User Tools

Site Tools


securityshield

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

securityshield [2017/02/27 14:49] (current)
lawrence created
Line 1: Line 1:
 +====== SECURITY SHIELD (W5500 Ethernet Shield S)======
  
 +{{:​products:​w5500:​msw5500_evb_v1.0_side.png?​direct&​400|MSW5500 EVB Rev1.0}}
 +
 +----
 +===== Overview =====
 +
 +==== W5500 ETHERNET SHIELD S ====
 +
 +The “W5500 Ethernet Shield S” is a security enhanced version of the “W5500 Ethernet Shield” which has been redesigned to include SSL (Secure Sockets Layer) connectivity.
 +
 +More information on the “W5500 Ethernet Shield” can be found here:
 +
 +  * [[osh:​w5500_ethernet_shield:​start|W5500 Ethernet Shield]]
 +
 +The “W5500 Ethernet Shield S” contains both the W5500 Hardwired TCP/IP chip for network connectivity and the MS1000 Secure MCU from eWBM for the security features required to make a secure connection. The MS1000’s strong security and high speed HW based crypto functions ensure that all data transferred between the server and a client is protected.
 +
 +
 +{{:​products:​w5500:​w5500_ethernet_shield_s:​block_diagram.png?​direct&​400|MSW5500 block diagram}}
 +
 +This “W5500 Ethernet Shield S” is Arduino pin-compatible.
 +
 +==== Available Board list ====
 +
 +  * Arduino Board (e.g. the Uno, Mega etc…)
 +
 +
 +----
 +===== Feature =====
 +
 +==== Hardware Feature ====
 +
 +  * Supports 3.3V
 +  * ARM® Cortex-M3™ MCU with HW Crypto engine (MS1000)
 +  * High Speed Ethernet controller (W5500)
 +  * 10/100 Ethernet PHY embedded.
 +  * Hardwired TCP/IP Protocols: TCP, UDP, ICMP, IPv4, ARP, IGMP, PPPoE.
 +  * Supports SPI, I2C, UART interface
 +
 +{{:​w5500_ethernet_shield_s:​pinmap.png?​direct|Pin Assignment on Arduino}}
 +
 +==== Hardware Configuration ====
 +
 +  * MS1000: ARM® Cortex-M3™ based microcontroller with HW crypto engine.
 +  * W5500: Hardwired TCP/IP Ethernet Controller
 +  * RJ-45 with Transformer:​ Ethernet Port
 +  * SPI: SPI Interface
 +
 +{{:​w5500_ethernet_shield_s:​pin_usages.png?​direct|Pin Assignment on Arduino}}
 +
 +  * Unordered List ItemTo use the W5500 Ethernet Shield S with other modules, you may need to change the 'Chip Select'​ (S_CS) pin to either D8 or D9
 +
 +==== Software Feature ====
 +
 +  * W5500 Ethernet Shield S supports SSL/TLS 1.2
 +  * The following table is a list of the support SSL features:
 +
 +^ Category ^ Description ^ Comment ^
 +|Cipher Suit\\ ​ - Public Key Algorithm ​ |  RSA\\ ECC  |TLS_RSA_WITH_AES_128_CBC_SHA\\ TLS_RSA_WITH_AES_256_CBC_SHA\\ TLS_RSA_WITH_AES_128_CBC_SHA256\\ TLS_RSA_WITH_AES_256_CBC_SHA256\\ TLS_RSA_WITH_AES_128_GCM_SHA256\\ TLS_RSA_WITH_AES_128_CCM_8\\ TLS_RSA_WITH_AES_256_CCM_8\\ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA\\ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA\\ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA\\ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA\\ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256\\ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256\\ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\\ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\\ TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8\\ TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8|
 +|Cipher Suit\\ - Block/​Stream Ciphers ​ |  AES\\ CCM\\ GCM\\ CBC\\ CTR\\ ECB  |:::|
 +|Cipher Suit\\ - Hash Functions ​ |  SHA1\\ SHA256 ​ |:::|
 +|Side of Connection ​ |  Client only  | |
