Security and Connectivity for IoT Devices

Menu
Meet Government Requirements for FIPS Validated Cryptography in Your IoT Device

Embedded FIPS 140 Cryptography

The Allegro Cryptography Engine (ACE™) is a platform independent, high performance, resource sensitive, embedded FIPS 140 cryptography engine specifically engineered form the rigors of embedded computing.

Improve Performance

ACE™ enables OEMs to add sophisticated FIPS approved encryption technology to their designs and dramatically speed the development cycle.

Secure Devices

ACE™ cryptography library is designed to meet the requirements needed for FIPS 140 validation.

ACE™

Embedded systems are appearing in virtually all industries with the capability to communicate independently. The rapid adoption and deployment of modern communication technologies have enabled new applications in healthcare, military applications, energy management, consumer devices and many other areas. With these capabilities, comes the need for embedded device security. Any network-enabled device must be considered as a potential target for malicious intent. Encryption of sensitive data while in motion or at rest is a key component to thwarting malicious attacks and reducing risk.

ACE™ is a cryptographic library module for resource sensitive IoT devices that provides validated software implementations of FIPS-approved algorithms for the calculation of message digests, digital signature creation and verification, bulk encryption and decryption, key generation and key exchange. Used stand-alone or pre-integrated with the Allegro EdgeAgent Suite, ACE™ provides CAVP validated implementations of sophisticated FIPS approved encryption algorithms for use in embedded systems. In 2005, the National Security Agency (NSA) defined a set of cryptographic algorithms that when used together, are the preferred method for assuring the security and integrity of information passed over public networks such as the Internet. Today, Suite B is globally recognized as an advanced standard for cryptography that defines algorithms and strengths for encryption, hashing, calculating digital signatures and key exchange. ACE™ includes a platform independent, CAVP validated implementation of the NSA Suite B defined suite of cryptographic algorithms. ACE™ is delivered as ANSI C source.

Securing Data in Motion

Many IoT applications often collect and correlate valuable sensitive information at the edge of the Internet and routinely transmit it to servers in the cloud securely. TLS and DTLS are the “defacto” standards for keeping data secure when communicating with servers in the cloud. Allegro’s RomSTL™, embedded TLS, and DTLS toolkit, tightly integrates FIPS validated cryptography with a standards-based, embedded implementation of TLS/DTLS to keep your data secure while in motion. RomTLS™ is additionally integrated to make use of ACE’s support of Suite B algorithms (RFC 6460).

Securing Data at Rest

Allegro’s secure data-at-rest solution is tightly integrated with ACE™ validated FIPS 140 cryptography. Before offloading data to cloud-based applications, any sensitive information stored by IoT devices faces numerous threats and risks of unintentional exposure. Adding data encryption to the transmission process has been the traditional method for reducing this risk. However, simply encrypting data transmissions doesn’t fully address many of the threats aimed at recovering small segments of data or potentially the entire collection. The Allegro EdgeAgent Suite provides IoT design engineers the ability to proactively address the threat surface created when storing sensitive data on persistent media. Rather than encrypting data at a volume or drive level where exposing a single set of keys potentially compromises a significant amount of sensitive data, Allegro’s secure data-at-rest solution encrypts information at the file level.

ACE™ can be used stand-alone or pre-integrated with the Allegro EdgeAgent Suite.

ACE™ – FIPS Mode

Digital Signature Algorithms

  • RSA (FIPS 186-4) Key lengths: 2048, 3072
    • Padding Modes: ANSI X9.31, PKCS #1v1.5, PSS
  • DSA (FIPS 186-4) Key lengths: 2048, 3072
  • ECDSA (FIPS 186-4) Curves: NIST P-224, P-256, P-384, P-521

Symmetric Keys

  • AES Key lengths: 128, 192, 256
    • Modes: ECB, CBC, CTR, CFB1, CFB8, CFB128, OFB, CCM
  • AES-GCM Key lengths: 128, 192, 256
  • AES-XTS Key lengths: 128, 256
  • TripleDES
    • Modes: ECB, CBC, CFB1, CFB8, CFB64, OFB

Hash Functions

  • SHA-1
  • SHA-224
  • SHA-256
  • SHA-384
  • SHA-512
  • SHA3-224
  • SHA3-256
  • SHA3-384
  • SHA3-512

Message Authentication

  • HMAC-SHA-1
  • HMAC-SHA-224
  • HMAC-SHA-256
  • HMAC-SHA-384
  • HMAC-SHA-512
  • AES-GMAC Keylengths: 128, 192, 256
  • AES-CMAC Keylengths: 128, 192, 256

