Linux-based mobile desktop packs crypto punch
Nov 16, 2005 — by LinuxDevices Staff — from the LinuxDevices Archive — 1 views[Updated Nov. 18] — Realm Systems used Certicom's embedded VPN (virtual private network) stack in a Linux-based gadget aimed at providing roaming workers with secure access to sensitive data. The Mobile Personal Server (MPS) uses Certicom's Security Builder IPSec stack, and will ship in Q1, 2006. The device targets mobile government, financial, and medical workers requiring secure access to sensitive data when away from their desks.
Realm's MPS (pictured above) is a complete, though tiny, Linux-based computer with its own PowerPC processor, DRAM, and internal Flash memory, but packaged in a USB dongle form-factor. It is powered via USB (along with a backup battery), and has a built-in biometric sensor. When plugged in, it comandeers the interface hardware of host PCs running Linux or Windows.
The MPS works in a similar fashion to Realm's loss-leader priced, biometrically protected Black Dog product, confirms Marcom Director Steve Dawson. The Black Dog was delivered this summer, targeting open source developers. A cash-rich coding and bughunting contest for Black Dog software is scheduled to end in January, about the time the MPS ships.
The BlackDog works by using Windows autorun or Linux's hot plug agent to launch an X server on the host PC when the device is plugged in. An Ethernet-over-USB network is then created, over which applications (including a desktop) on the device can be accessed using the PC's display, keyboard, and mouse.
The Black Dog is a standalone device, but the MPS is designed to work in conjunction with Realm's enterprise “Management Router” (MR), as part of the company's “Mobile Enterprise Platform” (MEP). According to Dawson, the MPS “scans the host PC's network/Internet connection, then uses it to gain access to the MR, [creating] a VPN directly from the MPS to the MR; so there's no worry about malware or attacks from an untrusted PC.”
The complete MEP system — including the MR and MPS devices — thus allows mobile workers to carry encrypted, network-enabled desktop computing sessions with them, instantly resuming and suspending from any handy host PC, according to Realm. A single MR will support several hundred MPS devices, Dawson stated.
Security by Certicom
Realm says it chose Certicom because it is an industry-proven, standards based solution. Additionally, Realm says its implementation is compatible with OpenVPN, an open source VPN solution.
Certicom's Security Builder IPSec client is part of the Certicom Security Architecture (CSA), a full embedded security stack available with modules validated under FIPS 140-2 (federal information processing standards). Versions of Realm's MPS devices compliant with FIPS 140-2 will be offered, according to Dawson.
Certicom's CSA stack is based on “elliptical curve cryptography” (ECC), said to reduce key sizes, CPU requirements, and footprint compared with alternatives. A primer on ECC can be found here.
Certicom's CSA has a modular architecture
Realm's CEO, Rick White, commented, “Thanks to Certicom's technology our platform can securely manage, distribute, and secure data and applications to authenticated mobile workers.”
Realm Systems is a small startup with about 75 employees. It obtained initial funding of $10M in December of last year. In a series B round, it has to date raised $8M in a bridge, a company spokesperson stated.
Availability
Realm Systems's MEP is expected to ship in Q1, 2006, priced at about $10K for the MR and between $400 and $600 for the MPS, depending on processor, memory, and other options.
Certicom's CSA product launched in March of this year.
[Errors corrected on Nov. 17 in this story include the number of Realm employees, the MPS's autorun capabilities, and the device's VPN network access capabilities. ]
[Errors corrected on Nov. 18 include Mac OS X support status, the number of remote clients supported, the relationship of Black Dog and MPS, Realm's reasons for choosing Certicom, and the status of Realm's B funding round.]
This article was originally published on LinuxDevices.com and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.