SECURITY SHIELD
(W5500 Ethernet Shield S)
Overview
W5500 ETHERNET SHIELD S
The “W5500 Ethernet Shield S” is a security enhanced version of the “W5500 Ethernet Shield” which has been redesigned to include SSL (Secure Sockets Layer) connectivity.
More information on the “W5500 Ethernet Shield” can be found here:
The “W5500 Ethernet Shield S” contains both the W5500 Hardwired TCP/IP chip for network connectivity and the MS1000 Secure MCU from eWBM for the security features required to make a secure connection. The MS1000’s strong security and high speed HW based crypto functions ensure that all data transferred between the server and a client is protected.
This “W5500 Ethernet Shield S” is Arduino pin-compatible.
Available Board list
- Arduino Board (e.g. the Uno, Mega etc…)
Features
Hardware Features
- Supports 3.3V
- ARM® Cortex-M3™ MCU with HW Crypto engine (MS1000)
- High Speed Ethernet controller (W5500)
- 10/100 Ethernet PHY embedded.
- Hardwired TCP/IP Protocols: TCP, UDP, ICMP, IPv4, ARP, IGMP, PPPoE.
- Supports SPI, I2C, UART interface
Hardware Configuration
- MS1000: ARM® Cortex-M3™ based microcontroller with HW crypto engine
- W5500: Hardwired TCP/IP Ethernet Controller
- RJ-45 with Transformer: Ethernet Port
- SPI: SPI Interface
- Unordered List ItemTo use the W5500 Ethernet Shield S with other modules, you may need to change the ‘Chip Select’ (S_CS) pin to either D8 or D9
Software Feature
- W5500 Ethernet Shield S supports SSL/TLS 1.2
- The following table is a list of the support SSL features:
Category | Description | Comment |
---|---|---|
Cipher Suit – Public Key Algorithm |
RSA ECC |
TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_128_CCM_8 TLS_RSA_WITH_AES_256_CCM_8 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 |
Cipher Suit – Block/Stream Ciphers |
AES CCM GCM CBC CTR ECB |
|
Cipher Suit – Hash Functions |
SHA1 SHA256 |
|
Side of Connection | Client only | |
Client Authentication | APIs support | CA certificate load, Certificate/Private Key load |
Technical Reference
Block Diagram
Schematic
Dimension
Getting Started
Using WIZ ethernet Library for Arduino Uno
Class | Description |
---|---|
Ethernet Class | Wiz Ethernet library which provides internet connectivity for Arduino boards.
For more information on the WIZ Ethernet Library go to: |
SSL Class | Added Class to the Wiz Ethernet library to support SSL in the Arduino |
Description of SSL class
The SSL Class performs the following functions:
- SSL initialize
- Connect to the server
- Send/receive data.
Notes: eWBM SSL Class only provides SSL Client operation. SSL Server capability is not supported.
SSL CLASS API REFERENCE
Open() | |
---|---|
Description | Open of SSL Socket |
Syntax | SSLClient.Open() |
Parameters | None |
Returns | If successful the call will return SSL_SUCCESS |
Close() | |
---|---|
Description | Close of SSL Socket |
Syntax | SSLClient.Close() |
Parameters | None |
Returns | If successful the call will return SSL_SUCCESS |
Connect() | |
---|---|
Description | This function is called on the client side and initiates an SSL/TLS handshake with a server |
Syntax | SSLClient.Connect(ip, port) SSLClient.Connect(hostname, port) |
Parameters | Ip: connecting to domain ip address hostname: connecting to hostname (ex: www.google.com) port: SSL port |
Returns | If successful the call will return SSL_SUCCESS |
WriteData() | |
---|---|
Description | This function writes sz bytes from the buffer, data, to the SSL connection, ssl |
Syntax | SSLClient.WriteData() |
Parameters | buf: data buffer which will be sent to peer size: size, in bytes, of data to send to the peer IsPMEM: the generating data to the Flash (Program) instead of SRAM memory |
Returns | If successful the call will return SSL_SUCCESS |
ReadData() | |
---|---|
Description | This function reads sz bytes from the SSL session (ssl) internal read buffer into the buffer data. The bytes read are removed from the internal receive buffer. |
Syntax | SSLClient.ReadData() |
Parameters | buf: data buffer which will be read to peer size: number of bytes to read into data. readsz: getting read size |
Returns | If successful the call will return SSL_SUCCESS |
SetPeerVerify() | |
---|---|
