OPTIMIZED CRYPTOGRAPHY COMPONENTS FOR CONSTRAINED ENVIRONMENTS. RSA BSAFE Crypto Kernel. Solution Brief

Transcription

1 OPTIMIZED CRYPTOGRAPHY COMPONENTS FOR CONSTRAINED ENVIRONMENTS RSA BSAFE Crypto Kernel Solution Brief

2 Figure 1 RSA BSAFE Crypto-C Micro Edition RSA BSAFE Crypto Kernel FIPS out-of-the-box ANSI-C support Limited level of abstraction of cryptography Uses Crypto Kernel as its engine ANSI-C support Very low-level APIs Optimized for size and performance RSA BSAFE Crypto Kernel leverages over 20 years of RSA expertise in delivering highquality data security toolkits for device and software manufacturers. It is a collection of high- performance, small code-size cryptographic source code components that help embedded system developers meet their security requirements by: Providing low-level cryptographic APIs which give developers maximum flexibility in their security implementations, Offering high-performance and small code-size implementations of popular cryptographic algorithms giving developers many choices to meet constrained device requirements, Delivering broad platform support, with customization services available to optimize for specific customer platforms, Providing assembler-level optimizations for popular processors and Offering a wide variety of professional services to help tailor BSAFE components to meet special requirements. Designing and developing secure applications has always been a difficult task, especially for embedded system developers that must code for highly constrained operating environments. However, improperly secured applications greatly increase the risk of exposure of sensitive user information, intellectual property or other device information that could potentially compromise the entire system. Security needs are becoming just as important as feature enhancements for mobile devices. RSA solutions are built on open and proven industry standards, many of which have been developed and championed by RSA. Good security requires good design, but how do you achieve good design without greatly increasing costs and delivery schedules? Designing applications using the RSA BSAFE Crypto Kernel allows you to achieve a solid, secure application design without greatly increasing development time lines or costs. Crypto Kernel offers versions of popular cryptographic algorithms optimized for both small code size and high performance. This helps address concerns like preserving battery life and working with the limited system memory common in embedded environments. And, unlike alternatives such as open source, RSA BSAFE technology is backed by highly regarded cryptography experts in the RSA Professional Services, Worldwide Support and RSA Laboratories organizations. EFFICIENT CRYPTOGRAPHY FOR CONSTRAINED ENVIRONMENTS Persistent protection of your intellectual property and user data requires data security technology that can be quickly optimized for specific needs. Particularly in constrained environments, every line of code counts. Developers securing embedded environments must make calculated trade-offs between code size, performance and interoperability. However, reducing code size does not mean the sacrifice of effective security enforcement. Regardless of where sensitive information is ultimately stored, using the capabilities of RSA BSAFE Crypto Kernel in your application will help provide a persistent level of protection, lessening the risk of compromise. RSA solutions are built on open and proven industry standards, many of which have been developed and championed by RSA. The company has a wide body of knowledge about potential vulnerabilities and how to address them using standards-based algorithms. Because of assembly-level optimizations on key processors, Crypto Kernel can provide developers with algorithm implementations at increased speeds on many popular platforms. Developers can rely on RSA to be a trusted security expert, enabling them to stay focused on developing the core functionality users want. In addition, RSA Professional Services offers application security design assessment services that can help spot existing vulnerabilities in applications during development, as well as help make design decisions which avoid problems later. The Professional Services organization also offers customization services to help with porting to specialized processors or meeting specific code size and performance requirements page 2

3 Table 1. Algorithms Supported by RSA BSAFE Crypto Kernel Algorithms Types Notes Ciphers RC4, RC2, RC5, AES, DES, 3DES Modes: ECB, CBC, CFB, OFB, CTR, CCM, XTS, GCM Digests MD2, MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512 Modes: HMAC, CBC-MAC Public key RSA Padding schemes: PKCS#1, PSS, OAEP, and X9.31 Public key Public key DSA Elliptic curve cryptography (ECC): ECDSA, EC key generation, ECIES Named pime curves: NIST_P256, NIST_P384, NIST_P521 Named F2M Curves in polynomial and ONB formats: NIST_K283, NIST_B283, NIST_K409, NIST_B409, NIST_K571, NIST_B571 Key derivation function X9.63 Key Exchange Diffie-Hellman, ECDH Key wrapping AES key wrapping (X9.102, RFC 3394) Random number generation Elliptic curve deterministic random bit generator (ECDRBG), HMAC DRBG, FIPS random outside the scope of RSA s pre-built components. Working with RSA to design applications securely will help establish trust with your users and limit the risk for you and your customers and partners. RSA BSAFE Crypto Kernel provides the cryptographic foundation for the RSA BSAFE security products designed for C/C++ developers. As shown in figure 1, Crypto Kernel is designed to offer the lowest level cryptographic application programming interfaces. The RSA BSAFE Crypto-C Micro Edition (ME) product uses Crypto Kernel as its cryptography engine and provides a higher level of abstraction of the cryptographic functionality. RSA BSAFE Crypto Kernel is offered currently as source code through RSA Professional Services. Your purchase of Crypto Kernel includes a license to algorithm source code for the chosen processor and operating environment as well as services needed to optimize the code for your specific constraints. Services are also available for porting to additional processors and operating systems or for specific optimizations not provided in the prebuilt components. Because of the specialized nature of applications that use Crypto Kernel, it is custom-supported through Professional Services to ensure the highest level of service. RSA BSAFE Crypto Kernel is a collection of cryptographic algorithm implementations provided as source code (rather than a software library) with a simple API to keep code size small. Crypto Kernel offers multiple implementations of the same algorithm to allow developers the flexibility of trading off performance and code size. Crypto Kernel includes the algorithms most often used by embedded system developers. These algorithms are a subset of those included in RSA BSAFE Crypto-C Micro Edition (ME). By design, Crypto Kernel does not offer the smallest algorithm implementations possible out-of-the-box since this would not meet portability and maintainability goals. Professional Services are available to further constrain code size of a particular implementation, if required. Page 3

