default banner

Secure Connectivity Protocols

To enable secure connectivity, a good practice is to base a solution on established and proven network security protocols that are maintained and continuously scanned for new vulnerabilities and patched when necessary.

In order to connect an IoT device to a Cloud infrastructure that would collect its data, monitor it or even upgrade its firmware, one solution is to establish a secure end-to-end channel, which will enable secure exchange of all type of data packets. Such a solution can be generic and transparent to applications.

Several secure communication protocols have been developed over the years to ensure the confidentiality (through data encryption) and authenticity of information transmitted over the Internet.

Among these is the Secure Socket Layer (SSL), which has been widely deployed, but for which several vulnerabilities have been discovered over the years. This has led to the preferred use of Transport Layer Security (TLS). Both SSL and TLS are working at the application layer level, and as such are not application independent: using them implies that application software must be modified, but on the other hand it allows the application software itself to verify encryption and authenticity, and thus establishing a real end-to-end security solution.

On the contrary, Internet Protocol Security (IPSec) is an open standards framework operating at the network IP packets layer level, and is therefore application independent. For example, it allows to create Virtual Private Networks (VPN) in its tunnel mode.

Media Access Control Security (MACSec) defined in the IEEE802.1AE standard can also be used to ensure data confidentiality, data integrity as well as the data source authenticity, but its coverage is broader than IPSec and TLS.

Digital certificates, which are issued by trusted Certificate Authorities (CA), can be used to prove the authenticity of a user, server or device, to ensure that only trusted users and devices can connect to a given network, and to encrypt communications. 

 

Secure-IC’s IP portfolio embeds three main secure connectivity protocols:

  • MACSec IP: MACSec IP is compliant with IEEE802.1AE and has the following key features:
    • Throughput: up to 100Gbps
    • Low latency
    • Fully hardware IP without any software intervention
    • Support AES-GCM 128 and 256
  • IPSec IP: IPSec IP ensures both IPSec and GRE support with the following key features:
    • Throughput: up to 100Gbps (for AES-GCM and Chacha20-Poly1305)
    • Supported IPv4 and IPv6
    • Supported Tunnel and Transport modes
    • Supported ESP and AH modes
    • Full duplex
    • Supported cryptographic algorithms: AES-GCM, HMACSHA1, AES-GMAC, AES-XCBC-MAC, HMAC-SHA2, AES-CBC, AES-CTR, AES-CCM, Chacha20-Poly1305, 3DES
  • TLS/DTLS IP: Secure-IC’s TLS/DTLS IP is able to ensure cryptographic computation for TLS and DTLS. In addition, SecuryzrTM iSE is compatible with OpenSSL integration.
Contact