 +|Client Authentication ​ |  APIs support ​ |CA certificate load, Certificate/​Private Key load|
 +
 +
 +----
 +
 +===== Technical Reference =====
 +
 +==== Block Diagram ====
 +
 +{{:​w5500_ethernet_shield_s:​block_diagram.png?​direct|W5500 Ethernet Shield S Block Diagram}}
 +
 +
 +==== Schematic ====
 +
 +
 +{{:​w5500_ethernet_shield_s:​schematic_1_.png?​direct|W5500 Ethernet Shield S Schematic (1)}}
 +{{:​w5500_ethernet_shield_s:​schematic_2_.png?​direct|W5500 Ethernet Shield S Schematic (2)}}
 +{{:​w5500_ethernet_shield_s:​schematic_3_.png?​direct|W5500 Ethernet Shield S Schematic (3)}}
 +{{:​w5500_ethernet_shield_s:​schematic_4_.png?​direct|W5500 Ethernet Shield S Schematic (4)}}
 +==== Dimension ====
 +
 +{{:​w5500_ethernet_shield_s:​top_side.png|W5500 Ethernet Shield S Dimension(Top Side)}}
 +{{:​w5500_ethernet_shield_s:​bottom_side.png|W5500 Ethernet Shield S Dimension(Bottom Side)}}
 +----
 +===== Getting Started =====
 +
 +==== Using WIZ ethernet Library for Arduino Uno ====
 +
 +{{:​w5500_ethernet_shield_s:​ssl_library_diagram.png?​direct|}}
 +
 +^  Class       ​^ ​ Description ​ ^
 +|Ethernet Class|Wiz Ethernet library which provides internet connectivity for Arduino boards.\\ \\ For more information on the WIZ Ethernet Library go to:\\ https://​github.com/​Wiznet/​WIZ_Ethernet_Library \\ For the API Guide go to: \\ https://​www.arduino.cc/​en/​Reference/​Ethernet|
 +|SSL Class|Added Class to the Wiz Ethernet library to support SSL in the Arduino|
 +
 +
 +===Description of SSL class===
 +
 +The SSL Class performs the following functions:
 +  * SSL initialize
 +  * Connect to the server
 +  * Send/​receive data. 
 +
 +Notes: eWBM SSL Class only provides SSL Client operation. SSL Server capability is not supported.
 +
 +===SSL CLASS API REFERENCE===
 +
 +^Open()^^
 +|Description|Open of SSL Socket|
 +|Syntax|SSLClient.Open()|
 +|Parameters|None|
 +|Returns|If successful the call will return SSL_SUCCESS|
 +
 +^Close()^^
 +|Description|Close of SSL Socket|
 +|Syntax|SSLClient.Close()|
 +|Parameters|None|
 +|Returns|If successful the call will return SSL_SUCCESS|
 +
 +^Connect()^^
 +|Description|This function is called on the client side and initiates an SSL/TLS handshake with a server|
 +|Syntax|SSLClient.Connect(ip,​ port)\\ SSLClient.Connect(hostname,​ port)|
 +|Parameters|Ip:​ connecting to domain ip address\\ hostname: connecting to hostname (ex: www.google.com)\\ port: SSL port|
 +|Returns|If successful the call will return SSL_SUCCESS|
 +
 +^WriteData()^^
 +|Description|This function writes sz bytes from the buffer, data, to the SSL connection, ssl|
 +|Syntax|SSLClient.WriteData()|
 +|Parameters|buf:​ data buffer which will be sent to peer\\ size: size, in bytes, of data to send to the peer\\ IsPMEM: the generating data to the Flash (Program) instead of SRAM memory|
 +|Returns|If successful the call will return SSL_SUCCESS|
 +
 +^ReadData()^^
 +|Description|This function reads sz bytes from the SSL session (ssl) internal read buffer into the buffer data. The bytes read are removed from the internal receive buffer.|
 +|Syntax|SSLClient.ReadData()|
 +|Parameters|buf:​ data buffer which will be read to peer\\ size: number of bytes to read into data.\\ readsz: getting read size|
 +|Returns|If successful the call will return SSL_SUCCESS|
 +
 +^SetPeerVerify()^^
 +|Description|This function sets the verification method for remote peers and also allows a verify callback to be registered with the SSL session. The verify callback will be called only when a verification failure has occurred. If no verify callback is desired, the NULL pointer can be used for verify_callback|