4 Figure 2. Code Structure General unlayered routines R2 higher-level API, built on R1 routines R1 Crypto primitive API routines R0 low level routines (subject to change) CODE STRUCTURE Platform-specific assembler code is found at the lowest level of Crypto Kernel, the r0 level. At the next level up, the R1 level, is the lowest level of APIs which are made public. The next level, the R2 level, provides a higher level API such as public key algorithm sign and verify. And at the R level are functions for allocating memory, benchmarking and testing (see figure 2). USING CRYPTO KERNEL Similar to the interfaces provided by other RSA BSAFE and third-party cryptography toolkits, to use Crypto Kernel developers first create a context (the operation being performed), supplying a method (implementation code). Developers configure the context via set/get calls, perform the operation and then cleanup. Crypto Kernel is built out of a directory tree with make files. If an Integrated Development Environment (IDE) is being used, a list of all files can be generated which can then be inserted into the IDE and compiled. Table 2. Performance and size Measurements for a Linux ARM SHA-1 Message Digest RSA PKCS#1 Verification Speed (bytes / second) Size (bytes) Size (bytes) Speed (operations/second) Fast 6,264,000 10,901 10, Small 3,773,000 6,013 17, SUPPORTED FEATURES Algorithms Crypto Kernel supports the most commonly used ciphers, digests and public key algorithms. Table 1 lists those supported by the current versions of Crypto Kernel. For each algorithm, typically four implementations are offered. Not all implementations are available for every algorithm, so please consult with an RSA sales representative for details on which are available for your specific needs. The four implementations typically offered are: C/C++ source for easy portability, Fast for the fastest code possible using code switching depending on the CPU, and typically written in assembler. Efficient is another description of this implementation, since an operation completed quickly saves battery power. With the fast implementation, code size is given little consideration, Small an implementation that balances code size and performance in the best manner possible for a given algorithm and Tiny for the smallest code size possible at the expense of performance. To illustrate the difference a chosen implementation can make, table 2 shows the performance and size measurements for a Linux ARM, 126MHz XScale, with a gcc compiler for the fast and small implementations. In the case of the SHA-1 digest, using the small implementation saves almost 5KB of code size at about 60% of the performance of the fast implementation. page 4

5 For the RSA PKCS#1 verification operation, the small implementation saves about 4KB of code size though performs at about one-quarter the speed of the fast implementation. ASN.1 parsing and memory allocation Unlike open source, RSA BSAFE technology is backed by highly regarded cryptography experts in the RSA Professional Services, Worldwide Support and Laboratories organizations. Crypto Kernel also includes support for simple ASN.1 parsing, as well as an optional memory allocation object. If a platform supports a native memory allocator, developers can compile out all of Crypto Kernel s memory allocation code to further limit code size. Crypto Kernel includes five memory allocators: the standard UNIX-style memory allocator, Win32 heaps for the Win32 platforms, Static memory is allocated from a supplied memory block. This is especially useful for threaded applications where there is a different block of memory for each thread and Stats to measure memory usage so that developers can find the maximum memory used. In the embedded space, there is a wide range of operating systems. Though Crypto Kernel supports a number of platforms, many users have requested a platform unavailable from the above list. In this case, either RSA Professional Services can port Crypto Kernel to the necessary platform or source code can be provided so that developers can perform their own porting. USE CASES These use cases illustrate how developers have used RSA BSAFE Crypto Kernel software to develop secure applications for their embedded system environments. These applications reflect the most common uses of Crypto Kernel. Secure over-the-air distribution for mobile devices This manufacturer wanted to provide secure updates to firmware following the Open Mobile Alliance s Firmware-Over-the-Air distribution method. To authenticate the firmware before downloading, the manufacturer needed an implementation of RSA SHA1 signature verification in less than 30KB. Crypto Kernel was able to meet this demanding size requirement, something the manufacturer was unable to accomplish with open source security software or cryptography developed by in-house developers. Table 3. Crypto Kernel Platform Availability Platform Compiler Processor AIX aixc PowerPC, PowerPC64 Cygwin gcc x86 HP-UX gcc, hpc PA-RISC (1.1, 2.0, 2.0W), IA64 (32-bit and 64-bit) Linux gcc, icc x86, x86_64, ARM4L, ARM4B, MIPS32, IA64, PowerPC Solaris gcc, sunc SPARC (v8, v8+, v9), x86, x86_64 Win32 msvs, icc x86, x86_64 Windows CE msvs ARM4L, MIPS32, SH3 VxWorks gcc ARM4L, ARM4B, MIPS32, PowerPC Page 5

