SECURITY SHIELD

(W5500 Ethernet Shield S)

 

MSW5500 EVB Rev1.0

이 제품에 대하여 기술적 문의 사항이 있으시면 기술문의 게시판에 질문을 올려주십시요.
[더 많은 정보]

Overview

W5500 ETHERNET SHIELD S

The “W5500 Ethernet Shield S” is a security enhanced version of the “W5500 Ethernet Shield” which has been redesigned to include SSL (Secure Sockets Layer) connectivity.

More information on the “W5500 Ethernet Shield” can be found here:

The “W5500 Ethernet Shield S” contains both the W5500 Hardwired TCP/IP chip for network connectivity and the MS1000 Secure MCU from eWBM for the security features required to make a secure connection. The MS1000’s strong security and high speed HW based crypto functions ensure that all data transferred between the server and a client is protected.

MSW5500 block diagram

This “W5500 Ethernet Shield S” is Arduino pin-compatible.

Available Board list

  • Arduino Board (e.g. the Uno, Mega etc…)

Features

Hardware Features

  • Supports 3.3V
  • ARM® Cortex-M3™ MCU with HW Crypto engine (MS1000)
  • High Speed Ethernet controller (W5500)
  • 10/100 Ethernet PHY embedded.
  • Hardwired TCP/IP Protocols: TCP, UDP, ICMP, IPv4, ARP, IGMP, PPPoE.
  • Supports SPI, I2C, UART interface

Pin Assignment on Arduino

Hardware Configuration

  • MS1000: ARM® Cortex-M3™ based microcontroller with HW crypto engine
  • W5500: Hardwired TCP/IP Ethernet Controller
  • RJ-45 with Transformer: Ethernet Port
  • SPI: SPI Interface

Pin Assignment on Arduino

  • Unordered List ItemTo use the W5500 Ethernet Shield S with other modules, you may need to change the ‘Chip Select’ (S_CS) pin to either D8 or D9

Software Feature

  • W5500 Ethernet Shield S supports SSL/TLS 1.2
  • The following table is a list of the support SSL features:
Category Description Comment
Cipher Suit
– Public Key Algorithm		 RSA
ECC		 TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_CCM_8
TLS_RSA_WITH_AES_256_CCM_8
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
Cipher Suit
– Block/Stream Ciphers		 AES
CCM
GCM
CBC
CTR
ECB
Cipher Suit
– Hash Functions		 SHA1
SHA256
Side of Connection Client only
Client Authentication APIs support CA certificate load, Certificate/Private Key load

Technical Reference

Block Diagram

W5500 Ethernet Shield S Block Diagram

Schematic

W5500 Ethernet Shield S Schematic (1)W5500 Ethernet Shield S Schematic (2)W5500 Ethernet Shield S Schematic (3)W5500 Ethernet Shield S Schematic (4)

Dimension

W5500 Ethernet Shield S Dimension(Top Side)W5500 Ethernet Shield S Dimension(Bottom Side)

Getting Started

Using WIZ ethernet Library for Arduino Uno

Class Description
Ethernet Class Wiz Ethernet library which provides internet connectivity for Arduino boards.

For more information on the WIZ Ethernet Library go to:
https://github.com/Wiznet/WIZ_Ethernet_Library
For the API Guide go to:
https://www.arduino.cc/en/Reference/Ethernet
SSL Class Added Class to the Wiz Ethernet library to support SSL in the Arduino

Description of SSL class

The SSL Class performs the following functions:

  • SSL initialize
  • Connect to the server
  • Send/receive data.

Notes: eWBM SSL Class only provides SSL Client operation. SSL Server capability is not supported.

