Secure Software for the Internet of Things
Allegro Software Expands Secure IoT Suite Framework With Support For Quantum Entropy Generation from EYL Earns FIPS 140-2 Validation From National Institute of Standards and Technology (NIST)
Ideally suited for vendors building IoT devices who need comprehensive security for the lifetime of their products that are deployed in government, military, and other critical infrastructure environments
BOXBOROUGH, MA and VANCOUVER, CANADA May 15, 2019 – At the International Cryptographic Module Conference (ICMC) 2019 in Vancouver, Canada, Allegro Software, a leading supplier of connectivity and security software for the Internet of Things (IoT), today announced that is has earned FIPS 140-2 Level 1 validation for the Allegro Cryptography Engine, ACE™ utilizing hardware-based quantum entropy generation from EYL(Cert #3432). Specifically engineered for the rigors of embedded computing, ACE enables manufacturers to add standards-based cryptography to resource sensitive embedded systems quickly, easily and reliably while decreasing time to market. Failure to obtain sufficient entropy destroys any security provided by long keys and sound algorithms. EYL’s Quantum Entropy Chip provides the necessary randomness for ACE to meet the stringent requirements for entropy based on quantum principles. ACE is ideally suited for use in IoT devices deployed in transportation, military, energy, healthcare and other critical infrastructure environments where strong validated cryptography is a requirement.
FIPS 140-2 FOR CRITICAL INFRASTRUCTURE
Internet of Things (IoT) ecosystems have become increasingly prevalent, fundamentally changing the way we live, work and play. Billions of IoT devices already exist, with hundreds more coming online each second. Many are finding their way into the sixteen Department of Homeland Security (DHS) designated critical infrastructure ecosystems. The rich data streams from these IoT devices are driving the next generation of digital business and operational ecosystems. The promised value from increased efficiencies, better productivity, and enhanced performance are driven by the use of digital twins, enhanced analytics, and third-party data sources to predict system outcomes. Predicted outcomes are used to operate, monitor, and control critical infrastructure that can affect every citizen (water, electricity, communications, defense systems, and more). As an example, the United Kingdom is driving the development of a “National Digital Twin” with the idea it will be able to make better IoT-fueled decisions.
With billions of IoT endpoints feeding data into billions of digital twins that interact and exchange operational outcomes in critical infrastructure, security is a top concern. Employing sound cryptography with FIPS 140-2 validation helps manage data security risk. Unlike other solutions, FIPS 140-2 validated products have been through rigorous testing and review to ensure complex cryptography algorithms are properly implemented and perform as expected. Allegro’s latest ACE FIPS 140-2 validation allows manufacturers to manage data security risk when embedding it in their IoT devices that are deployed into federal agencies including the DHS identified critical infrastructure ecosystems.
“IoT devices are generating data at a scale never seen before. Some of the most sophisticated IoT ecosystems go well beyond simple analytics or monitoring and employ advanced AI techniques to understand, simulate and predict business and operational outcomes based on collected data,” says
Bob Van Andel, President of Allegro. “Manufacturers that embed and properly utilize Allegro’s FIPS 140-2 validated cryptography are taking a proactive approach to managing data security risk in their IoT ecosystems.”
QUANTUM ENTROPY GENERATION
Entropy is a critical component for cryptography to be effective. Even the best algorithms cannot compensate for insufficient entropy. Such systems are vulnerable to attackers – with potentially disastrous results. This is especially true for resource sensitive IoT devices with strict power and memory budgets that often cannot wait for an entropy source to achieve a desired level of randomness. EYL has solved this problem by harvesting randomness from the natural decay of an extremely small sample of a radioactive isotope. The source of randomness is based on quantum principles and is always truly random. EYL has worked closely with Allegro Software to integrate the EYL Quantum Entropy Chip (QEC) with Allegro’s ACE cryptography library and earn FIPS 140-2 validation.
“FIPS 140-2 validation places very specific requirements on entropy sources used for seeding specific cryptography algorithms. EYL’s Quantum Entropy Chip meets and exceeds these requirements with an extremely small, fast and energy efficient solution,” says Buseok “Bruce” Jung, Chief Executive Officer of EYL. “At EYL, with our Quantum Entropy Chip, we have found a way to harvest the best entropy nature can offer.”
The Allegro Cryptography Engine (ACE) is specifically engineered to meet the critical needs of embedded IoT computing environments and is one of the smallest, fastest, and most comprehensive FIPS 140-2 validated modules on the market. ACE enables IoT device developers to perform bulk encryption and decryption, message digests, digital signature creation and validation, and key generation and exchange. ACE includes a platform-independent implementation of the NSA-defined Suite B suite of cryptographic algorithms, as well as other FIPS-approved algorithms.
The full Allegro Secure IoT Suite is provided as ANSI-C source code and is available today. The EYL QEC is available in a variety of physical formats and is also available today. For more information, stop by the Allegro Software Booth #200 or EYL Booth #308 at the ICMC 2019 or visit the Allegro Software or EYL websites:
Allegro Software Development Corporation is a premier provider of secure IoT software components with an emphasis on industry-leading technology stack for connectivity, device management, and IoT device security. Since 1996, Allegro has been on the forefront of leading the evolution of device management solutions with its patented embedded web server and security toolkits. Allegro is headquartered in Boxborough, MA. and can be found on the web at https://www.allegrosoft.com.
EYL Inc is a deep tech startup providing hardware cyber security solutions for connected devices and securing sensitive data. EYL has developed a unique source of randomness that provides a concrete foundation for strong authentication and encryption. EYL’s solutions are commonly deployed in Internet of Things (IoT) devices, cloud computing, crypto-currency, and the telecommunications industry. EYL is headquartered in Arlington, VA. and can be found on the web at https://www.eylpartners.com/.
Allegro Software Development Corporation
Jongwon “JP” Park
Chief Strategy Officer