Elliptic Cryptography Strengthens Security

April 1, 2004
This security tool suite aims to protect government and corporate data in today's handheld, power-sensitive wireless devices.

Most on-the-go, mobile wireless users need to transmit and receive their data with a reasonable level of security. Unfortunately, early wireless security methods like WEP required a great deal of processing power. As a result, users chose to disable their security features. The problem was the age-old dilemma of encryption algorithms versus processor speed and power consumption. The last two factors are directly related, as an increase in processing power typically requires more clock cycles. Additional clock cycles translate into more power consumption.

One solution is to build faster processors that consume less power. Another approach is to create encryption algorithms that provide equivalent or even greater levels of security while using less processing power. Certicom Corp. uses this method to develop products based on public-key technologies, such as the Advanced Encryption Standard (AES) and Elliptic Curve Cryptography (ECC).

ECC is an alternative to the older RSA system. It has been approved by standards organizations including ANSI, the IEEE, and the National Institute of Standards and Technology (NIST). It also has caught the eye of the United States' National Security Agency (NSA). Recently, that agency signed an agreement with Certicom to license 26 of its patents.

When combined with existing public-key security methods, carefully constructed elliptic-curve algorithms can provide faster encryptions using smaller key lengths. In turn, less processing is needed by the hardware in mobile, power-constrained devices. Standards-based, public-key technologies like AES and ECC provide a high level of security with relatively small key lengths.

Of course, having a set of standard cryptographic technologies is one thing. But knowing how to incorporate them into embedded wireless devices is a whole different issue. In response to this problem, Certicom has developed a suite of cryptographic tools and applications. Foremost among them is Security Builder GSE, the company's core developer toolkit for the government system. It has recently earned the Federal Information Processing Standards (FIPS) 140-2 certification for the Palm OS 4.1 platform. This achievement builds upon last year's FIPS validation on the Microsoft (www.microsoft.com) Windows and Microsoft Windows CE operating systems.

As a benchmark for security within government agencies, FIPS 140-2-validated products must undergo testing by accredited labs to satisfy NIST specifications. Because Security Builder GSE is FIPS certified, designers of government wireless devices can merely add the GSE module into their systems.

This toolkit serves as the primary cryptographic module for all of Certicom's security applications, such as movianVPN GSE and movianCrypt GSE for Palm. These products allow designers—especially in government agencies—to securely extend their networks to wireless handhelds using FIPS 140-2-validated applications. Motorola, for example, recently confirmed that it will embed movianVPN into its A760 smart phones.

The GSE C-based module provides a full range of cytological tools and functions, including those required by FIPS-certified systems. For example, the GSE module enables the handling-key-generation and random-number-generation (RNG) seeding.

In addition to supporting ECC, the Security Builder GSE module enables all of the standard cryptographic algorithms. They include DES, 2DEC, AES, SHA-1, and the RSA public-key algorithms.

Among the other toolkits in the company's Security Builder family are Security Builder Crypto, PKI, and SSL. Crypto 4.0 allows developers to build cross-platform cryptographic systems. Over 30 platforms are supported, including Microsoft Smartphone OS and Windows CE.Net.

Security Builder PKI is a digital certificate-management tool. SSL provides Secure Socket protocols for SSL/TLS data transmissions. All of the Security Builder products integrate security into C- and Java-based applications. Each one uses an API for both desktop and wireless applications.

Security Builder products are available immediately. Most are priced according to a license fee and royalties based on the number of devices.

Certicom Corp.
1810 Gateway Dr., Suite 220, San Mateo, CA 94404; (650) 655-3950, FAX: (650) 655-3951, www.certicom.com.

See associated figure

About the Author

John Blyler

John Blyler has more than 18 years of technical experience in systems engineering and program management. His systems engineering (hardware and software) background encompasses industrial (GenRad Corp, Wacker Siltronics, Westinghouse, Grumman and Rockwell Intern.), government R&D (DoD-China Lake) and university (Idaho State Univ, Portland State Univ, and Oregon State Univ) environments. John is currently the senior technology editor for Penton Media’s Wireless Systems Design (WSD) magazine. He is also the executive editor for the WSD Update e-Newsletter.

Mr. Blyler has co-authored an IEEE Press (1998) book on computer systems engineering entitled: ""What's Size Got To Do With It: Understanding Computer Systems."" Until just recently, he wrote a regular column for the IEEE I&M magazine. John continues to develop and teach web-based, graduate-level systems engineering courses on a part-time basis for Portland State University.

John holds a BS in Engineering Physics from Oregon State University (1982) and an MS in Electronic Engineering from California State University, Northridge (1991).

Sponsored Recommendations

Comments

To join the conversation, and become an exclusive member of Electronic Design, create an account today!