Mocana Corporation has launched its embedded device security suite, which aims to bring standards-based secure communications to even the most resource-constrained embedded devices, including those running Linux. The Suite comprises an SSL/TLS server, SSL/TLS client, and SSH server, and targets networked devices of all kinds where security is paramount.

The Suite supports a broad range of open security standards and protocols, including TLS1.0, SSLv3, SSHv2, SFTP, DH, RSA-2048, DSS, AES, Triple-DES, Blowfish, SHA-1, and MD5. The platform- and architecture- independent code supports a range of embedded OSes, including Linux. And, the code is so lightweight, it can run on 16-bit microcontrollers in systems lacking an actual operating system, according to CTO James Blaisdell.

Fast, lightweight, and off-the-shelf

According to Blaisdell, the TLS client and server separately each have a firmware footprint of 50KB, and together weigh in at 60KB. The SSH server footprint is 70KB. The full suite requires about 110KB of firmware space. Additionally, the memory footprint is very small — 14KB per connected client — with very light stack usage between 2.5 and 3.5KB. “We run in-process, not out of process with pipes and so forth, so performance is twice as fast as most SSL/TLS stacks,” Blaisdell commented.

Mocana believes its solution to be a tremendous advantage over in-house security solutions, because it reduces the risk that developers not trained in security will introduce vulnerabilities. Additionally, the company says, it can be implemented faster and is smaller and quicker than hacked versions of non-embedded-specific open source security programs. Unlike OpenSSL and OpenSSH, Mocana's Suite was built from the ground up for embedded use, the company says.

Compared with the free MatrixSSL embedded SSL library from PeerSec, Blaisdell says, Mocana supports more protocols, has more components including an SSH server, and is generally further along.

Like the PeerSec solution, the Suite can be used to secure Web servers, M2M (machine-to-machine) communication, or any communication application using Berkeley sockets. It offers a well-documented API, Mocana says, and includes sample applications that include a command-line echo server and simple http server. Systems integrator Art & Logic in October, 2003 announced an integration of Mocana's SSL server with the popular GoAhead Web server.

Mocana SSL Server architecture

Additionally, the Suite can support hardware security acceleration in Broadcom, FreeScale, and other chips. Example code for “a growing number” of security processors and co-processors is included with the Suite, according to Mocana.

Early customers

Mocana says that its Suite has already been used extensively by customers during the two years the company has been in business. “We already have repeat customers,” says CEO Adrian Turner, citing Nortel, where three separate groups have deployed the Suite.

Additionally, says Turner, the company has received government clearance to supply its technology outside the U.S.

“We've developed a complete security solution that enterprise developers can simply drop into embedded devices to secure communications,” Turner says.

Turner adds that Mocana is self-funded, and profitable based on closed sales. He declined to specify the size of the company, but called its relatively large size a competitive advantage. The company is based in Menlo Park, Calif.

Availability

The Mocana Suite is available immediately, priced at $7,500 each for the SSL client and server, and $6,500 for the SSH server, with bundle pricing available. It is delivered as source code, and is licensed royalty-free. Binary versions are available for free evaluation, after registration, from the Mocana Website. The company also has a source code evaluation program.

Mocana has partnered with both MontaVista and Wind River, and will hold a series of Webinars discussing the security needs of embedded devices, beginning June 17.

 
This article was originally published on LinuxDevices.com and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.