Secure Software for the Internet of Things

Embedded Web Server

The Allegro Secure IoT Suite is specifically engineered to meet the rigors of embedded computing while offering manufacturers access to the latest networking and embedded security technology to actively participate in the rapidly growing Internet of everything universe of devices. With 300+ design wins and 250+ million devices shipped to markets worldwide in a broad range of applications, Allegro’s technology is widely recognized as the most used web server on the market today. The full suite of Advanced Edition products support both IPv4 and IPv6 operation, offers TLS 1.2 using FIPS 140-2 level 2 validated cryptography along with a rich set of Web technology, unprecedented flexibility, and unparalleled performance to meet your embedded device development needs.

embedded webserver

RomPager AE

RomPager AE is a sophisticated HyperText Transfer Protocol (HTTP) engine that serves content to browsers and other Web clients. Fully compliant with HTTP 1.1 specifications, the RomPager AE Web server offers superior performance and can be configured to handle thousands of concurrent requests. RomPager AE also provides access to a high-performance CGI-style interface, optional file system support, and the ability to dynamically generate HTML giving your engineering team flexibility to design any Web-based interface of their choice. Additionally, the toolkit offers the ability to serve web objects (HTML, GIF, JPEG, Applets, etc.) from multiple sources: an optional file system, CGI-style User Exit functions, and ROM. RomPager AE is delivered as standard ANSI-C source and built upon a highly portable and field-proven abstraction layer enabling it to work with any RTOS or TCP/IP stack.

embedded webserver architecture

PageBuilder Compiler

Delivered as part of the toolkit, the PageBuilder Web-to-C compiler gives your engineering team a powerful and advanced tool that simplifies the process of converting Web objects to ANSI-C structures. The generated source is compiled and later linked with the RomPager AE modules along with your application allowing the Web server to present Web objects directly from ROM. The PageBuilder Web-to-C compiler also offers significant features for compression, integrated variable data access, integrated dynamic content and much more. Additionally, the Web server engine itself offers HTTP Streaming and HTTP 1.1 PUT, OPTION and TRACE support. Advanced Security features are included with support for Digest Authentication, external password validation and support for an internal security database with dynamic realm and security level configuration. Additional support is provided for state management (URL and HTTP Cookies) and compliance with IETF standards (RFC 2069, RFC 2616, RFC 2617) along with Browser-based file upload support (RFC 1867).

RomSTL – Embedded TLS

Security is always a concern when dealing with devices connected to the internet. RomSTL addresses the need for advanced security with integrated TLS 1.2 support. With support for a variety of cipher suites (RSA, DHE, RC4, DES, 3DES, AES, SHA, CBC, and MD5) and full integration with Allegro’s FIPS 140-2 validated cryptography and Suite B, your development team can provide compatibility with all standard secure browsers. RomSTL also offers a built-in certificate authority, certificate import support and Basic and Digest Authentication under TLS. Compliant with IETF standards (RFC 5246 and RFC 3268), RomSTL provides RomPager AE with the advanced security functionality to meet your development team needs.

Highly Portable

Allegro’s Secure IoT Suite is highly portable across RTOS and processor families. Delivered in ANSI-C source code all products utilize a field-proven abstraction layer to enable portability with any RTOS, TCP/IP stack, and file system environment. Interface files for leading RTOS environments are provided.

Features

Benefits

Small code footprint

More resources available for application features

ANSI C Source Code Distribution

Broad processor architecture support eases porting and support

Processor, RTOS, and TCP/IP stack agnostic

Allegro’s products will work with new or existing hardware and software designs

Interface files for leading RTOS vendors provided

Minimizes porting effort, decreasing time to market

Shipping in millions of products worldwide

Field-proven reliability

Compatible with all standard browsers

Universal and ubiquitous support

Support for all HTML versions including HTML 5

Your designs can incorporate and use the latest HTML technology

HTTP 1.0/1.1 Support

High-performance capabilities of HTTP 1.1 in addition to backward compatibility with HTTP 1.0

An interface to SNMP-style set and get routines

Access routines can be shared for RomPager and an SNMP implementation

Dynamic HTML creation

Creating HTML dynamically saves considerable space and delivers performance gains especially in larger systems

Efficient Internationalization support

Built-in support for Internationalization allows engineers to concentrate their efforts on product differentiation

Flexible Security and External Security support

Use software encryption or if available make use of hardware crypto acceleration

Compilation switches for size, feature and speed trade-offs

Allows the development team to optimize for system resources

URL State Management support

Allows designers to fully use stateful communications (cookies)