SSL CLASS API REFERENCE

Open()
Description Open of SSL Socket
Syntax SSLClient.Open()
Parameters None
Returns If successful the call will return SSL_SUCCESS
Close()
Description Close of SSL Socket
Syntax SSLClient.Close()
Parameters None
Returns If successful the call will return SSL_SUCCESS
Connect()
Description This function is called on the client side and initiates an SSL/TLS handshake with a server
Syntax SSLClient.Connect(ip, port)
SSLClient.Connect(hostname, port)
Parameters Ip: connecting to domain ip address
hostname: connecting to hostname (ex: www.google.com)
port: SSL port
Returns If successful the call will return SSL_SUCCESS
WriteData()
Description This function writes sz bytes from the buffer, data, to the SSL connection, ssl
Syntax SSLClient.WriteData()
Parameters buf: data buffer which will be sent to peer
size: size, in bytes, of data to send to the peer
IsPMEM: the generating data to the Flash (Program) instead of SRAM memory
Returns If successful the call will return SSL_SUCCESS
ReadData()
Description This function reads sz bytes from the SSL session (ssl) internal read buffer into the buffer data. The bytes read are removed from the internal receive buffer.
Syntax SSLClient.ReadData()
Parameters buf: data buffer which will be read to peer
size: number of bytes to read into data.
readsz: getting read size
Returns If successful the call will return SSL_SUCCESS
SetPeerVerify()
Description This function sets the verification method for remote peers and also allows a verify callback to be registered with the SSL session. The verify callback will be called only when a verification failure has occurred. If no verify callback is desired, the NULL pointer can be used for verify_callback
Syntax SSLClient.SetPeerVerify()
Parameters verify: enable verify
Returns If successful the call will return SSL_SUCCESS
SetRootCA()
Description This function sets a CA certificate buffer into the SSL. It behaves like the non buffered version, only differing in its ability to be called with a buffer as input instead of a file.
Syntax SSLClient.SetRootCA()
Parameters buf: the CA certificate buffer
len: size of the input CA certificate buffer
IsPMEM: the generating data to the Flash (Program) instead of SRAM memory
Returns If successful the call will return SSL_SUCCESS
GetVersion()
Description This function gets the SSL/TLS protocol version for the specified SSL session using the version as specified by version.
Syntax SSLClient.GetVersion()
Parameters buf: the version information buffer
len: length of buf
Returns If successful the call will return SSL_SUCCESS
GetCipherName()
Description Retrieves the peer’s certificate cipher name
Syntax SSLClient.GetCipherName()
Parameters buf: the cipher name buffer
len: length of buf
Returns If successful the call will return SSL_SUCCESS
GetX509IssuerName()
Description Retrieves the peer’s certificate issuer name
Syntax SSLClient.GetX509IssuerName
Parameters buf: the issuer name buffer
len: length of buf
Returns If successful the call will return SSL_SUCCESS
GetX509SubjectName()
Description Retrieves the peer’s certificate subject name
Syntax SSLClient.GetX509SubjectName
Parameters buf: the subject name buffer
len: length of buf
Returns If successful the call will return. SSL_SUCCESS
GetX509NextAltName()
Description Retrieves the peer’s certificate next altname
Syntax SSLClient.GetX509NextAltName
Parameters buf: the next altname buffer
len: length of buf
Returns If successful the call will return SSL_SUCCESS
GetX509SerialNum()
Description Retrieves the peer’s certificate serial number
Syntax SSLClient.GetX509SerialNum()
Parameters buf: the serial number buffer
len: length of buf
OutNumSz: getting a length of serial number
Returns If successful the call will return SSL_SUCCESS
SetDate()
Description This function sets a date
Syntax SSLClient.SetDate()
Parameters buf: the date buffer
len: length of buf
Returns None
SetTime()
Description This function sets a time
Syntax SSLClient.SetTime()
Parameters buf: the time buffer
len: length of buf
Returns None

Start Guide

INSTALLING THE AUDRINO SOFTWARE (IDE)

Download and install the Arduino Software (IDE) following the instructions on the Arduino website:

Importing The Wiznet Ehternet Sheild S Library

Step 1: Download the W5500 Ethernet Shield S library (EthernetSSL.zip) from:

  • Contact eWBM support: support@e-wbm.com

Step 2: Import the “EthernetSSL” library using the .ZIP file by following the instructions on the Arduino website:

> Please refer to “Importing a .zip Library” section.

Step 3: Select the “EthernetSSL” under the “Sketch” tab:

“Include Library → EthernetSSL”

Step 4: After Step 3, “EthernetSSL” header files are inserted in the source code automatically by the Arduino IDE.
#include <Dhcp.h>
#include <Dns.h>
#include <Ethernet.h>
#include <EthernetClient.h>
#include <EthernetServer.h>
#include <EthernetUdp.h>
#include <SSL.h>
#include <Twitter.h>
#include <util.h>

Step 5: EthernetSSL library is now ready to be used within the Arduino IDE. The zip file will have been expanded in the libraries folder in the Arduino sketches directory.

(Default: C:\Users\<User Name>\Documents\Arduino\libraries\EthernetSSL)

Starting the Wiznet Ethernet Sheild S SSL Example

Step 1: Open the Arduino IDE
Step 2: Select the SSL Gmail Test under the “File” tab:
“Example → Ethernet → SSLGmailTest”

Step 3: Select the board type and connected COM port under the “Tools” tab:
“board → Arduino Uno”
“port → COMx”

Step 4: Click “Verify” to check for code errors.

