wolfSSL Featuring new Updates on FIPS and Post Quantum Cryptography at Black Hat 2022

Share Article

wolfSSL INC. (Headquarters: Edmonds, Washington, USA), a vendor specialized in cryptography and network security, is excited to share updates regarding their products and technology at Black Hat 2022 this August 10 and 11 in Las Vegas, Nevada, at booth #1084

wolfSSL INC. (Headquarters: Edmonds, Washington, USA), a vendor specialized in cryptography and network security, is excited to share updates regarding their products and technology at Black Hat 2022 this August 10 and 11 in Las Vegas, Nevada, at booth #1084

    The first update is wolfCrypt, wolfSSL’s embedded crypto engine, is on the CMVP MIP (Modules In Process) List for FIPS 140-3. wolfSSL is working with a testing lab to get validated as quickly as possible with the new FIPS standard from the NIST. wolfSSL is the first software library on the FIPS 140-3 MIP list for embedded systems and general purpose multi -platform use.

    FIPS 140-3 involves significant changes, and wolfSSL endeavors to deliver the first and best implementation of FIPS 140-3. FIPS 140-3 is the replacement for FIPS 140-2, so it is always a good idea to switch over as soon as possible. Furthermore wolfSSL’s FIPS 140-3 Certificate has advantages including:

  • Conditional Algorithm Self-Testing (CAST): Testing Streamlined – only test algorithms when they will be first used, or at will
  • Addition of TLS v1.2 KDF (RFC7627) and v1.3 KDF (RFC8446)
  • Addition of SSH KDF
  • Addition of explicit testing of 3072-bit and 4096-bit RSA
  • Addition of RSA-PSS
  • Addition of HMAC with SHA-3
  • Addition of AES-OFB mode
  • Addition of external seeding source callback function for Hash_DRBG
  • Removal of insecure algorithms: 3DES and MD5

    For more information, please visit the FIPS page here.

    The second exciting update is that wolfSSL’s flagship product, a security library for embedded systems, supports post-quantum cryptography. As a result, users who use the wolfSSL library can communicate using post-quantum cryptography on TLS 1.3 (Transport Layer Security), a standard Internet security protocol, without having to make changes to their applications.

    Once a quantum computer is built, attackers are able to decrypt communications protected by only non-quantum resistant cryptography. Thus, any information that wishes to remain confidential needs quantum resistant cryptography even before quantum computers exist. “In communication protocols like TLS, digital signatures are used to authenticate the parties and key exchange is used to establish a shared secret, which can then be used in symmetric cryptography. This means that, for security against a future quantum adversary, authentication in today’s secure channel establishment protocols can still rely on traditional primitives (such as RSA or elliptic curve signatures), but we should incorporate post-quantum key exchange to provide quantum-resistant long-term confidentiality.” (https://eprint.iacr.org/2016/1017.pdf)

    The era of quantum computing is becoming a reality, and ensuring secure network communication is beginning to appear as a real challenge. NIST (National Institute of Standards and Technology) in the competition for Post-Quantum Cryptography Standardization has announced the algorithms moving on to standardization. They are Kyber, Dilithium, Falcon, and SPHINCS+. We have already integrated OQS implemenations of Kyber and Falcon and are integrating the other two as well. We are working hard to craft our own implementations of these algorithms. Work for Kyber is already underway. Open Quantum Safe (OQS), an open source project, provides these finalist algorithms as a library, liboqs.

    This post-quantum cryptography support for wolfSSL implements the algorithms provided by liboqs in wolfSSL, a TLS library product, and provides it as a product that can be used in embedded systems. This allows device manufacturers using wolfSSL to easily incorporate post-quantum cryptography protocols into their network connectivity capabilities without changing the structure or development environment of their products.

    For those of you joining us at #BHUSA22, stop by our booth #1084 and talk to us about FIPS, Post Quantum Cryptography, SSH Daemon, TLS 1.3, DTLS 1.3, hardware crypto acceleration, DO-178, secure boot, Fuzz testing, and everything else that sets us apart as the most secure crypto out there. Customers win with wolfSSL, we’ve got the numbers to prove it.

    If you are new to wolfSSL, here are some things you should know about us!

  • wolfSSL is up to 20x smaller than OpenSSL
  • First commercial implementation of TLS 1.3
  • First implementation of DTLS 1.3
  • One of the first implementers of FIPS 140-3
  • Recently implemented a SSH Daemon Server with wolfSSH
  • Best tested, most secure, fastest crypto on the market with incomparable certifications and highly customizable modularity
  • Access to 24x7 support from a real team of Engineers
  • Support for standards including the newest (SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3, DTLS 1.0, DTLS 1.2, and DTLS 1.3)
  • Multi-platform, royalty free, with an OpenSSL compatibility API to ease porting into existing applications which have previously used the OpenSSL package

    Email us at facts@wolfssl.com to book a meeting or register directly from Black Hat’s event site: https://www.blackhat.com/us-22/registration.html.

About wolfSSL

wolfSSL focuses on providing lightweight and embedded security solutions with an emphasis on speed, size, portability, features, and standards compliance. With its SSL/TLS products and crypto library, wolfSSL is supporting high security designs in automotive, avionics, and other industries. In avionics, wolfSSL has support for complete RTCA DO-178C level A certification. In automotive, it supports MISRA-C capabilities. For government consumers, wolfSSL has a strong history in FIPS 140-2, with upcoming Common Criteria support. wolfSSL supports industry standards up to the current TLS 1.3 and DTLS 1.3, is up to 20 times smaller than OpenSSL, offers a simple API, an OpenSSL compatibility layer, is backed by the robust wolfCrypt cryptography library, and much more. Our products are open source, giving customers the freedom to look under the hood.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Kajal Sapkota
1 4255032347
Email >
Follow >