|
|
 |
| SSLimSecure |
| Embedded SSL and TLS
Client and Server |
|
SSLimSecure
is an embedded implementation of the Secure
Sockets Layer (SSL) & Transport Layer Security (TLS)
protocol. SSLimSecure integrates the core functionality
needed to implement secure HTTPS client/server components
that are fully interoperable with free and commercial HTTP
web browser and server implementations, and to secure any
non-HTTP socket based transactions as well. SSLimSecure
includes support for all popular cryptography algorithms
including AES and 3-DES and offers easy integration with
existing web-based device management systems, embedded web
servers and HTTP clients. Given its ability to scale out
optional features, SSLimSecure is ideally suited for use
in low-resource embedded environments.
|
|
|
|
|
|
|
|
|
|
|
|
SSLimSecure is a robust, standards based, small-footprint
socket-based framework that secures data exchanged
between two network applications. It includes a powerful
implementation of Secure Sockets Layer (SSL) & Transport
Layer Security (TLS) protocols for embedded devices,
with a comprehensive set of encryption ciphers for data
privacy, cryptographic hash algorithms for message
integrity checks and X.509 v3 (and older) digital
certificate support for authentication.
SSLimSecure's SSL framework installs istelf above the
TCP/IP layers, and below higher-level application
protocols such as HTTP or custom transaction protocols.
It then uses TCP/IP on behalf of the higher-level
protocols, and in the process allows an SSL-enabled
server to authenticate itself to an SSL-enabled client,
optionally allows the client to authenticate itself to
the server, and allows both machines to establish an
encrypted and tamper-proof data connection.
SSLimSecure powerful features include an implementation
of most common versions of the SSL protocol (v2 and v3)
and also the newest IETF standardized TLS v1.x. While
SSLimSecure comes pre-packaged with a wide variety of
encryption and has algorithms, its modular design allows
scaling out of any cipher, thereby eliminating any
memory and performance from components that are not used
by the embedded application.
SSLimSecure's APIs allow the securing of any TCP
socket-based client/server network applications via just
a a few API calls from the application to initiate the
SSL handshake, and replacing socket calls with their
secure equivalents. This enables secure management of
connected embedded devices a snap, and also helps in
securing data or measurements that may have to sent back
to an SSL enabled server. |
|
 |
Features |
 |
 |
 |
|
 |
Provides client and server support for protocols
SSLv2, SSLv3, and TLSv1. |
|
|
Full featured cryptography including various
flavors of AES, DES/3-DES, RC2, RC4, Blowfish,
CAST. |
|
|
Message digests and public key cryptography
support. |
|
|
Provides APIs for hardware acceleration support. |
|
|
Enables native Https support for WindWeb, WIND
Manage and other web servers. |
|
|
Includes digital envelope routines, base64
encoding and a framework for elliptic curves. |
|
|
Vulnerability countermeasures against timing
based attacks. |
|
|
Support for CPU types of either
endian-ness including PowerPC, MIPS, X86, ARM/XScale. |
|
|
Royalty-free! |
|
|
 |
 |
 |
 |
|
|
|
|
 |
Further optimizations such as a using the
same SSL parameter template ("context") for various SSL
sessions, and customizable hardware assist functionality are
also included in SSLimSecure.
While SSLimSecure can secure any socket based transaction,
web-server or HTTP-client security is undoubtedly a popular use
of SSL technologies. SSLimSecure can secure both the client and
server sides of an HTTP session simultaneously in the same
system, and with the use of a proxy mechanism can also achieve
this without any modifications to existing HTTP server and
client code.
Out of the box integration (even in the absence of proxies) is
included for common embedded web-servers including shttp, thttpd, WindWeb and
WIND Manage for Web. This allows for an easy upgrade to secure
existing web-based device management frameworks.
SSLimSecure has been extensively validated on a
variety of CPU architectures, and this minimizes development and
integration efforts. SSLimSecure supports multi-tasking, memory partitions, &
abstractions that are lean, yet fast. SSLimSecure enables secure
transactions in embedded network applications with the fewest
changes, and provides a seamless solution that is interoperable
with existing web servers and web-browsers on embedded and
non-embedded platforms. |
|
Special Features |
|
|
Includes server and
client components |
|
|
Server authentication
with X.509 Digital Certificates |
|
|
Support for
per-connection variables |
|
|
Certificate Revocation
List (CRL) support |
|
|
Memory partition
support to isolate memory usage of various SSLimSecure
modules |
|
|
Enhanced memory management & partition support |
|
|
Multi-tasking support |
|
|
SSL layer is built on
top of standard OS socket interface |
|
|
Works with
packet-filtering firewalls such as FireFly by blocking
normal web-server port so only secure (https)
connections are allowed |
|
|
|
|
|
|
