Network Component  Version 7.11.0
MDK Middleware for IPv4 and IPv6 Networking
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
Using Mbed TLS

Although the Network component does not offer encryption and secure communication on its own, you can use Arm's mbed TLS software component to achieve this.

secure_com_sw_stack.png

From the bottom up:

  • The Cortex-M-based microcontroller provides the processor core, storage, memory and network interface.
  • The CMSIS-RTOS compliant operating system provides standard services such as scheduling and thread-safety.
  • The Network Component provides services, sockets (TCP/IP) and the interface for network communication.
  • Building on top of the Network Component, mbed TLS provides an abstraction layer for secure communication.
  • The application code uses Mbed TLS to abstract the secure communication from itself.

Why Mbed TLS?

The Mbed TLS library is designed for ease-of-use. The library is documented and has examples so you can easily understand how to use it. In the Network Component, Mbed TLS is used under the Apache 2.0 license, enabling you to use it in both open source and closed source projects. Mbed TLS is a fully featured and standards compliant SSL library offering server and client functionality in one single package.

Difference between SSL/TLS

The TLS protocol is the successor of the SSL protocol. Just like its predecessor, the TLS protocol provides communication security for connections over possibly untrusted networks, like the Internet. The main difference between TLS and SSL is the increased standardization of the workings of the protocol. SSL itself was designed and developed by Netscape. The newer TLS standard is defined in a number of public RFCs and is extended periodically to counter possible weaknesses or add much needed functionality.

Parts of an SSL/TLS Library

In order to perform the SSL or TLS protocol, a number of supporting functionality is required. The SSL/TLS library:

  • needs to perform symmetric cryptographic operations, such as AES, to encrypt the data over the connection.
  • uses asymmetric cryptographic operations, such as RSA, for identifying and authenticating the parties of the connection.
  • uses message digest operations, such as the SHA-256 hash algorithm, to protect the integrity of the information sent over the wire.
  • needs to be able to parse, understand and use X.509 certificates.
  • has to perform network operations to send and receive the protocol packets.

All of this is hidden from most users and wrapped inside an SSL library, such as Mbed TLS, which developers can use to implement SSL or TLS in their applications.

For more information on Mbed TLS and how it works, visit the high-level design overview page.

Add the mbed TLS library to a ┬ÁVision project

The Network Examples section carries two examples for secure communication over the IP network: SSL Server and SSL Client. To use the Mbed TLS library in your own projects, follow these steps:

  1. Download the ARM:mbedTLS library from or use
  2. Open or create a project using the Network Component.
  3. Configure the Network Component as required by your application (Ethernet settings, TCP/IP communication, etc.).
  4. In the Manage Run-Time Environment window expand Security and enable Mbed TLS:
    add_mbedTLS.png
  5. Configure Mbed TLS using the mbedTLS_config.h file under Security in the Project window.
    mbedTLS_config_h.png
  6. Use the Mbed TLS API to secure your communication.
Note
You can use the Mbed TLS API in parallel to any of the secure services that are part of the Network Component.