Description | This function sets the verification method for remote peers and also allows a verify callback to be registered with the SSL session. The verify callback will be called only when a verification failure has occurred. If no verify callback is desired, the NULL pointer can be used for verify_callback |
Syntax | SSLClient.SetPeerVerify() |
Parameters | verify: enable verify |
Returns | If successful the call will return SSL_SUCCESS |
SetRootCA() | |
---|---|
Description | This function sets a CA certificate buffer into the SSL. It behaves like the non buffered version, only differing in its ability to be called with a buffer as input instead of a file. |
Syntax | SSLClient.SetRootCA() |
Parameters | buf: the CA certificate buffer len: size of the input CA certificate buffer IsPMEM: the generating data to the Flash (Program) instead of SRAM memory |
Returns | If successful the call will return SSL_SUCCESS |
GetVersion() | |
---|---|
Description | This function gets the SSL/TLS protocol version for the specified SSL session using the version as specified by version. |
Syntax | SSLClient.GetVersion() |
Parameters | buf: the version information buffer len: length of buf |
Returns | If successful the call will return SSL_SUCCESS |
GetCipherName() | |
---|---|
Description | Retrieves the peer’s certificate cipher name |
Syntax | SSLClient.GetCipherName() |
Parameters | buf: the cipher name buffer len: length of buf |
Returns | If successful the call will return SSL_SUCCESS |
GetX509IssuerName() | |
---|---|
Description | Retrieves the peer’s certificate issuer name |
Syntax | SSLClient.GetX509IssuerName |
Parameters | buf: the issuer name buffer len: length of buf |
Returns | If successful the call will return SSL_SUCCESS |
GetX509SubjectName() | |
---|---|
Description | Retrieves the peer’s certificate subject name |
Syntax | SSLClient.GetX509SubjectName |
Parameters | buf: the subject name buffer len: length of buf |
Returns | If successful the call will return. SSL_SUCCESS |
GetX509NextAltName() | |
---|---|
Description | Retrieves the peer’s certificate next altname |
Syntax | SSLClient.GetX509NextAltName |
Parameters | buf: the next altname buffer len: length of buf |
Returns | If successful the call will return SSL_SUCCESS |
GetX509SerialNum() | |
---|---|
Description | Retrieves the peer’s certificate serial number |
Syntax | SSLClient.GetX509SerialNum() |
Parameters | buf: the serial number buffer len: length of buf OutNumSz: getting a length of serial number |
Returns | If successful the call will return SSL_SUCCESS |
SetDate() | |
---|---|
Description | This function sets a date |
Syntax | SSLClient.SetDate() |
Parameters | buf: the date buffer len: length of buf |
Returns | None |
SetTime() | |
---|---|
Description | This function sets a time |
Syntax | SSLClient.SetTime() |
Parameters | buf: the time buffer len: length of buf |
Returns | None |
Start Guide
INSTALLING THE AUDRINO SOFTWARE (IDE)
Download and install the Arduino Software (IDE) following the instructions on the Arduino website:
Importing The Wiznet Ehternet Sheild S Library
Step 1: Download the W5500 Ethernet Shield S library (EthernetSSL.zip) from:
- Contact eWBM support: support@e-wbm.com
Step 2: Import the “EthernetSSL” library using the .ZIP file by following the instructions on the Arduino website:
> Please refer to “Importing a .zip Library” section.
Step 3: Select the “EthernetSSL” under the “Sketch” tab:
“Include Library → EthernetSSL”
Step 4: After Step 3, “EthernetSSL” header files are inserted in the source code automatically by the Arduino IDE.
#include <Dhcp.h>
#include <Dns.h>
#include <Ethernet.h>
#include <EthernetClient.h>
#include <EthernetServer.h>
#include <EthernetUdp.h>
#include <SSL.h>
#include <Twitter.h>
#include <util.h>
Step 5: EthernetSSL library is now ready to be used within the Arduino IDE. The zip file will have been expanded in the libraries folder in the Arduino sketches directory.
(Default: C:\Users\<User Name>\Documents\Arduino\libraries\EthernetSSL)
Starting the Wiznet Ethernet Sheild S SSL Example
Step 1: Open the Arduino IDE
Step 2: Select the SSL Gmail Test under the “File” tab:
“Example → Ethernet → SSLGmailTest”
Step 3: Select the board type and connected COM port under the “Tools” tab:
“board → Arduino Uno”
“port → COMx”
Step 4: Click “Verify” to check for code errors.