Key Agreement

  • DH (NIST SP 800-56A)
  • ECDH Curves: NIST P-224, P-256, P-384, P-521

Key Derivation

  • Password-Based Key Derivation Function 2 (PBKDF2)
  • TLS Key Derivation Functions

Random Number Generator

  • DRBG (NIST SP 800-90B)

ACE™ – Non-FIPS Mode

All of the above in addition to the following:

Digital Signature Algorithms

  • RSA: arbitrary key lengths 1024, 2048, 3072
  • DSA: arbitrary key lengths 1024, 2048, 3072

Symmetric Keys

  • DES
  • RC4

Hash Functions

  • MD2
  • MD4
  • MD5

Message Authentication

  • HMAC-MD5

Features

Benefits

Small code footprint More resource available for application features
ANSI C Source Code Distribution Broad processor architecture support eases porting and support
Processor, RTOS, and TCP/IP stack agnostic Allegro’s products will work with new or existing hardware and software designs
Flexible Security and External Security support Use software encryption or if available make use of hardware cryptography acceleration
Compilation switches for size, feature, and speed trade-offs Allows the development team to optimize for system resources

Supported RFCs

System Requirements

  • Processor Architecture – Works with any 16-bit, 32-bit or 64-bit processor
  • Operating System (OS) – Works with any OS vendor and will function without an OS if needed
  • Compiler – ANSI C

FIPS Level 2 Logo

NIST CVMP Validation Reference

 

Validated FIPS 140 Cryptographic Modules

 

Certificate Number Status Date
3432 Active 4/11/2019
2966 Active 7/20/2017
2048 Historical 2/20/2014

 

CAVP Validation References

 

AES Validation

Validation Number Date
AES 5574 7/27/2018
AES 5573 7/27/2018
AES 4121 10/14/2016
AES 2671 11/8/2013
AES 2314 1/18/2013
AES 2271 11/15/2012

 

DSA Validation

Validation Number Date
DSA 1116 10/14/2016
DSA 810 11/8/2013
DSA 728 1/18/2013
DSA 708 11/15/2012

 

RSA Validation

Validation Number Date
RSA 3000 7/27/2018
RSA 2999 7/27/2018
RSA 2227 10/14/2016
RSA 1374 11/8/2013
RSA 1197 1/8/2013
RSA 1164 11/15/2012

 

ECDSA Validation

Validation Number Date
ECDSA 1505 7/27/2018
ECDSA 1504 7/27/2018
ECDSA 936 10/14/2016
ECDSA 465 11/8/2013
ECDSA 379 1/18/2013
ECDSA 367 11/15/2012

 

Triple-DES

Validation Number Date
TDES 2251 10/14/2016
TDES 1602 11/8/2013
TDES 1459 1/18/2013
TDES 1418 11/15/2012

 

SHA Validation

Validation Number Date
SHS 4478 7/27/2018
SHS 4477 7/27/2018
SHS 3390 10/14/2016
SHS 2243 11/8/2013
SHS 1997 1/8/2013
SHS 1952 11/15/2012

 

SHA-3 Validation

Validation Number Date
SHA-3 8 7/27/2018

 

SHAKE Validation

Validation Number Date
SHA-3 8 7/27/2018

 

DRBG Validation

Validation Number Date
DRBG 2224 7/27/2018
DRBG 2223 7/27/2018
DRBG 1241 10/14/2016
DRBG 430 11/8/2013
DRBG 286 1/8/2013
DRBG 279 11/15/2012

 

Component Validations

 

KDF-TLS Validations

Validation Number Date
Component 2062 9/7/2018
Component 2061 9/7/2018
Component 1074 1/27/2017

 

KAS-FFC Validations

Validation Number Date
Component 927 10/14/2016
Component 148 11/8/2013
Component 43 11/15/2012

 

KAS-ECC Validations

Validation Number Date
Component 2005 7/27/2018
Component 2004 7/27/2018
Component 927 10/14/2016
Component 148 11/8/2013
Component 50 1/8/2013
Component 43 11/15/2012

 

HMAC-SHA2 Validations

Validation Number Date
HMAC 3715 7/27/2018
HMAC 3714 7/27/2018
HMAC 2692 10/14/2016
HMAC 1661 11/8/2013
HMAC 1430 1/8/2013
HMAC 1390 11/15/2012

Our FIPS Validation Software can be applied to any application across many industries.

Medical

Stryker

Connected Hospital Bed

To qualify for the VA medical market, Stryker’s connected hospital bed had to be FIPS validated. Stryker used Allegro’s ACE Software Cryptography module, TSL, and XML/JSON products.