 +|Syntax|SSLClient.SetPeerVerify()|
 +|Parameters|verify:​ enable verify|
 +|Returns|If successful the call will return SSL_SUCCESS|
 +
 +^SetRootCA()^^
 +|Description|This function sets a CA certificate buffer into the SSL. It behaves like the non buffered version, only differing in its ability to be called with a buffer as input instead of a file.|
 +|Syntax|SSLClient.SetRootCA()|
 +|Parameters|buf:​ the CA certificate buffer\\ len: size of the input CA certificate buffer\\ IsPMEM: the generating data to the Flash (Program) instead of SRAM memory|
 +|Returns|If successful the call will return SSL_SUCCESS|
 +
 +^GetVersion()^^
 +|Description|This function gets the SSL/TLS protocol version for the specified SSL session ​ using the version as specified by version.|
 +|Syntax|SSLClient.GetVersion()|
 +|Parameters|buf:​ the version information buffer\\ len: length of buf|
 +|Returns|If successful the call will return SSL_SUCCESS|
 +
 +^GetCipherName()^^
 +|Description|Retrieves the peer’s certificate cipher name|
 +|Syntax|SSLClient.GetCipherName()|
 +|Parameters|buf:​ the cipher name buffer\\ len: length of buf|
 +|Returns|If successful the call will return SSL_SUCCESS|
 +
 +^GetX509IssuerName()^^
 +|Description|Retrieves the peer’s certificate issuer name|
 +|Syntax|SSLClient.GetX509IssuerName|
 +|Parameters|buf:​ the issuer name buffer\\ len: length of buf|
 +|Returns|If successful the call will return SSL_SUCCESS|
 +
 +^GetX509SubjectName()^^
 +|Description|Retrieves the peer’s certificate subject name|
 +|Syntax|SSLClient.GetX509SubjectName|
 +|Parameters|buf:​ the subject name buffer\\ len: length of buf|
 +|Returns|If successful the call will return. SSL_SUCCESS|
 +
 +
 +^GetX509NextAltName()^^
 +|Description|Retrieves the peer’s certificate next altname|
 +|Syntax|SSLClient.GetX509NextAltName|
 +|Parameters|buf:​ the next altname buffer\\ len: length of buf|
 +|Returns|If successful the call will return SSL_SUCCESS|
 +
 +^GetX509SerialNum()^^
 +|Description|Retrieves the peer’s certificate serial number|
 +|Syntax|SSLClient.GetX509SerialNum()|
 +|Parameters|buf:​ the serial number buffer\\ len: length of buf\\ OutNumSz: getting a length of serial number|
 +|Returns|If successful the call will return SSL_SUCCESS|
 +
 +^SetDate()^^
 +|Description|This function sets a date|
 +|Syntax|SSLClient.SetDate()|
 +|Parameters|buf:​ the date buffer\\ len: length of buf|
 +|Returns|None|
 +
 +^SetTime()^^
 +|Description|This function sets a time|
 +|Syntax|SSLClient.SetTime()|
 +|Parameters|buf:​ the time buffer\\ len: length of buf|
 +|Returns|None|
 +==== Start Guide ====
 +
 +===INSTALLING THE AUDRINO SOFTWARE (IDE)===
 +
 +Download and install the Arduino Software (IDE) following the instructions on the Arduino website:​\\ ​
 +  * [[https://​www.arduino.cc/​en/​Main/​Software|Download the Arduino Software]]
 +
 +===Importing The Wiznet Ehternet Sheild S Library===
 +
 +Step 1: Download the W5500 Ethernet Shield S library (EthernetSSL.zip) from:​\\ ​
 +  * Contact eWBM support: support@e-wbm.com
 +
 +
 +
 +Step 2: Import the “EthernetSSL” library using the .ZIP file by following the instructions on the Arduino website:​\\ ​
 +  * [[https://​www.arduino.cc/​en/​Guide/​Libraries|Import The Arduino Library]]
 +> Please refer to "​Importing a .zip Library"​ section.
