecated..
  • Supports HCC’s EAP-TLS module (through its RAW interface).
  • Supports heartbeat extensions (RFC 6520).
  • Supports HTTP over TLS (RFC 2818).
  • Provides HTTP or FTP Server support for HTTPS and FTPS implementations, or for connection to any other secure client or server application.
  • Uses HCC’s Embedded Encryption Manager (EEM) to provide full certificate management.
  • Supports all the algorithms listed in CryptoCore Software.
  • Supports all the mandatory cipher suites required by different versions of TLS.
  • Supports Elliptic Curve Cryptography (ECC) (RFC 4492).
  • Supports Authenticated Encryption with Associated Data (AEAD).
Integration into your application

Interested in designing-in this software/component into an application? Use our Project Builder to describe your project in an easy way and get an idea whether this software fits your project.