Step 5: Click “Upload” to load the example into the Arduino board

Step 6: Start the “Serial Monitor” when “Upload” is complete.

Step 7: Review the results of the SSL Gmail Test.

Description:
1)	Initializes DHCP and the Network Configuration (Allocates an IP address)
2)	Enter the date and time.
3)	Receives the Gmail IP address via DNS SERVER
4)	Connects to the Gmail server
5)	Receives peer information (issuer/subject/altname/serial number)
6)	Sends data to the SSL connection.
7)	Receives data from the server (SSL Version/Cipher Suite/Content type/Content -Length)

MS1000

32 bit Microcontroller with Embedded Security Engine for loT Complete Root of Trust, Dedicated Crypto Engine & Certification Authority

The Ms1000 is ARM8 Cortex-M3TM based microcontroller with security engine for embedded applications featuring a high level of integration and low-power consumption. The MS1000 operates at CPU frequencies to 100 MHz. The ARM Cortex-M3 CPU a built-in Wakeup Intemupt Controller (WIC and Nested Vectored Interrupt Controller (NVIO with an integrated Tick The Ms1000 features a security engine called tRoot suite. The tRoot suite of SPAcc, TRNG. It protects the device and its data at boot time, run time and during the communication with other devices or with the cloud. The peripheral complement of the Ms1000 includes up to 192 KB of internal sRAM, 8 KB One-Time Program mable bootloader, key storage, External Memory Interface, 4 SPI interface controllers, 2 DMA controllers, 2 Advanced Timers supporting PWM, 2 General Purpose Timer, a Real-Time Clock (RTO domain consisting of the RTC and a back-up SRAM, Windowed Watchdog Timer, eMMC interface, 4 UARTs, 4 12C, and up to 80 fast general purpose With its low-power, high performance, diverse connectivity options, and security features, the MS1000 is ideal for lor applications such as Smart home applications, Smart metering, Tele-monitoring, and Remote Healthcare

Features

  • 32-bit ARM® CortexTM-M3 CPU
    • tRoot (Secure Hardware Root of Trust)
      • Secure Boot Primary security capability of tRoot which is used to brings up a device into a secure state and ensure that it runs only trusted firmware
      • Secure identification and authentication Ensures the integrity of various authentication protocols as well as ensure the confidentiality of shared secrets between devices
      • Secure provisioning, storage, and management of keys and other secrets HW protected Device Unique Key and Platform Key not accessible by SW
    • SPAcc (Security Protocol Accelerator)
      • Supporting for all ciphers, hashes and MAC algorithms used in major security protocols MACsec, IPsec, SSL/TLS/DTLS, SRTP, WiMAX, WiFi, content protection, and 3GPP/ITE/LTE-A
      • Built-in scatter/gather DMA capability offloads system CPU
      • Secure key port to access secrets stored in tRoot
    • TRNG (Smart True Random Number Generator)
      • Designed for compliance with FIPS 140 2 and FIPS 140-3 (draft)
      • High speed operation 50 Mbps at 200 MHz
      • Shift register compatible output stream for direct access by tRoot Differential Power Analysis Timing Analysis
  • Power Management
    • PLL for high frequency clock generation
    • Low Dropout (LDO) regulator for main/battery supply
    • Power-on Reset
    • Built-in Brown-out detection (BOD) circuit for monitoring 3 supply voltage levels
  • Peripherals
    • External Memory Interface for Async/Sync/Muxed SRAM, NOR (8 bit/16-bit)
    • Two 2-channel Direct Memory Access (DMA) controllers
    • Two 4-channel Advanced Timers for supporting PWM
    • 8-channel 1MSPS SAR A/D Converter (ADC)
    • Two 2-channel General Purpose Timers
    • Real-Time Clock operating at battery domain
    • Windowed Watchdog Timer
    • eMMC 4.41
    • Four UARTs with IrDA and S protocol ENDEC
    • Four 16-bit Serial Peripheral Interfaces (SPI)
    • Four 12C modules
    • Up to 80 Fast GPIO pins
    • Internal RC Oscillator
  • MISC Features
    • Peripheral Coprocessor for autonomous peripheral operation
    • Flexible pin muxing
  • Main Supply Voltage
    • 3.3V (3.0V-3.6V)
  • IO Voltage
    • 3.0V-3.6V

Applications

  • Home Entertainment
    • Smart TVs
    • Set-top boxes
    • Gaming Consoles
  • Internet of Things
    • Smart Automotive
    • Smart Payment
    • Smart Grid
    • Smart Medical
  • ETC
    • Home Appliances
    • Electronic devices linked to the Internet