The explosive growth of internet connected devices calls for solutions to meet the surging demand for big data, scalability, privacy and security.
Cypherbridge supplies standalone, IoT and Cloud Connected Software Development Kits and Toolkits. We target small to medium applications where memory, power and performance are carefully balanced. We offer a wide range of robust device-level solutions for secure device connectivity for both new designs and existing product upgrades.
Add electronic data privacy, authentication and integrity with the uSSL SDK. Integrate TLS for embedded web server HTTPS. Secure your proprietary TCP/IP client server applications using standards based SSL/TLS. Add X509 certificate based authentication to insure system level trust and authorization for devices and back office servers. Safely store and transfer files with uFTP Toolkit and uFile Encrypted File System.
Replace TCP/IP command line interfaces like telnet. Add our uSSH SDK for secure password or certificate authentication login, encrypted communications, and include optional secure copy for file transfers.
Connect to the cloud with our Cloud Device Kit for scalable data synchronization to the data center. CDK scales across the enterprise to replicate data across many devices, and includes the uFile encrypted embedded file system to keep the file contents safe even if the removable media or device itself is lost or stolen.
Encrypt your network using uVPN SDK for IKE/IPsec. IPsec secures all network traffic and avoids redesign of existing mobile or fixed device applications. uVPN includes an optional firewall to filter network packets, block port scans and remote hacking.
Plan for software lifecycle and field updates using the uLoad SDK. Files encrypted on USB flash drive are safe even if the media is lost or stolen. Installed images are authenticated and verified by uLoad Install Defender, preventing malware from being installed on a device. Multiple images are managed for field updates, including both rollback and factory versions. Managed devices save on returns and support costs.
These are just some examples of our solutions to real-world problems. Our portfolio of embedded SDKs, toolkits and protocols continues to expand with new support for embedded JSON, COAP, and more. Contact us today to deliver a solution for your platform!
Portable ANSI C software update installer and secure boot loader.
Installing software updates by web, serial port or removable flash drive? Images can now be securely distributed and managed. Encrypted files are protected in case the file or removable media is lost, stolen or hacked. The uLoad Product Family includes advanced software updates and boot loader solutions for embedded platforms. uLoad can be used for safe install, to manage multiple images for an update, activation and safe-boot to last-known-good or factory version, and to integrate a boot loader with optional security features.
Free or low cost boot loaders and flash utilities, such as USB DFU flash burners, have limited functionality and do not implement multiple image management. The uLoad SDK delivers advanced features including multiple image management, robust image hash integrity checks, and system error recovery features. Images can be installed from network, serial, and local USB or SD flash drives. uLoad includes a command line toolkit or Windows GUI for image management, processing and encryption, and firmware push to the target.
The uLoad SDK is available in the following configurations for the best match to specific project requirements:
The uLoad-IDE Install Defender Edition controls software updates and distribution, authenticates genuine origin, and blocks malware installs in SCADA, POS terminals, industrial controllers, and anytime software updates are used. Secure images can be transferred by email, file copy, local USB, SD flash drives, serial port, LAN/WAN network.
The uLoad-DFE Device Firmware Edition supports factory and clear text images with zero encryption and no passphrase. It is targeted to embedded systems that require multiple images and rollback features in a robust solution. The image model is the same as the uLoad Secure Edition, only without encryption features.
The uLoad-SE Secure Edition adds a security model to control software updates using encrypted images with a security header, passphrase, and multi-level keys. Images can be decrypted during the installation, or during the boot loading stage, to provide maximum defense against reverse engineering, cloning and un-authorized use.
uLoad-SE can be used to encrypt the software update image distributed on USB flash drive. When the field engineer or end user starts a software upgrade, the encryption pass phrase is interactively or programmatically entered to decrypt the image. This authenticates the image to insure it is genuine, and can be used to distribute optional features with different software SKUs and pass phrases.
Process software image with toolkit supported on command line, Windows GUI and MacOSXMCU and FPGA image file hash signing and authentication.
Use standard toolchain to compile and link software images. Supports IAR, Keil, GCC and all other toolchains.
Secure pass-phrase protected distribution of embedded product keyset.
Image installation and rollback
Flexible, easy to use and extensible design can be integrated with product startup and initialization
Optional support for trust chip DS28E01 hardware based challenge-response authentication for PCB board level verification
Enhanced product integrity
Protection against product tampering, reverse engineering and unauthorized use.
Portable ANSI C SSH embedded server and client for interactive shell and tunneled TCP/IP security layer.
Implement secure interactive shell and SSH tunneled application functions using the uSSH solution. Secure telnet replacement is just the beginning. uSSH provides a flexible TCP/IP security layer for existing and new applications using the built-in command dispatcher. Easy to integrate with run-time environment using RTOS integration features.
The uSSH SDK can be complied for a range of processors and platforms, and comes equipped with utilities and toolkits to manage user accounts and private keys. Build options include tailored asymmetric and symmetric crypto suite, login banner, account access control and other features. The compact uSSH protocols and fully integrated math and crypto library can be tailored to a very compact memory footprint under 50K on a typical Cortex-M3 flash MCU.
Take advantage of SSH security architecture and accelerate your time to market with the uSSH SDK.
Standards based SSH 2.0 interoperates with GUI and command line SSH clients
Flexible command dispatch to implement any secure client server application
Built-in starter shell extensible for application specific commands. For non-interactive applications no shell is needed
Authenticates with user name and protected password
Access control feature supports Technician, Supervisor, Factory levels
Configurable DSS and RSA asymmetric session support with private key generator utility
Configurable crypto with 3DES, AES and Blowfish support
Portable ANSI-C SDK with small footprint ported to ARM, Cortex-M3, x86
Integrated memory management
RTOS integrated using simple task launcher
SCP secure copy integrated with embedded file system
Portable ANSI C software stack implementing standards based SSL, PKI, crypto, hashing, and network protocols. Targeted for embedded systems and devices, uSSL employs proven interoperable features to securely authenticate and cryptographically secure end-to-end system transactions. uSSL can be easily integrated with existing or new applications, and can be tailored to enable a subset of the supported protocols to achieve the lowest possible memory footprint.
uSSL includes self-test support for integration, test, and compatibility verification. uSSL includes a network adaptation layer to integrate with a variety of TCP stacks, wired and wireless networks. uSSL is interoperable with back-end Linux and Windows SSL-ware.
Upgrades to existing applications employing legacy proprietary encryption schemes, can use uSSL to strengthen security and interoperability. Existing applications can be merged with uSSL features to preserve investment in existing applications and protocols.
SSL3 and TLS 1.2 server and client protocol support
The Cypherbridge Systems VPN SDK implements IKEv1/IKEv2/IPsec for a cryptographically secure solution for IP packet networking. It provides authentication, data encryption and message integrity for embedded devices. VPN SDK is a standards based, full featured toolkit delivering system benefits including security and performance for embedded platforms, smartphones, tablets and more.
uVPN SDK Features
Supports Tunnel and Transport Modes
Compact Portable ANSI-C small memory footprint solution
RTOS, Android, Embedded Linux operating system support
ARM, PowerPC, x86 processors
Interoperates with Openswan, Strongswan, OpenBSD, Windows IPsec VPN
IPsec adds peer authentication, encryption and message integrity to IP packet networks, protecting against loss of data privacy, integrity, identity spoofing, and replay attack. IPsec adds security at the network IP layer, with no changes needed to existing client/server or streaming applications. Widely adopted, standards based and interoperable with all network equipment, IPsec can be deployed in host-to-host security channels, remote access VPN to corporate network, or network-to-network.
The VPN SDK supports AH and ESP protocols, as illustrated in the following diagram showing ESP enscapulation over a network-to-network tunneled VPN:
The VPN SDK is designed for both IPv4 and IPv6 operation and is optimized for deployment in embedded systems.
TCP/IP StacK NetIF interface integrates with RTOS, Kernel, User Mode TCP/IP stacks
IKE- Internet Key Exchange
VPN uIKE implements IKEv1 and IKEv2 standards based protocols to set up Security Associations (SA) for IPsec. Peer systems dynamically establish and synchronize the IKE SA through mutual authentication and secure exchange of session keys.
The SPD governs the policy and management of the security layers. The Security Policy Database (SPD) is used to define traffic flows, such that selected network traffic and direction can be configured on a granular basis. This allows all or selected network traffic to be protected with IPsec.
VPN uIKE stores the keys in the Security Association Database (SAD). IPsec fetches the cipher and authentication type and keys from the SAD, then applies security to an IP packet to encrypt outbound traffic, and decrypt inbound packets.
uVPN Integrated Solution
The following diagram shows the relationship between IKEv2 protocol, the SPD/SAD tables, IPsec, and the components of the embedded TCP/IP stack. The VPN SDK implements “bump-in-stack” security processing at the datagram layer, interfaced by the NetIF ingress and egress software APIs:
Supports embedded IKE initiator mode, Phase1 and Phase2 security association SA
Configurable session options for Security Association negotiation
Automatic negotiation of IKE connection
Authentication using shared secret and RSA key pairs