Supported RFCs – RomPager AE

Supported RFCs – RomSTL TLS

System Requirements

  • Processor Architecture – Works with any 16-bit, 32-bit or 64-bit processor
  • Operating System(OS) – Works with any OS vendor and will function without an OS if needed
  • TCP/IP Stack – Works with any vendor implementation
  • Filesystem – Works with any vendor implementation and will function without a filesystem if needed
  • Compiler – ANSI C

Embedded FIPS 140-2 Cryptography

FIPS 140-2 Level 2 Logo

The Allegro Cryptography Engine (ACE) is a platform independent, high performance, resource sensitive, embedded  FIPS 140-2 Validated cryptography engine specifically engineered for the rigors of embedded computing. ACE enables OEM manufacturers to add sophisticated FIPS approved encryption technology to their designs and dramatically speed the development cycle. The ACE cryptography library is designed to meet the requirements needed for FIPS 140-2 validation.

ACE

Embedded systems are appearing in virtually all industries with the capability to communicate independently. The rapid adoption and deployment of modern communication technologies have enabled new applications in healthcare, military applications, energy management, consumer devices and many other areas. With these capabilities, comes the need for embedded device security. Any network-enabled device must be considered as a potential target for malicious intent. Encryption of sensitive data while in motion or at rest is a key component to thwarting malicious attacks and reducing risk.

ACE is a cryptographic library module for embedded computing systems that provides validated software implementations of FIPS-approved algorithms for the calculation of message digests, digital signature creation and verification, bulk encryption and decryption, key generation and key exchange. Used stand-alone or pre-integrated with Allegro's Secure IoT Suite, ACE provides CAVP validated implementations of sophisticated FIPS approved encryption algorithms for use in embedded systems. In 2005, the National Security Agency (NSA) defined a set of cryptographic algorithms that when used together, are the preferred method for assuring the security and integrity of information passed over public networks such as the Internet. Today, Suite B is globally recognized as an advanced standard for cryptography that defines algorithms and strengths for encryption, hashing, calculating digital signatures and key exchange. ACE includes a platform independent, CAVP validated implementation of the NSA Suite B defined suite of cryptographic algorithms. ACE is delivered as ANSI C source.

Securing Data In Motion

Many IoT applications often collect and correlate valuable sensitive information at the edge of the Internet and routinely transmit it to servers in the cloud securely. TLS and DTLS are the “defacto” standards for keeping data secure when communicating with servers in the cloud. Allegro’s RomSTL, embedded TLS, and DTLS toolkit, tightly integrates FIPS validated cryptography with a standards-based, embedded implementation of TLS/DTLS to keep your data secure while in motion. RomTLS is additionally integrated to make use of ACE’s support of Suite B algorithms (RFC 6460).

Securing Data At Rest

Allegro’s secure data-at-rest solution is tightly integrated with ACE validated FIPS 140-2 cryptography. Before offloading data to cloud-based applications, any sensitive information stored by IoT devices faces numerous threats and risks of unintentional exposure. Adding data encryption to the transmission process has been the traditional method for reducing this risk. However, simply encrypting data transmissions doesn’t fully address many of the threats aimed at recovering small segments of data or potentially the entire collection. Allegro's Secure IoT Suite provides IoT design engineers the ability to proactively address the threat surface created when storing sensitive data on persistent media. Rather than encrypting data at a volume or drive level where exposing a single set of keys potentially compromises a significant amount of sensitive data, Allegro’s secure data-at-rest solution encrypts information at the file level.

ACE can be used stand-alone or pre-integrated with Allegro’s Secure IoT Suite.

TM: A Certification Mark of NIST, which does not imply product endorsement by NIST, the U.S. or Canadian Governments

ACE - FIPS Mode

 

Digital Signature Algorithms

  • RSA (FIPS 186-4) Key lengths: 2048, 3072
    • Padding Modes: ANSI X9.31, PKCS #1v1.5, PSS
  • DSA (FIPS 186-4) Key lengths: 2048, 3072
  • ECDSA (FIPS 186-4) Curves: NIST P-224, P-256, P-384, P-521

Symmetric Keys

  • AES Key lengths: 128, 192, 256
    • Modes: ECB, CBC, CTR, CFB1, CFB8, CFB128, OFB, CCM
  • AES-GCM Key lengths: 128, 192, 256
  • AES-XTS Key lengths: 128, 256
  • TripleDES
    • Modes: ECB, CBC, CFB1, CFB8, CFB64, OFB

Hash Functions

  • SHA-1
  • SHA-224
  • SHA-256
  • SHA-384
  • SHA-512
  • SHA3-224
  • SHA3-256
  • SHA3-384
  • SHA3-512

Message Authentication

  • HMAC-SHA-1
  • HMAC-SHA-224
  • HMAC-SHA-256
  • HMAC-SHA-384
  • HMAC-SHA-512
  • AES-GMAC Keylengths: 128, 192, 256
  • AES-CMAC Keylengths: 128, 192, 256