6 Entitlement enforcement for mobile applications This mobile platform vendor included a wide variety of functionalities in their platform and wanted to be able to turn features on or off depending on the customer s runtime license. In addition to needing RSA SHA1 signature verification in less than 30KB, like the mobile phone customer, the platform OEM also needed SHA-1 hashing in less than 6KB. Again, Crypto Kernel solved an issue that the internal development team was unable to solve. Intellectual property protection This transportation systems manufacturer wanted to encrypt firmware on their equipment to protect intellectual property (IP), reducing the risk of reverse engineering of the IP and preventing device cloning. Crypto Kernel provided the manufacturer with a small implementation of the AES algorithm to protect the IP on the equipment. Secure information push To provide Global Positioning System (GPS) customers with a better user experience, this GPS device manufacturer wanted to provide the GPS satellite coordinate predictions to devices more frequently. The prediction data was to be sent as an encrypted payload when the device was docked, and so both DES and AES encryption needed to be implemented in under 20KB a goal met successfully by Crypto Kernel. Narrowband communication security This U.S. Department of Defense contractor needed to encrypt data packets from a device sending information to a receiver via a narrow band communication channel. Because this security concern was being addressed late in the project, there was less than 5KB RAM available for the RSA public key-based encryption APIs. In this case, Crypto Kernel s RSA algorithm was optimized for an ultra low-power 16-bit RISC microcontroller still meeting the code size constraints. Digital rights management (DRM) This consumer device manufacturer was implementing Windows Media DRM 10 on a networked music player but, because the device was not using a Microsoft operating system, Microsoft was unable to provide much support. The customer wanted small implementations of RC4, DES, AES, SHA-1, and RSA (the algorithms used in Windows Media DRM) in a small footprint. Crypto Kernel software provided a solution by optimizing algorithms for the Blackfin processor. Secure firmware updates This General Packet Radio Service mobile modem manufacturer wanted to have boot-time firmware decryption using AES, as well as verification and authentication of microcode updates with their modem (which used a MIPS32 processor and a low-profile Real-Time Operating System). Given the constraint of having less than 50KB of memory available, the internal development team tried to meet the requirements using open source security software, but was able to reduce the code size to only 100KB with unacceptably slow performance. Also, the effort of trying to solve the security software concern was distracting the development team from working on the core product functionality. Crypto Kernel software solved this customer s problem in a timely manner, allowing the development team to refocus their efforts on core development needs. RSA s proven solutions help developers meet the challenges of implementing cryptography in embedded environments. RSA is one of the most respected leaders and innovators in information security with over 20,000 customers worldwide. A full complement of professional assessment and customization services, developer support page 6

7 and market-leading products will help you deliver applications that inspire confidence in your users. RSA continues to innovate, providing the latest data security mechanisms and standards through the support of RSA Laboratories, ensuring that you have the most efficient technology available to secure embedded systems. RSA also continues to invest in thirdparty validations of cryptography components through the National Institute for Standards in Technology FIPS 140 Cryptographic Module Validation Program. RSA has a deep understanding of the special needs of the embedded market and continues to invest in highly customizable cryptographic components like Crypto Kernel to meet the requirements of customers worldwide. Algorithms Page 7

8 page 8

9 named curves Page 9

10 supported standards tls cipher suites page 10

11 Page 11

12 page 12

13 Page 13

14 ABOUT RSA RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world s leading organizations succeed by solving their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments. Combining business-critical controls in identity assurance, encryption & key management, SIEM, Data Loss Prevention and Fraud Protection with industry leading egrc capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform and the data that is generated. For more information, please visit and EMC, EMC2, RSA, the RSA logo and BSAFE are registered trademarks or trademarks of EMC Corporation in the United States and other countries. All other trademarks used herein are the property of their respective owners EMC Corporation. All rights reserved. Published in the USA. H11924 h9048-cryk-sb-1111