Network Security Products

IPShield network security products add security to networking applications built using the RTCS Embedded Internet Stack and the MQX RTOS. IPShield provide network security product that support IP Security and Internet Key Exchange (IPsec/IKE), Secure Socket Layer (SSL) and Secure Shell (SSH).

IPsec

IPsec provides a high-performance, small-footprint implementation of the IP Security and Internet Key Exchange (IKE) protocols. It is ideal for customers intending to add virtual private network (VPN) capability and security to their embedded Internet infrastructure. IPShield-IPsec satisfies crucial requirements for transmission of sensitive information over the Internet.

IPsec provides security at the network layer (Layer 3) whereas many other network security protocols (such as SSL and SSH) secure individual network applications. IPShield-IPsec provides privacy, authentication, and integrity for IP packets via the Encapsulating Security Payload (ESP) and Authentication Header (AH) protocols. IPShield-IPsec also provides for manual or automated security association establishment via IKE. Supported cryptography protocols include DES, 3DES, AES, MD5, and SHA. IPShield-IPSec provides the flexible API to allow customers to easily integrate their own proprietary technologies to achieve optimal performance.

IPsec is tightly integrated with RTCS Embedded Internet Stack, so when network security is enabled, input and output data packets can be redirected to the IPsec interface. It provides dynamic system policy configuration and does not enforce any particular security policy. IPsec also maintains user configurable call back functions to notify the applications of attacks and/or other auditable events, to prevent occurrence of such attacks in the future.

SSL
With the amount of sensitive data being transmitted across today's networks, it is critical for your devices and device management to be secure. Secure Sockets Layer (SSL), intended for use with the HTTP protocol used by web servers and browsers, provides privacy, authentication and ensures data integrity between a secure server and its clients.

SSL is a compact, standard-based solution allowing secure web-based management of any device over a TCP/IP network. It has small memory footprint, and is fully re-entrant preventing crashes due to deadlocks and race conditions. IPShield-SSL supports both TLS version 1 and SSL version 3 protocols. It provides cryptography supports for DES, 3-DES, AES, RC4, MD5, SHA-1 and RSA. It is tightly integrated with HTTP Pro Web Server, RTCS Embedded Internet Stack, and MQX RTOS, enabling embedded developers to use the familiar development environment to quickly incorporate SSL/TLS security protocols into MQX-based embedded designs.

SSL includes custom digital certificate services so that each device built within the SSL has a unique digital certificate. The server's identity can be authenticated using digital certificates and a chain of trust. Connection reliability is ensured by including a message integrity check in each data record so that no modification can be made to the message or the key negotiation without being detected. Privacy is achieved with encryption of data before transmission and decryption on receipt, using encryption keys that are uniquely generated for each connection. IPShield-SSL provides the root certificate, a vendor certificate, a corresponding vendor private key and a built-in Certificate Authority. It also allows the device to import certificates and keys created by other certificate authorities.

SSL Features

• Secure HTTP web server making use of integrated TLS 1.0 and SSL 3.0 library
• Integrated configurable crypto-suite support including RSA, DH, RC4, DES, 3DES, AES, SHA-1, and MD5, allowing for maximum security
• Built-in Certificate Authority for certificate generation and export
• Provides certificate import support from external Certificate Authorities.
• Compliant with IEFT standards (RFC 2246, RFC 3268)
• Fully compatible with standard secure browsers
• Tightly integrated with MQX RTOS and RTCS Embedded Internet Stack
• Royalty Free license with source code provided

SSH
The Secure Shell (SSH) protocol provides secure remote shell services to network connected devices. The protocol provides for both a terminal command line interface on the remote device and file transfer with the remote device. It is intended as a replacement for telnet, rlogin, rsh, and rcp. SSH is a compact, standard-based, standalone SSH server that supports the required features of the Secure Shell version 2 protocols. It includes features such as Key Exchange method, Public key algorithm, data encryption and data integrity, and authentication methods including Password and Public Key. It is tightly integrated with the MQX RTOS and RTCS Embedded Internet Stack, enabling embedded developers to use the familiar development environment to quickly incorporate SSH security protocols into MQX-based embedded designs.

SSH Features

• Integrated SSH v2 server
• Cryptography support includes DSS, SHA-1 and 3DES
• Authentication methods include Password and Public Keys
• Simple and easy-to-use API for ease of use and ease of installation
• Secure replacement for existing shell/telnet server
• Tightly integrated with MQX RTOS and RTCS Embedded Internet Stack
• Royalty-free licensing with full source code provided