Allegro Cryptography Engine – ACE™

ACE™

Embedded systems are appearing in virtually all industries with the capability to communicate independently. The rapid adoption and deployment of modern communication technologies have enabled new applications in healthcare, military applications, energy management, consumer devices and many other areas. With these capabilities, comes the need for embedded device security. Any network-enabled device must be considered as a potential target for malicious intent. Encryption of sensitive data while in motion or at rest is a key component to thwarting malicious attacks and reducing risk.

ACE™ is a cryptographic library module for resource sensitive IoT devices that provides validated software implementations of FIPS-approved algorithms for the calculation of message digests, digital signature creation and verification, bulk encryption and decryption, key generation and key exchange. Used stand-alone or pre-integrated with the Allegro EdgeAgent Suite, ACE™ provides CAVP validated implementations of sophisticated FIPS approved encryption algorithms for use in embedded systems. In 2005, the National Security Agency (NSA) defined a set of cryptographic algorithms that when used together, are the preferred method for assuring the security and integrity of information passed over public networks such as the Internet. Today, Suite B is globally recognized as an advanced standard for cryptography that defines algorithms and strengths for encryption, hashing, calculating digital signatures and key exchange. ACE™ includes a platform independent, CAVP validated implementation of the NSA Suite B defined suite of cryptographic algorithms. ACE™ is delivered as ANSI C source.

Securing Data in Motion

Many IoT applications often collect and correlate valuable sensitive information at the edge of the Internet and routinely transmit it to servers in the cloud securely. TLS and DTLS are the “defacto” standards for keeping data secure when communicating with servers in the cloud. Allegro’s RomSTL™, embedded TLS, and DTLS toolkit, tightly integrates FIPS validated cryptography with a standards-based, embedded implementation of TLS/DTLS to keep your data secure while in motion. RomTLS™ is additionally integrated to make use of ACE’s support of Suite B algorithms (RFC 6460).

Securing Data at Rest

Allegro’s secure data-at-rest solution is tightly integrated with ACE™ validated FIPS 140 cryptography. Before offloading data to cloud-based applications, any sensitive information stored by IoT devices faces numerous threats and risks of unintentional exposure. Adding data encryption to the transmission process has been the traditional method for reducing this risk. However, simply encrypting data transmissions doesn’t fully address many of the threats aimed at recovering small segments of data or potentially the entire collection. The Allegro EdgeAgent Suite provides IoT design engineers the ability to proactively address the threat surface created when storing sensitive data on persistent media. Rather than encrypting data at a volume or drive level where exposing a single set of keys potentially compromises a significant amount of sensitive data, Allegro’s secure data-at-rest solution encrypts information at the file level.

ACE™ can be used stand-alone or pre-integrated with the Allegro EdgeAgent Suite.