This year’s ARM TechCon’s theme was low power. As we reduce the power consumption of computer systems, we can apply them to many areas that we never even considered before. Reducing power involves several elements, including low-power processors and memory. But we tend to overlook software impacts. Software includes both utilities and applications. At the ARM TechCon, I interviewed four companies that work on lightweight software to run on a low-power system.
The first company I talked with was yaSSL (“yet another SSL”). I wrote about them some time ago. The last time I talked to Larry Stefonic, their co-founder, I wrote about their products and features. This time I want to focus on their origin and the market segment they serve, low-power computing.
As I wrote before, Larry was Senior VP of sales at MySQL, which was successfully acquired by Sun (and then became part of Oracle). The following is a summary of my conversation with Larry.
Back in 2005, MySQL did a code audit to make sure that all the code in MySQL could be verified as legitimate. They wanted to make sure that nothing in the MySQL code violated any ownership claims from others. It was important for MySQL to make sure that MySQL products, regardless of whether these were open-source or licensed versions, did not violate any license requirements from others, so that their users could use their products without worry of any claims.
The audit revealed that the OpenSSL package they were using had two problems. One was that it had grown too big and become unmaintainable. OpenSSL was also unworkable because it has a complex license and unclear copyright ownership. For the latter, it was hard to continue with it when MySQL was delivering commercial licenses to its code base. Hence, a new SSL package was necessary, which is open source and works for the dual-license environment. That was the starting point of yaSSL’s birth.
Well, SSL is standardized. Then how do you differentiate yourself from the rest of the SSL competition? After all, anyone with a reasonable background could develop another SSL package. Larry listed the following points of differentiation:
- The Open-source business model keeps the costs low; and that benefit is passed along to commercial users for as little as $5,000 for a single product license.
- Small footprints with few resource requirements that can run on embedded systems, even on bare metal. The code size can be 20–100 kB and the run-time memory requirement is 5–50 kB.
- Super portable.
- Solid commercial license option.
- Hardware-based crypto, including Intel’s AES-NI and Cavium crypto processor.
Many of the above came from the belief that the embedded-system market would grow and many embedded systems in the future would be networked. If those resource-hungry embedded systems are on the network, they would certainly need encryption. If that is the case, no need to explain the aforementioned merits.
Now, where are yaSSL packages suitable? Larry listed the following markets as of interest:
- Streaming media (video and voice) over the Internet, leading to support for DTLS, streaming ciphers, and TLS 1.2. For example, Skype uses the CyaSSL package.
- Sensor applications in power grid, such as meters, and connected home appliances, such as those of Whirlpool and Bosch.
- Gaming applications. CyaSSL was ported to all the major gaming consoles, such as the PS Vita console on SONY’s Wipeout 1214.
This is very interesting. It is necessary to downsize everything to make embedded systems ubiquitously connected via the Internet.