| Embedded-oriented SSL, SSH suite launches |
Jun. 11, 2004
Mocana Corporation has launched its embedded device security suite, which aims to bring standards-based secure communications to even the most resource-constrained embedded devices, including those running Linux. The Suite comprises an SSL/TLS server, SSL/TLS client, and SSH server, and targets networked devices of all kinds where security is paramount.
The Suite supports a broad range of open security standards and protocols, including TLS1.0, SSLv3, SSHv2, SFTP, DH, RSA-2048, DSS, AES, Triple-DES, Blowfish, SHA-1, and MD5. The platform- and architecture- independent code supports a range of embedded OSes, including Linux. And, the code is so lightweight, it can run on 16-bit microcontrollers in systems lacking an actual operating system, according to CTO James Blaisdell.
Fast, lightweight, and off-the-shelf
According to Blaisdell, the TLS client and server separately each have a firmware footprint of 50KB, and together weigh in at 60KB. The SSH server footprint is 70KB. The full suite requires about 110KB of firmware space. Additionally, the memory footprint is very small -- 14KB per connected client -- with very light stack usage between 2.5 and 3.5KB. "We run in-process, not out of process with pipes and so forth, so performance is twice as fast as most SSL/TLS stacks," Blaisdell commented.
Mocana believes its solution to be a tremendous advantage over in-house security solutions, because it reduces the risk that developers not trained in security will introduce vulnerabilities. Additionally, the company says, it can be implemented faster and is smaller and quicker than hacked versions of non-embedded-specific open source security programs. Unlike OpenSSL and OpenSSH, Mocana's Suite was built from the ground up for embedded use, the company says.
Compared with the free MatrixSSL embedded SSL library from PeerSec, Blaisdell says, Mocana supports more protocols, has more components including an SSH server, and is generally further along.
Like the PeerSec solution, the Suite can be used to secure Web servers, M2M (machine-to-machine) communication, or any communication application using Berkeley sockets. It offers a well-documented API, Mocana says, and includes sample applications that include a command-line echo server and simple http server. Systems integrator Art & Logic in October, 2003 announced an integration of Mocana's SSL server with the popular GoAhead Web server.
Mocana SSL Server architecture
Additionally, the Suite can support hardware security acceleration in Broadcom, FreeScale, and other chips. Example code for "a growing number" of security processors and co-processors is included with the Suite, according to Mocana.
Early customers
Mocana says that its Suite has already been used extensively by customers during the two years the company has been in business. "We already have repeat customers," says CEO Adrian Turner, citing Nortel, where three separate groups have deployed the Suite.
Additionally, says Turner, the company has received government clearance to supply its technology outside the U.S.
"We've developed a complete security solution that enterprise developers can simply drop into embedded devices to secure communications," Turner says.
Turner adds that Mocana is self-funded, and profitable based on closed sales. He declined to specify the size of the company, but called its relatively large size a competitive advantage. The company is based in Menlo Park, Calif.
Availability
The Mocana Suite is available immediately, priced at $7,500 each for the SSL client and server, and $6,500 for the SSH server, with bundle pricing available. It is delivered as source code, and is licensed royalty-free. Binary versions are available for free evaluation, after registration, from the Mocana Website. The company also has a source code evaluation program.
Mocana has partnered with both MontaVista and Wind River, and will hold a series of Webinars discussing the security needs of embedded devices, beginning June 17.
Related Stories:
(Click here for further information)
|
|
|
7 Advantages of D2D Backup
For decades, tape has been the backup medium of choice. But, now, disk-to-disk (D2D) backup is gaining in favor. Learn why you should make the move in this whitepaper.
4 Legal Reasons to Control Internet Access
The Internet is obviously a valuable resource for many organizations. However, many are exposed to legal liability concerns because they fail to control Internet access. Learn if you're safe in this white paper.
Rapidly Resolve J2EE Application Problems
Whether you are in the process of building J2EE applications or have J2EE applications already running in production, you must ensure that they deliver the expected ROI. Learn how in this white paper.
Load Testing 2.0 for Web 2.0
There are many unknowns in stress testing Web 2.0 applications. Find out how to test the performance of Web 2.0 in this white paper.
Build Better Games Online
For the game infrastructure providers, life is complex. Making money from games has become more complicated. Why? Find out in this white paper.
Building a Virtual Infrastructure from Servers to Storage
This white paper discusses the virtual storage solutions that reduce cost, increase storage utilization, and address the challenges of backing up and restoring Server environments.
Gaining Faster Wireless Connections with WiMAX
Welcome to what is quickly becoming the hyperconnected world where anything that would benefit from being connected to the network will be connected. Learn more in this white paper.
Is Your Desktop a Security Threat?
The new wave of sophisticated crimeware not only targets specific companies, but also targets desktops and laptops as backdoor entryways into those business’ operations and resources. Learn how to stay safe in this white paper.
Increasing SAN Reliability by 100 Percent
Storage area networks (SAN) are a strong part of storage plans. Learn how to increase your reliability and uptime by 100 percent in this case study.
|
|
|
|
|
Use of this site is governed by our Terms of
Service and Privacy Policy.
Except where otherwise specified, the contents of this site are copyright © 1999-2008
Ziff Davis Enterprise Holdings Inc. All Rights Reserved.
Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise is
prohibited. Linux is a registered trademark of Linus Torvalds. All other marks are the property of their respective owners.
news feed