Step 5: Click “Upload” to load the example into the Arduino board
Step 6: Start the “Serial Monitor” when “Upload” is complete.
Step 7: Review the results of the SSL Gmail Test.
Description: 1) Initializes DHCP and the Network Configuration (Allocates an IP address) 2) Enter the date and time. 3) Receives the Gmail IP address via DNS SERVER 4) Connects to the Gmail server 5) Receives peer information (issuer/subject/altname/serial number) 6) Sends data to the SSL connection. 7) Receives data from the server (SSL Version/Cipher Suite/Content type/Content -Length)
MS1000
32 bit Microcontroller with Embedded Security Engine for loT Complete Root of Trust, Dedicated Crypto Engine & Certification Authority
The Ms1000 is ARM8 Cortex-M3TM based microcontroller with security engine for embedded applications featuring a high level of integration and low-power consumption. The MS1000 operates at CPU frequencies to 100 MHz. The ARM Cortex-M3 CPU a built-in Wakeup Intemupt Controller (WIC and Nested Vectored Interrupt Controller (NVIO with an integrated Tick The Ms1000 features a security engine called tRoot suite. The tRoot suite of SPAcc, TRNG. It protects the device and its data at boot time, run time and during the communication with other devices or with the cloud. The peripheral complement of the Ms1000 includes up to 192 KB of internal sRAM, 8 KB One-Time Program mable bootloader, key storage, External Memory Interface, 4 SPI interface controllers, 2 DMA controllers, 2 Advanced Timers supporting PWM, 2 General Purpose Timer, a Real-Time Clock (RTO domain consisting of the RTC and a back-up SRAM, Windowed Watchdog Timer, eMMC interface, 4 UARTs, 4 12C, and up to 80 fast general purpose With its low-power, high performance, diverse connectivity options, and security features, the MS1000 is ideal for lor applications such as Smart home applications, Smart metering, Tele-monitoring, and Remote Healthcare
Features
- 32-bit ARM® CortexTM-M3 CPU
- tRoot (Secure Hardware Root of Trust)
- Secure Boot Primary security capability of tRoot which is used to brings up a device into a secure state and ensure that it runs only trusted firmware
- Secure identification and authentication Ensures the integrity of various authentication protocols as well as ensure the confidentiality of shared secrets between devices
- Secure provisioning, storage, and management of keys and other secrets HW protected Device Unique Key and Platform Key not accessible by SW
- SPAcc (Security Protocol Accelerator)
- Supporting for all ciphers, hashes and MAC algorithms used in major security protocols MACsec, IPsec, SSL/TLS/DTLS, SRTP, WiMAX, WiFi, content protection, and 3GPP/ITE/LTE-A
- Built-in scatter/gather DMA capability offloads system CPU
- Secure key port to access secrets stored in tRoot
- TRNG (Smart True Random Number Generator)
- Designed for compliance with FIPS 140 2 and FIPS 140-3 (draft)
- High speed operation 50 Mbps at 200 MHz
- Shift register compatible output stream for direct access by tRoot Differential Power Analysis Timing Analysis
- tRoot (Secure Hardware Root of Trust)
- Power Management
- PLL for high frequency clock generation
- Low Dropout (LDO) regulator for main/battery supply
- Power-on Reset
- Built-in Brown-out detection (BOD) circuit for monitoring 3 supply voltage levels
- Peripherals
- External Memory Interface for Async/Sync/Muxed SRAM, NOR (8 bit/16-bit)
- Two 2-channel Direct Memory Access (DMA) controllers
- Two 4-channel Advanced Timers for supporting PWM
- 8-channel 1MSPS SAR A/D Converter (ADC)
- Two 2-channel General Purpose Timers
- Real-Time Clock operating at battery domain
- Windowed Watchdog Timer
- eMMC 4.41
- Four UARTs with IrDA and S protocol ENDEC
- Four 16-bit Serial Peripheral Interfaces (SPI)
- Four 12C modules
- Up to 80 Fast GPIO pins
- Internal RC Oscillator
- MISC Features
- Peripheral Coprocessor for autonomous peripheral operation
- Flexible pin muxing
- Main Supply Voltage
- 3.3V (3.0V-3.6V)
- IO Voltage
- 3.0V-3.6V
Applications
- Home Entertainment
- Smart TVs
- Set-top boxes
- Gaming Consoles
- Internet of Things
- Smart Automotive
- Smart Payment
- Smart Grid
- Smart Medical
- ETC
- Home Appliances
- Electronic devices linked to the Internet