 +
 +
 +
 +Step 3: Select the “EthernetSSL” under the “Sketch” tab:​\\ ​
 +> “Include Library -> EthernetSSL”
 +
 +
 +
 +Step 4: After Step 3, “EthernetSSL” header files are inserted in the source code automatically by the Arduino IDE.\\ ​
 +//#include <​Dhcp.h>//​\\ ​
 +//#include <​Dns.h>//​\\ ​
 +//#include <​Ethernet.h>//​\\ ​
 +//#include <​EthernetClient.h>//​\\ ​
 +//#include <​EthernetServer.h>//​\\ ​
 +//#include <​EthernetUdp.h>//​\\ ​
 +//#include <​SSL.h>//​\\ ​
 +//#include <​Twitter.h>//​\\ ​
 +//#include <​util.h>//​\\ ​
 +
 +
 +
 +Step 5:​ EthernetSSL library is now ready to be used within the Arduino IDE. The zip file will have been expanded in the libraries folder in the Arduino sketches directory.\\ ​
 +> (Default: C:​\Users\//<​User Name>//​\Documents\Arduino\libraries\EthernetSSL)
 +
 +
 +====Starting the Wiznet Ethernet Sheild S SSL Example====
 +
 +Step 1: Open the Arduino IDE\\ 
 +Step 2: Select the SSL Gmail Test under the “File” tab:​\\ ​
 +“Example -> Ethernet -> SSLGmailTest”\\ ​
 +
 +{{:​w5500_ethernet_sheild_s:​example1.png?​direct|}}
 +
 +Step 3: Select the board type and connected COM port under the “Tools” tab:​\\ ​
 +“board -> Arduino Uno”\\ ​
 +“port -> COMx”\\ ​
 +
 +{{:​w5500_ethernet_shield_s:​example2.png?​direct|}}
 + 
 +Step 4: Click “Verify” to check for code errors.\\ ​
 +
 +{{:​w5500_ethernet_sheild_s:​example3.png?​direct|}}
 +
 +Step 5: Click “Upload” to load the example into the Arduino board\\ ​
 +
 +{{:​w5500_ethernet_sheild_s:​example4.png?​direct|}}
 +
 +Step 6: Start the “Serial Monitor” when “Upload” is complete.\\ ​
 +
 +{{:​w5500_ethernet_sheild_s:​example5.png?​direct|}}
 +
 +Step 7: Review the results of the SSL Gmail Test.\\ ​
 +
 +{{:​w5500_ethernet_sheild_s:​example6.png?​direct|}}
 +
 +<​code>​
 +Description:​
 +1) Initializes DHCP and the Network Configuration (Allocates an IP address)
 +2) Enter the date and time.
 +3) Receives the Gmail IP address via DNS SERVER
 +4) Connects to the Gmail server
 +5) Receives peer information (issuer/​subject/​altname/​serial number)
 +6) Sends data to the SSL connection.
