TLS, IoT and MULTOS

TLS seems to be a hot topic in the IoT world at the moment (though obviously its not the end of the story by any means when it comes to device security). I am often asked, "Does MULTOS support TLS?". Well, yes it does is the simple answer but the question actually hides a multitude of complexities.

Just in case you don't know, TLS stands for Transport Layer Security, and it is a messaging protocol for establishing a secure (encrypted) connection between two devices and proving their identity to each other. It is an evolution of SSL (Secure Sockets Layer) and the very latest version of TLS is 1.3, though version 1.2 is almost universally the one being used today, especially when it comes to IoT applications (for example by AWS IoT).

So, what does TLS actually involve? There are a number of discrete steps:-

1. Establishing the trusted identity of devices (servers and clients) - usually a one-off operation. Based on X.509 certificates.
2. During the initial connection, known as the "handshake"

• Verify the identity of the other party
•  Agree the keys to be used for message encryption and integrity checking

3. Once connected, encrypt all communications using the agreed keys.

For a connected device (say a sensor) to "support" TLS, it has to be able to generate the messages that are defined in the protocol and perform the cryptography that is needed during the handshake and afterwards (note that there is a vast range of cryptographic options available). That cryptography can be run in a totally unprotected environment (typically the CPU of the main device micro-controller), a partially protected one (where some of the operations and keys are protected in a separate 'secure element' chip) or be totally protected (where all the keys, secrets and crypto operations run in a secure processor/co-processor).

The MULTOS Trust Anchor falls into the last category, and we believe that all good security practices in the IoT world should consider such a solution. It is perfect solution for an IoT device as it:

a) enables all cryptography to be offloaded to MULTOS:

- reducing the firmware footprint in any main processor,

- holding all keys and secrets securely and

- conducting all crypto processing in a secure environment;

b) vastly improves the trust-ability of the overall IoT device as MULTOS provides a cryptographically guaranteed identity;

c) allows other security functionality to be implemented within the same MULTOS chip, for example

- secure certificate storage,

- functions for implementing secure boot of the main micro-controller,

- user authentication,

- secure firmware updates,

- etc.

Because there are so many possible cryptographic options (known as cipher suites) with TLS, the approach being taken by MAOSCO is to implement a working subset of popular options which can be used "as is". If a particular customer wants to use something different then they are able to customise the functionality themselves with the MULTOS SDK or approach a MULTOS Consortium member company to do it for them. So far, MAOSCO is able to demonstrate support for

- TLS_RSA_WITH_AES_128_CBC_SHA,

- TLS_RSA_WITH_AES_128_CBC_SHA256,

- TLS_RSA_WITH_AES_256_CBC_SHA and

- TLS_RSA_WITH_AES_256_CBC_SHA256

using TLS 1.2 / DTLS 1.2 in the popular openssl and mbedTLS packages. These are the core TLS cipher suites that all TLS implementations should support. AES-CBC block cipher mode is suited to the small message payloads of many IoT devices and is secure when using the "Encrypt then MAC" TLS protocol option.

There are plans to add the required building blocks to support ECC based authentication and key exchange and also to implement an alternative to the CBC block cipher mode, most likely GCM. These additions will enable many more cipher suite combinations to be used.

Finally, to recap, just because an IoT device supports TLS does not mean it is secure (some other device security considerations have already been mentioned and those are just a subset of the security landscape for complete IoT applications). Securing the communications pipe with TLS is just one part of the picture and that needs to be done properly for it to be trusted. Also, TLS is not the only way to secure communications, other authentication and encryption schemes do exist. MULTOS gives you the flexibility, in a single chip, to securely implement what you need to protect your IoT device. Learn more about MULTOS Trust Anchors here.