SPRADB2 august   2023 AM2431 , AM2432 , AM2434 , AM2631 , AM2631-Q1 , AM2632 , AM2632-Q1 , AM2634 , AM2634-Q1 , AM263P4 , AM2732 , AM2732-Q1 , AM6411 , AM6412 , AM6421 , AM6422 , AM6441 , AM6442

 

  1.   1
  2.   Abstract
  3.   Trademarks
  4. 1Introduction
    1. 1.1 Acronyms Used in This Document
  5. 2MbedTLS
    1. 2.1 What is MbedTLS?
    2. 2.2 Why MbedTLS?
    3. 2.3 Application of MbedTLS
  6. 3MbedTLS Over Lwip
    1. 3.1 TLS Server Example (HTTPS Server)
    2. 3.2 TLS Client Example (MQTT Client)

Abstract

TI Sitara™ MCU devices have a strong networking stack and hardware IP support that is already being utilized widely in the industry. Connectivity with external world is a risky proposition if there is no promised security in the network. While the networking capabilities and hardware IPs are gracefully evolving, becoming more efficient and optimized, the security aspect cannot be overlooked. Lack of security can lead to improper functioning of the system or even make the environment prone to Cyber-attacks, for example, MITM, eavesdropping, tampering, or message forgery. This gap can be bridged by having Transport Layer Security (TLS). TLS is a cryptographic protocol that provides secure communication over the internet majorly through encrypting the data that is communicated. TLS ensures that a secure communication channel can be established between two or more entities in the network.

TLS protocol can be divided into two parts:

  • Handshake Layer: This layer is responsible for performing a TLS handshake, changing the cipher spec after the entities have been verified and handshake has been completed.
  • Record Layer: This layer is responsible for fragmentation, compression, Authentication, Encryption of data that is to be transferred.

This document introduces integration of MbedTLS applicable to Sitara MCU devices over the existing LwIP TCP/IP networking stack, adding security at the Transport layer (L4 of the OSI model). Transport layer provides a secure end-to-end communication channel. As a result, all the data passing through the network after Transport Layer (layer 4) can be securely transferred. The MbedTLS project was ported over as an independent library to TI architecture, measure the performance, and ways of optimizing the cryptographic operations via hardware acceleration. The use of MbedTLS in network security examples is also discussed.

The code and examples discussed in this document can be found in TI MCU_PLUS_SDK v09.00 or later for AM243x, AM263x, AM273x, AM64x devices.