Project Details  

  • ACE FIPS 140 validation
  • Secure TLS communications
  • XML/JSON integration
  • ROI 300%+ over in-house development and maintenance
  • Decreased time to deployment

Military

Boeing

Combat Survivor Evader Locator (CSEL)

Boeing used Allegro’s ACE Software Cryptography module for their sophisticated hand-held device that allows troops to communicate securely from behind lines.

Project Details

  • ACE S/W algorithms replace deprecated cryptography
  • Custom FIPS 140 validation for environment
  • Projected ROI 200%+ compared to in-house development and maintenance
Description

ACE™

Embedded systems are appearing in virtually all industries with the capability to communicate independently. The rapid adoption and deployment of modern communication technologies have enabled new applications in healthcare, military applications, energy management, consumer devices and many other areas. With these capabilities, comes the need for embedded device security. Any network-enabled device must be considered as a potential target for malicious intent. Encryption of sensitive data while in motion or at rest is a key component to thwarting malicious attacks and reducing risk.

ACE™ is a cryptographic library module for resource sensitive IoT devices that provides validated software implementations of FIPS-approved algorithms for the calculation of message digests, digital signature creation and verification, bulk encryption and decryption, key generation and key exchange. Used stand-alone or pre-integrated with the Allegro EdgeAgent Suite, ACE™ provides CAVP validated implementations of sophisticated FIPS approved encryption algorithms for use in embedded systems. In 2005, the National Security Agency (NSA) defined a set of cryptographic algorithms that when used together, are the preferred method for assuring the security and integrity of information passed over public networks such as the Internet. Today, Suite B is globally recognized as an advanced standard for cryptography that defines algorithms and strengths for encryption, hashing, calculating digital signatures and key exchange. ACE™ includes a platform independent, CAVP validated implementation of the NSA Suite B defined suite of cryptographic algorithms. ACE™ is delivered as ANSI C source.

Securing Data in Motion

Many IoT applications often collect and correlate valuable sensitive information at the edge of the Internet and routinely transmit it to servers in the cloud securely. TLS and DTLS are the “defacto” standards for keeping data secure when communicating with servers in the cloud. Allegro’s RomSTL™, embedded TLS, and DTLS toolkit, tightly integrates FIPS validated cryptography with a standards-based, embedded implementation of TLS/DTLS to keep your data secure while in motion. RomTLS™ is additionally integrated to make use of ACE’s support of Suite B algorithms (RFC 6460).

Securing Data at Rest

Allegro’s secure data-at-rest solution is tightly integrated with ACE™ validated FIPS 140 cryptography. Before offloading data to cloud-based applications, any sensitive information stored by IoT devices faces numerous threats and risks of unintentional exposure. Adding data encryption to the transmission process has been the traditional method for reducing this risk. However, simply encrypting data transmissions doesn’t fully address many of the threats aimed at recovering small segments of data or potentially the entire collection. The Allegro EdgeAgent Suite provides IoT design engineers the ability to proactively address the threat surface created when storing sensitive data on persistent media. Rather than encrypting data at a volume or drive level where exposing a single set of keys potentially compromises a significant amount of sensitive data, Allegro’s secure data-at-rest solution encrypts information at the file level.

ACE™ can be used stand-alone or pre-integrated with the Allegro EdgeAgent Suite.

Algorithms

ACE™ – FIPS Mode

Digital Signature Algorithms

  • RSA (FIPS 186-4) Key lengths: 2048, 3072
    • Padding Modes: ANSI X9.31, PKCS #1v1.5, PSS
  • DSA (FIPS 186-4) Key lengths: 2048, 3072
  • ECDSA (FIPS 186-4) Curves: NIST P-224, P-256, P-384, P-521

Symmetric Keys

  • AES Key lengths: 128, 192, 256
    • Modes: ECB, CBC, CTR, CFB1, CFB8, CFB128, OFB, CCM
  • AES-GCM Key lengths: 128, 192, 256
  • AES-XTS Key lengths: 128, 256
  • TripleDES
    • Modes: ECB, CBC, CFB1, CFB8, CFB64, OFB

Hash Functions

  • SHA-1
  • SHA-224
  • SHA-256
  • SHA-384
  • SHA-512
  • SHA3-224
  • SHA3-256
  • SHA3-384
  • SHA3-512

Message Authentication

  • HMAC-SHA-1
  • HMAC-SHA-224
  • HMAC-SHA-256
  • HMAC-SHA-384
  • HMAC-SHA-512
  • AES-GMAC Keylengths: 128, 192, 256
  • AES-CMAC Keylengths: 128, 192, 256

