Securing IoT and Embedded Systems: Integrate MAXQ1065 with wolfSSL

Transport Layer Security (TLS) has remained the foundation of internet security since the early 1990s, continually adapting to emerging threats to safeguard our online interactions and privacy. Each new version introduces improvements in security and performance. However, embedded systems such as those found in the Internet of Things (IoT) often have unique or additional security needs.

In these cases, using a secure element together with wolfSSL can further enhance security. This blog post will show how wolfSSL can be used with the MAXQ1065 from Analog Devices to ensure high performance, low power consumption, and strong protection against various security threats. This is a powerful combination for resource-constrained embedded system applications such as IoT devices, where security and efficiency are paramount.
 

What Is Transport Layer Security (TLS)?

TLS stands as the cornerstone of secure communication over the internet. TLS is a cryptographic protocol that establishes a secure connection between two devices over a network, ensuring authenticity, integrity, and confidentiality.

When you visit a website, your browser and the web server start a TLS handshake. This involves several steps, including authentication and negotiation of cryptographic algorithms and keys. Once the handshake is complete, a secure connection is established, and data can be exchanged with confidence.

TLS uses a blend of symmetric and asymmetric cryptography to protect data during transmission. TLS operates at multiple layers of the OSI model, which enables it to secure various applications including web browsing, email, instant messaging, voice-over-IP, and general security for connected objects (IoT).

TLS not only encrypts data to prevent eavesdropping but also verifies the integrity of the transmitted information, ensuring that it has not been altered in transit. This dual function makes TLS crucial for protecting sensitive information such as passwords, financial transactions, and personal data.

Figure 1. Flowchart of a TLS Handshake

What is wolfSSL?

wolfSSL is a high-performance, small footprint, and highly secure SSL/TLS library designed for embedded systems, IoT devices, and resource-constrained environments. It offers a range of cryptographic algorithms, including AES, RSA, ECC, ChaCha20, and Poly1305. The library is written in ANSI C, ensuring portability across various platforms and operating systems.

One of wolfSSL standout features is its compliance with standards such as FIPS 140-2 and FIPS 140-3, making it suitable for applications requiring high levels of security. Additionally, it supports the latest TLS 1.3 protocol, ensuring up-to-date security practices. The library’s modular architecture allows developers to include only the necessary components, reducing the memory footprint and optimizing performance for specific use cases.

WolfSSL integrates seamlessly with popular development environments and operating systems, including Linux, Windows, macOS, FreeRTOS, and many others. It is also designed to work with hardware-based cryptography solutions, enhancing performance and security.
 

What is the MAXQ1065?

The MAXQ1065 is an ideal crypto coprocessor for embedded devices, featuring ultra-low power consumption and It provides turnkey cryptographic functions for hardware root-of-trust, mutual authentication, data confidentiality and integrity, secure boot, secure firmware update, and secure communications with generic key exchange and bulk encryption or complete TLS support. It has 8KB of user memory for secure storage of keys, secrets, certificates or user data.
 

VIDEO: Discover how ChipDNA PUF (Physically Unclonable Function) technology provides the highest level of data security for the IoT. 
 

Enhanced Security for Connected Systems

Integrating the MAXQ1065 with wolfSSL enhances the security of embedded applications by leveraging the strengths of both components. Here is how they can work together:

• The MAXQ1065 provides hardware-based cryptographic operations, which can offload these tasks from the main processor. It allows the usage of asymmetric crypto in environments where this would be completely impractical (running ECDSA on Cortex M3/4 without crypto accelerator takes more than 2s).
• The MAXQ1065 secure key storage ensures that cryptographic keys used by wolfSSL are protected against unauthorized access and tampering. It also protects against fault injection and side channel attacks.
• WolfSSL handles the implementation of SSL/TLS protocols, providing secure communication channels. By delegating the crypto operations to MAXQ1065, the overall security of the SSL/TLS connections is enhanced.

Figure 2. MAXQ1065 Software Offering
 

The company's commitment to providing regular updates and support ensures that wolfSSL remains a reliable choice for secure communications in various industries, including automotive, aerospace, industrial automation, and consumer electronics. Learn more about how MAXQ1065 is supported in wolfSSL.