 +7) Receives data from the server (SSL Version/​Cipher Suite/​Content type/​Content -Length)
 +</​code>​
 +====== MS1000 ======
 +----
 +<​markdown>​
 +32 bit Microcontroller with Embedded Security Engine for loT
 +Complete Root of Trust, Dedicated Crypto Engine & Certification Authority
 +
 +The Ms1000 is ARM8 Cortex-M3TM based microcontroller with security engine for embedded applications featuring a high level of integration and low-power consumption. The MS1000 operates at CPU frequencies to 100 MHz. The ARM Cortex-M3 CPU a built-in Wakeup Intemupt Controller (WIC and Nested Vectored Interrupt Controller (NVIO with an integrated Tick The Ms1000 features a security engine called tRoot suite. The tRoot suite of SPAcc, TRNG. It protects the device and its data at boot time, run time and during the communication with other devices or with the cloud. The peripheral complement of the Ms1000 includes up to 192 KB of internal sRAM, 8 KB One-Time Program mable bootloader, key storage, External Memory Interface, 4 SPI interface controllers,​ 2 DMA controllers,​ 2 Advanced Timers supporting PWM, 2 General Purpose Timer, a Real-Time Clock (RTO domain consisting of the RTC and a back-up SRAM, Windowed Watchdog Timer, eMMC interface, 4 UARTs, 4 12C, and up to 80 fast general purpose With its low-power, high performance,​ diverse connectivity options, and security features, the MS1000 is ideal for lor applications such as Smart home applications,​ Smart metering, Tele-monitoring,​ and Remote Healthcare
 +
 +##Features
 +* 32-bit ARM® CortexTM-M3 CPU
 + * tRoot (Secure Hardware Root of Trust)
 + * Secure Boot
 + Primary security capability of tRoot which is used to brings up a device into a secure state and ensure that it runs only trusted firmware
 + * Secure identification and authentication
 + Ensures the integrity of various authentication protocols as well as ensure the confidentiality of shared secrets between devices
 + * Secure provisioning,​ storage, and management of keys and other secrets
 + HW protected Device Unique Key and Platform Key not accessible by SW
 + * SPAcc (Security Protocol Accelerator)
 + * Supporting for all ciphers, hashes and MAC algorithms used in major security protocols
 + MACsec, IPsec, SSL/​TLS/​DTLS,​ SRTP, WiMAX, WiFi, content protection, and 3GPP/​ITE/​LTE-A
 + * Built-in scatter/​gather DMA capability offloads system CPU
 + * Secure key port to access secrets stored in tRoot
 + * TRNG (Smart True Random Number Generator)
 + * Designed for compliance with FIPS 140 2 and FIPS 140-3 (draft)
 + * High speed operation
 + 50 Mbps at 200 MHz
 + * Shift register compatible output stream for direct access by tRoot
 + Differential Power Analysis
 + Timing Analysis
 +* Power Management
 + * PLL for high frequency clock generation
 + * Low Dropout (LDO) regulator for main/​battery supply
 + * Power-on Reset
 + * Built-in Brown-out detection (BOD) circuit for monitoring 3 supply voltage levels
 +* Peripherals
 + * External Memory Interface for Async/​Sync/​Muxed SRAM, NOR (8 bit/16-bit)
 + * Two 2-channel Direct Memory Access (DMA) controllers
 + * Two 4-channel Advanced Timers for supporting PWM
 + * 8-channel 1MSPS SAR A/D Converter (ADC)
 + * Two 2-channel General Purpose Timers
 + * Real-Time Clock operating at battery domain
 + * Windowed Watchdog Timer
 + * eMMC 4.41
 + * Four UARTs with IrDA and S protocol ENDEC
 + * Four 16-bit Serial Peripheral Interfaces (SPI)
 + * Four 12C modules
 + * Up to 80 Fast GPIO pins
 + * Internal RC Oscillator
 +* MISC Features
 + * Peripheral Coprocessor for autonomous peripheral operation
 + * Flexible pin muxing
 +* Main Supply Voltage
 + * 3.3V (3.0V-3.6V)
 +* IO Voltage
 + * 3.0V-3.6V
 +
 +##​Applications
 +* Home Entertainment
 + * Smart TVs
 + * Set-top boxes
 + * Gaming Consoles
 +* Internet of Things
 + * Smart Automotive
 + * Smart Payment
 + * Smart Grid
 + * Smart Medical
 +* ETC
 + * Home Appliances
 + * Electronic devices linked to the Internet
 +
 +</​markdown>​
securityshield.txt · Last modified: 2017/02/27 14:49 by lawrence