Wireless Systems Design

Elliptic Cryptography Strengthens Security

This security tool suite aims to protect government and corporate data in today's handheld, power-sensitive wireless devices.

Most on-the-go, mobile wireless users need to transmit and receive their data with a reasonable level of security. Unfortunately, early wireless security methods like WEP required a great deal of processing power. As a result, users chose to disable their security features. The problem was the age-old dilemma of encryption algorithms versus processor speed and power consumption. The last two factors are directly related, as an increase in processing power typically requires more clock cycles. Additional clock cycles translate into more power consumption.

One solution is to build faster processors that consume less power. Another approach is to create encryption algorithms that provide equivalent or even greater levels of security while using less processing power. Certicom Corp. uses this method to develop products based on public-key technologies, such as the Advanced Encryption Standard (AES) and Elliptic Curve Cryptography (ECC).

ECC is an alternative to the older RSA system. It has been approved by standards organizations including ANSI, the IEEE, and the National Institute of Standards and Technology (NIST). It also has caught the eye of the United States' National Security Agency (NSA). Recently, that agency signed an agreement with Certicom to license 26 of its patents.

When combined with existing public-key security methods, carefully constructed elliptic-curve algorithms can provide faster encryptions using smaller key lengths. In turn, less processing is needed by the hardware in mobile, power-constrained devices. Standards-based, public-key technologies like AES and ECC provide a high level of security with relatively small key lengths.

Of course, having a set of standard cryptographic technologies is one thing. But knowing how to incorporate them into embedded wireless devices is a whole different issue. In response to this problem, Certicom has developed a suite of cryptographic tools and applications. Foremost among them is Security Builder GSE, the company's core developer toolkit for the government system. It has recently earned the Federal Information Processing Standards (FIPS) 140-2 certification for the Palm OS 4.1 platform. This achievement builds upon last year's FIPS validation on the Microsoft (www.microsoft.com) Windows and Microsoft Windows CE operating systems.

As a benchmark for security within government agencies, FIPS 140-2-validated products must undergo testing by accredited labs to satisfy NIST specifications. Because Security Builder GSE is FIPS certified, designers of government wireless devices can merely add the GSE module into their systems.

This toolkit serves as the primary cryptographic module for all of Certicom's security applications, such as movianVPN GSE and movianCrypt GSE for Palm. These products allow designers—especially in government agencies—to securely extend their networks to wireless handhelds using FIPS 140-2-validated applications. Motorola, for example, recently confirmed that it will embed movianVPN into its A760 smart phones.

The GSE C-based module provides a full range of cytological tools and functions, including those required by FIPS-certified systems. For example, the GSE module enables the handling-key-generation and random-number-generation (RNG) seeding.

In addition to supporting ECC, the Security Builder GSE module enables all of the standard cryptographic algorithms. They include DES, 2DEC, AES, SHA-1, and the RSA public-key algorithms.

Among the other toolkits in the company's Security Builder family are Security Builder Crypto, PKI, and SSL. Crypto 4.0 allows developers to build cross-platform cryptographic systems. Over 30 platforms are supported, including Microsoft Smartphone OS and Windows CE.Net.

Security Builder PKI is a digital certificate-management tool. SSL provides Secure Socket protocols for SSL/TLS data transmissions. All of the Security Builder products integrate security into C- and Java-based applications. Each one uses an API for both desktop and wireless applications.

Security Builder products are available immediately. Most are priced according to a license fee and royalties based on the number of devices.

Certicom Corp.
1810 Gateway Dr., Suite 220, San Mateo, CA 94404; (650) 655-3950, FAX: (650) 655-3951, www.certicom.com.

See associated figure

TAGS: Mobile
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish