DSF for Freescale Architecture

DSF for Freescale is a subset of Mocana’s Device Security Framework, which is a comprehensive suite of products designed to secure all aspects of device and enterprise communications. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance crypotographic performance. It includes device-resident security software, as well as security capabilities delivered across the network. All components of the Device Security Framework are built on a common architecture and share a common API and cryptographic code base. As a device designer, you can choose only the components you need for your particular project... or standardize company-wide on the DSF’s common code base, future-proofing your investment with this broad, flexible and extensible security architecture.

Supported processor platforms: Awards and Certifications Nominations

Sales | Support | Contact | Privacy Policy | FAQs | Site Map | Referral Program

Copyright © 2010 Mocana Corporation

Many classes of networking equipment, such as Virtual Private Network (VPN) routers, wireless access points, cellular base stations and network attached storage equipment must support security protocols. But software-based security implementations are usually too slow to handle today’s throughput expectations. And integrating security protocols is time consuming and expensive. That’s why communication processors with integrated security engines, like Freescale’s PowerQUICC® encryption-enabled processors, provide an optimal solution for enhanced system throughput when encryption is a frequent activity.

On their own, these security engines don’t speed up security operations much. But with the right software—like Mocana’s DSF for Freescale—you can accelerate protocols like SSL, SSH and IPSec by a factor of 20x or even 30x. That means better price/performance for your device, and a more attractive buying proposition for your customers.

Superior Security Performance
To ensure wired and wireless devices, networks and services perform and scale with the utmost security Freescale and Mocana developed the Device Security Framework (DSF) Software for Freescale PowerQUICC® encryption-enabled processors.

This single-source solution combines Freescale’s encryption-enabled single-core and multicore PowerQUICC processors with Mocana’s Device Security Framework™, resulting in superior security performance. DSF is actually a suite of several best-in-class Mocana security products, optimized for the Freescale architecture:

• NanoSec IPSec and IKEv1 and v2
• NanoSSL client and server
• NanoSSH client and server
• NanoEAP extensible authentication protocol
• NanoCert simple certificate enrollment protocol (SCEP)

These protocol stacks can run on any PowerQUICC® encryption-enabled processor device with the most popular embedded operating systems. Utilizing the DSF Software can dramatically reduce time to market and the significant costs associated with porting, optimizing and maintaining several different open source codebases.

Supported processor platforms: Awards and Certifications Nominations

Sales | Support | Contact | Privacy Policy | FAQs | Site Map | Referral Program

Copyright © 2010 Mocana Corporation

DSF for Freescale Features

Mocana’s high-performance, small-footprint, open standards-based security software takes full advantage of the security hardware acceleration in Freescale processors.

Acceleration Harness 2.0
The Mocana Device Security Framework secures device data communications and includes a software-based Acceleration Harness, a high-performance API to crypto accelerators which:

• Manages offload of cryptographic jobs and lightens CPU load
• Integrates seamlessly with all Mocana protocol stacks
• Provides highly asynchronous operation with interrupt mitigation
• Allows for prioritization of different traffic types
• Has an OS abstraction layer to support any operating system, but can work without one
• Is well optimized for PowerQUICC® processors and works with all versions of the SEC core (SEDC 1.x->SEC 3.x)

Rich RFC & Algorithm Support

SSH

• SSH File Transfer Protocol, v2, v3 and v4
• RFC-4250, The Secure Shell (SSH) Protocol Assigned Numbers
• RFC-4251, The Secure Shell (SSH) Protocol Architecture
• RFC-4252, The Secure Shell (SSH) Authentication Protocol
• RFC-4253, The Secure Shell (SSH) Transport Layer Protocol
  
• RFC-4254, The Secure Shell (SSH) Connection Protocol (partially supported)
  
• RFC-4344, The Secure Shell (SSH) Transport Layer Encryption Modes
  
• RFC 4335, The Secure Shell (SSH) Session Channel Break Extension

IPsec

• RFC-2401, Security Architecture for the
• Internet Protocol
  
• RFC-2402/4302, IP Authentication Header
  
• RFC-2403/4303, The Use of HMAC-MD5-96 within ESP and AH
  
• RFC-2404, The Use of HMAC-SHA-1-96 within ESP and AH
  
• RFC-2405/4305, The ESP DES-CBC Cipher Algorithm With Explicit IV
  
• RFC-2406/4305, IP Encapsulating Security
  
• Payload (ESP)
  
• RFC-2407, The Internet IP Security Domain of Interpretation for ISAKMP
  
• RFC-2408, Internet Security Association and Key Management Protocol (ISAKMP)
  
• RFC-2409, The Internet Key Exchange (IKE)
  
• RFC-2410, The NULL Encryption Algorithm and Its Use With IPsec
  
• RFC-2451, The ESP CBC-Mode Cipher Algorithms
  
• RFC-3280, Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
  
• RFC-3566, The AES-XCBC-MAC-96 Algorithm and Its Uses With IPsec
  
• RFC-3602, The AES-CBC Cipher Algorithm and Its Use with IPsec
  
• RFC-3706, A Traffic-Based Method of Detecting Dead Internet Key Exchange (IKE) Peers
  
• RFC-3715, IPsec-Network Address Translation (NAT) Compatibility Requirements
  
• RFC-3748, Extensible Authentication Protocol (EAP)
  
• RFC-3947, Negotiation of NAT-Traversal in IKE
  
• RFC-3948, UDP Encapsulation of IPsec ESP Packets
  
• RFC-4306, Internet Key Exchange (IKEv2) Protocol
  
• RFC-4434, The AES-XCBC-PRF-128 Algorithm for the Internet Key Exchange Protocol (IKE)
  
• RFC-4555, IKEv2 Mobility and Multihoming
  
• RFC-4718, IKEv2 Clarifications and Implementation Guidelines
  
• RFC-2367, PF_KEY Key Management API, Version 2
  
• ModeConfig: draft-dukes-ike-mode-cfg-02.txt
  
• XAUTH: draft-ietf-ipsec-isakmp-xauth-06.txt

SSL

• RFC-2246, TLS Protocol Version 1.0
  
• RFC-3268, AES Ciphersuites for
  
• Transport Layer Security
  
• RFC-3280, Internet X.509 Public Key Infrastructure
  
• RFC-3546, Transport Layer Security Extensions (partially supported)
  
• RFC-4279, Pre-Shared Key Ciphersuites for
  
• Transport Layer Security
  
• RFC-4346, TLS 1.1

Certificates

• IETF Draft: draft-nourse-scep-14.txt
  
• X.509 v3 certificate
  
• X.509 v2 CRL format
  
• RFC-3280’s X.509 certificate and CRL profiles
  
• RFC-2616, Hypertext Transfer Protocol - HTTP/1.1
  
• RFC-2617, HTTP Authentication: Basic and Digest Access
  
• RFC-2560 Online Certificate Status Protocol - OCSP

Supported processor platforms: Awards and Certifications Nominations

Sales | Support | Contact | Privacy Policy | FAQs | Site Map | Referral Program

Copyright © 2010 Mocana Corporation

DSF for Freecale Benefits

30x Performance Enhancement with Same Hardware
Because DSF is zero-threaded and features an asynchronous architecture, your E-chip performs 20x to 30x faster than software based security. Figure 2 demonstrates the performance advantage of DSF when compared to software-only security on PowerQUICC processors.

The low CPU utilization realized by DSF (because of the offload to the integrated security hardware on your E-chip) allows customer application performance to remain high, even with secure connectivity.

No Crypto Expertise Required
Unlike other security packages, DSF for Freescale features an extremely powerful, yet simple and easy-to-use API. That’s because we built it for ease of installation from the ground up. You don’t need to be a crypto expert, because the DSF software hides all of the complexity of the cryptography.

Platform Independent
All of the security protocols in DSF are platform independent and available for dozens of operating systems.

Dramatically Reduces Development Time & Costs
DSF advanced, well-documented APIs speed development and integration efforts and significantly eases customization.

Real Support from Real Engineers
As always, Mocana’s developer support team is available to help you anytime. Additionally, our engineering team monitors relevant standards and issues code patches and