Key Agreement

  • DH (NIST SP 800-56A)
  • ECDH Curves: NIST P-224, P-256, P-384, P-521

Key Derivation

  • Password-Based Key Derivation Function 2 (PBKDF2)
  • TLS Key Derivation Functions

Random Number Generator

  • DRBG (NIST SP 800-90B)

ACE™ – Non-FIPS Mode

All of the above in addition to the following:

Digital Signature Algorithms

  • RSA: arbitrary key lengths 1024, 2048, 3072
  • DSA: arbitrary key lengths 1024, 2048, 3072

Symmetric Keys

  • DES
  • RC4

Hash Functions

  • MD2
  • MD4
  • MD5

Message Authentication

  • HMAC-MD5
Features/Benefits

Features

Benefits

Small code footprint More resource available for application features
ANSI C Source Code Distribution Broad processor architecture support eases porting and support
Processor, RTOS, and TCP/IP stack agnostic Allegro’s products will work with new or existing hardware and software designs
Flexible Security and External Security support Use software encryption or if available make use of hardware cryptography acceleration
Compilation switches for size, feature, and speed trade-offs Allows the development team to optimize for system resources
Specifications

Supported RFCs

System Requirements

  • Processor Architecture – Works with any 16-bit, 32-bit or 64-bit processor
  • Operating System (OS) – Works with any OS vendor and will function without an OS if needed
  • Compiler – ANSI C
FIPS Validations

FIPS Level 2 Logo

NIST CVMP Validation Reference

 

Validated FIPS 140 Cryptographic Modules

 

Certificate Number Status Date
3432 Active 4/11/2019
2966 Active 7/20/2017
2048 Historical 2/20/2014

 

CAVP Validation References

 

AES Validation

Validation Number Date
AES 5574 7/27/2018
AES 5573 7/27/2018
AES 4121 10/14/2016
AES 2671 11/8/2013
AES 2314 1/18/2013
AES 2271 11/15/2012

 

DSA Validation

Validation Number Date
DSA 1116 10/14/2016
DSA 810 11/8/2013
DSA 728 1/18/2013
DSA 708 11/15/2012

 

RSA Validation

Validation Number Date
RSA 3000 7/27/2018
RSA 2999 7/27/2018
RSA 2227 10/14/2016
RSA 1374 11/8/2013
RSA 1197 1/8/2013
RSA 1164 11/15/2012

 

ECDSA Validation

Validation Number Date
ECDSA 1505 7/27/2018
ECDSA 1504 7/27/2018
ECDSA 936 10/14/2016
ECDSA 465 11/8/2013
ECDSA 379 1/18/2013
ECDSA 367 11/15/2012

 

Triple-DES

Validation Number Date
TDES 2251 10/14/2016
TDES 1602 11/8/2013
TDES 1459 1/18/2013
TDES 1418 11/15/2012

 

SHA Validation

Validation Number Date
SHS 4478 7/27/2018
SHS 4477 7/27/2018
SHS 3390 10/14/2016
SHS 2243 11/8/2013
SHS 1997 1/8/2013
SHS 1952 11/15/2012

 

SHA-3 Validation

Validation Number Date
SHA-3 8 7/27/2018

 

SHAKE Validation

Validation Number Date
SHA-3 8 7/27/2018

 

DRBG Validation

Validation Number Date
DRBG 2224 7/27/2018
DRBG 2223 7/27/2018
DRBG 1241 10/14/2016
DRBG 430 11/8/2013
DRBG 286 1/8/2013
DRBG 279 11/15/2012

 

Component Validations

 

KDF-TLS Validations

Validation Number Date
Component 2062 9/7/2018
Component 2061 9/7/2018
Component 1074 1/27/2017

 

KAS-FFC Validations

Validation Number Date
Component 927 10/14/2016
Component 148 11/8/2013
Component 43 11/15/2012

 

KAS-ECC Validations

Validation Number Date
Component 2005 7/27/2018
Component 2004 7/27/2018
Component 927 10/14/2016
Component 148 11/8/2013
Component 50 1/8/2013
Component 43 11/15/2012

 

HMAC-SHA2 Validations

Validation Number Date
HMAC 3715 7/27/2018
HMAC 3714 7/27/2018
HMAC 2692 10/14/2016
HMAC 1661 11/8/2013
HMAC 1430 1/8/2013
HMAC 1390 11/15/2012
FIPS Validation Use Cases

Our FIPS Validation Software can be applied to any application across many industries.