Key Agreement

  • DH (NIST SP 800-56A)
  • ECDH Curves: NIST P-224, P-256, P-384, P-521

Key Derivation

  • Password-Based Key Derivation Function 2 (PBKDF2)
  • TLS Key Derivation Functions

Random Number Generator

  • DRBG (NIST SP 800-90B)

 

ACE - Non-FIPS Mode

All of the above in addition to the following:

 

Digital Signature Algorithms

  • RSA: arbitrary key lengths 1024, 2048, 3072
  • DSA: arbitrary key lengths 1024, 2048, 3072

Symmetric Keys

  • DES
  • RC4

Hash Functions

  • MD2
  • MD4
  • MD5

Message Authentication

  • HMAC-MD5

 

 

Features

Benefits

Small code footprint

More resources available for application features

ANSI C Source Code Distribution

Broad processor architecture support, eases porting and support

Processor, RTOS and TCP/IP stack agnostic

Allegro's products will work with new or existing hardware and software designs

Flexible Security and External Security support

Use software encryption or if available make use of hardware cryptography acceleration

Compilation switches for size, feature and speed trade-offs

Allows the development team to optimize for system resources

Supported RFCs

System Requirements

  • Processor Architecture - Works with any 16-bit, 32-bit or 64-bit processor
  • Operating System(OS) - Works with any OS vendor and will function without an OS if needed
  • Compiler - ANSI C

NIST CVMP Validation Reference

FIPS 140-2 Level 2 Logo

Validated FIPS FIPS 140-2 Cryptographic Modules

 

Certificate Number Status NIST Link
3432 Active NIST Reference
2966 Active NIST Reference
2048 Historical NIST Reference

CAVP Validation References

 

AES Validation

Validation Number Date
AES 5574 7/27/2018
AES 5573 7/27/2018
AES 4121 10/14/2016
AES 2671 11/8/2013
AES 2314 1/18/2013
AES 2271 11/15/2012

 

DSA Validation

Validation Number Date
DSA 1116 10/14/2016
DSA 810 11/8/2013
DSA 728 1/18/2013
DSA 708 11/15/2012

 

RSA Validation

Validation Number Date
RSA 3000 7/27/2018
RSA 2999 7/27/2018
RSA 2227 10/14/2016
RSA 1374 11/8/2013
RSA 1197 1/8/2013
RSA 1164 11/15/2012

 

ECDSA Validation

Validation Number Date
ECDSA 1505 7/27/2018
ECDSA 1504 7/27/2018
ECDSA 936 10/14/2016
ECDSA 465 11/8/2013
ECDSA 379 1/18/2013
ECDSA 367 11/15/2012

 

Triple-DES

Validation Number Date
TDES 2251 10/14/2016
TDES 1602 11/8/2013
TDES 1459 1/18/2013
TDES 1418 11/15/2012

 

SHA Validation

Validation Number Date
SHS 4478 7/27/2018
SHS 4477 7/27/2018
SHS 3390 10/14/2016
SHS 2243 11/8/2013
SHS 1997 1/8/2013
SHS 1952 11/15/2012

 

ECC Component Validations

Validation Number Date
Component 2005 7/27/2018
Component 2004 7/27/2018
Component 927 10/14/2016
Component 148 11/8/2013
Component 50 1/8/2013
Component 43 11/15/2012

 

DRBG Validation

Validation Number Date
DRBG 2224 7/27/2018
DRBG 2223 7/27/2018
DRBG 1241 10/14/2016
DRBG 430 11/8/2013
DRBG 286 1/8/2013
DRBG 279 11/15/2012

 

SHAKE/SHA-3 Validation

Validation Number Date
SHA-3 8 7/27/2018

 

KDF TLS Validation

Validation Number Date
Component 2062 9/7/2018
Component 2061 9/7/2018
Component 1074 1/27/2017

 

KAS FFC Validation

Validation Number Date
Component 927 10/14/2016
Component 148 11/8/2013
Component 43 11/15/2012

 

KAS ECC Validation

Validation Number Date
Component 2005 7/27/2018
Component 2004 7/27/2018
Component 927 10/14/2016
Component 148 11/8/2013
Component 50 1/8/2013
Component 43 11/15/2012

 

HMAC SHA2 Validation

Validation Number Date
HMAC 3715 7/27/2018
HMAC 3714 7/27/2018
HMAC 2692 10/14/2016
HMAC 1661 11/8/2013
HMAC 1430 1/8/2013
HMAC 1390 11/15/2012

 

Allegro Software
1740 Massachusetts Avenue
Boxborough, MA 01719

Home | Resources | News/Events | Company | Contact | Legal

Copyright © 2019, Allegro Software Development Corporation
All Rights Reserved