Enterprise level security < 50 KB

Compact Embedded SSL/TLS stack

Low memory footprint

MatrixSSL stack is a modular source code SDK ideally suited for IoT usage due to its low memory footprint (<50KB, even down to 10kB for MatrixSSL Tiny) and efficient RAM utilization (4KB per connection, even less than 1kB for MatrixSSL Tiny). It even runs on platforms without filesystem, memory allocation or multi-threading.

Fully Compatible

With larger implementations and the SSL/TLS RFCs. All web browsers and servers can communicate securely with MatrixSSL.

High performance

Due to its compact design, MatrixSSL is more memory and CPU e­fficient than competing solutions, including those based on OpenSSL. With true multi-threading, zero-copy processing and an asynchronous API for hardware integration, MatrixSSL is ideal for securing cloud access.

Features

  • TLS 1.0, 1.1 and 1.2 server and client support (SSL 3.0 optional)
  • DTLS 1.0 and 1.2 server and client support
  • Included crypto library - RSA, ECC (including Brainpool curves), AES, 3DES, ARC4, SHA1, SHA256, MD5, ChaCha20-Poly1305
  • Session re-keying and cipher renegotiation
  • Session resumption/caching, Stateless Session Tickets
  • Extensions: Server Name Indication, max fragment length, trusted CA keys, truncated HMAC, Status Request (OCSP)
  • RFC7301 Application Protocol Negotiation
  • Server and client X.509 certificate chain authentication
  • Parsing of X.509 .pem and ASN.1 DER certificate formats
  • PKCS#1.5, PKCS#5, PKCS#8 and PKCS#12 key formatting
  • RSASSA-PSS Signature Algorithm support
  • Online Certificate Status Protocol (OCSP)
  • Certificate Revocation List (CRL)
  • CMS and PKCS#10 support
  • SSH command line support (commercial option)
  • FIPS140-2 validated SafeZone crypto (commercial option)
  • OpenSSL APIs wrapper to ease transition from OpenSSL

Implementation

  • < 50KB total footprint with crypto provider and certificates
  • < 10KB total footprint with PSK only (Tiny version)
  • Assembly language optimizations for Intel, ARM and MIPS
  • Support for asyncronous crypto hardware
  • Fully cross platform, portable codebase; minimum use of system calls
  • Pluggable cipher suite interface
  • Pluggable crypto provider interface
  • Pluggable operating system and malloc interface
  • TCP/IP optional
  • Multithreading optional
  • Only a handful of external APIs, all non-blocking
  • Example client and server code included
  • Clean, heavily commented code in portable C

Product Family

MatrixSSL FIPS

MatrixSSL integrated with SafeZone FIPS software SDK that provides an IoT security framework of FIPS140-2 certified crypto (Certificate #2389) as well as non-FIPS algorithms. That solution is ideal for IoT devices looking at an embedded security solution compliant with NIST security standards.

MatrixSSL Accelerator

High performance on TILE-Gx, CAVIUM Octeon or Intel QuickAssist hardware crypto. Full support for asynchronous crypto and single-pass hardware record processing. Compatible with INSIDE Secure Packet Engine hardware IP

MatrixSSL Tiny

The world smallest TLS implementation that requires 600 bytes of RAM and 10kB of flash. Ideal for 8-bit and 16 bit microprocessors.

MatrixSSH

An SSH server source code toolkit suitable for RTOS environments. Extends traditional insecure command line terminal environments over serial or telnet to the secure SSH standard.

MatrixCMS

A source code toolkit of the Cryptographic Messaging Syntax (RFC 5652) supporting streams based parsing. CMS is the standard to use for packaging signed/encrypted firmware updates or provisioning files in the Smart Meter environment.

MatrixSSL Interceptor

This passive mode TLS implementation monitors SSL/TLS in real time without modifying traffic. It is ideal for TLS visibility solutions requiring high performance as it only decrypt the traffic (no re-encrypting).

About

MatrixSSL™ is an embedded SSL and TLS implementation designed for small footprint applications and devices.

Links

Company

Copyright (c) INSIDE Secure Corp., 2002-2016. All Rights Reserved.