Medical

Stryker

Connected Hospital Bed

To qualify for the VA medical market, Stryker’s connected hospital bed had to be FIPS validated. Stryker used Allegro’s ACE Software Cryptography module, TSL, and XML/JSON products.

Project Details  

  • ACE FIPS 140 validation
  • Secure TLS communications
  • XML/JSON integration
  • ROI 300%+ over in-house development and maintenance
  • Decreased time to deployment

Military

Boeing

Combat Survivor Evader Locator (CSEL)

Boeing used Allegro’s ACE Software Cryptography module for their sophisticated hand-held device that allows troops to communicate securely from behind lines.

Project Details

  • ACE S/W algorithms replace deprecated cryptography
  • Custom FIPS 140 validation for environment
  • Projected ROI 200%+ compared to in-house development and maintenance

Insight From Allegro Software Use Cases

Customized Cryptography Solutions for Medical IoT Industry: “Overall, the return on investment was more than 300% over in-house development and maintenance. With Allegro’s product and support, this medical technology client was able to meet industry requirements and bring their connected hospital beds to market quickly and with confidence, without the need to hire a team of engineers to handle the open-source coding.”
Customized Cryptography Solutions for Military Tech Industry: ‘The defense tech company has adopted a sophisticated solution that allows them to maintain NIST compliance and other validation requirements while ensuring a well-functioning product now and in the future. The utilization of Allegro’s ACE toolkit eliminated the need for in-house development and maintenance, thus resulting in an astounding return on investment of over 200%!’

Contact Us Today To Ensure Your IoT is Secure

Implementing IoT device security can be a challenge. Let us help you by sharing our proven framework for integrating a proactive security approach into your design. Click the button below to schedule a one-on-one web conference to discuss your security needs.

Our Other Products

We Help Your Company with IoT Security

ACE™

The Allegro Cryptography Engine (ACE) is a platform independent, high performance, resource sensitive, embedded FIPS Validated cryptography engine specifically engineered for the rigors of embedded computing.
Learn More

Java Cryptography Extension (JCE) From Allegro

The Allegro Cryptography Engine (ACE) is a platform independent, high performance, resource sensitive, embedded FIPS Validated cryptography engine specifically engineered for the rigors of embedded computing.
Learn More

RomSTL™

Embedded device security is always a concern when building a networked embedded device. Allegro’s RomSTL is a small, resource sensitive TLS client and server solution specifically written for use in IoT applications.
Learn More

RomSShell™

RomSShell is a Secure Shell (SSH) toolkit that is often used in conjunction with RomCLI to deliver secure remote device management capabilities to many Internet of Things (IoT) applications. SSH provides encrypted communications between hosts over an insecure network.
Learn More

RomCert™

RomCert makes embedding security certificate management into resource sensitive IoT devices fast, easy and reliable while decreasing time to market.
Learn More

RomPager®

The Allegro EdgeAgent Suite is specifically engineered to meet the rigors of embedded computing while offering manufacturers access to the latest networking and embedded security technology to actively participate in the rapidly growing Internet of everything universe of devices.
Learn More

RomWebClient™

Allegro’s RomWebClient toolkit allows your engineering team to leverage proven Web technology when creating custom IoT devices. The RomWebClient toolkit enables embedded engineering teams to build products that send and receive objects to and from any Web server using HTTP with full support for IPv4 and IPv6 operation.
Learn More

RomXML®

Allegro’s RomXML Parsing and Framing Toolkit drastically decreases the time and effort needed to implement Extensible Markup Language (XML) in your embedded application. XML offers a processor-independent method to encode data for interchange between diverse systems and is based on a set of rules for the construction of tag-delimited information.
Learn More

RomXML Plus™

Allegro’s RomXML Plus development toolkit offers design engineers a comprehensive solution for building connectivity between IoT devices and enterprise IT environments utilizing web services technology. Web services are often utilized with IoT applications such as remote data collection, operations, industrial automation, sensor networks and monitoring applications.
Learn More

RomCLI™

The RomCLI Command Line Interface toolkit is designed to speed the implementation of text line interfaces for embedded devices. In particular, the RomCLI toolkit supports command-line interfaces that look like Cisco IOS-style command systems. The RomCLI toolkit can work stand-alone or in conjunction with Allegro’s RomPager Web Server to provide unified variable access using common variable access routines.
Learn More

Download Allegro’s Playbook

  • This field is for validation purposes and should be left unchanged.

Contact Us Today

  • This field is for validation purposes and should be left unchanged.