Inside Secure announced that its Linux- and Android-ready SafeZone Encryption Toolkit has achieved U.S. National Institute of Standards and Technology (NIST) FIPS 140-2 certification. SafeZone, which is integrated within Inside Secure’s MatrixDAR and QuickSec VPN Client for Android products, now secures data in transit over SSL/DTLSand IPSEC, as well as “data at rest” on Android devices.
With SafeZone now certified for the NIST Federal Information Processing Standard (FIPS) 140-2 protocols, OEMs and application developers can design more secure appliances, applications, mobile devices, and servers in accordance with stricter government security requirements, says Inside Secure. Many enterprises are adopting FIPS security standards even if they’re not mandated by the government, adds the company.
FIPS 140-2 validated cryptographic modules are required by the U.S and Canadian governments for telecommunications systems, and the requirements are expected to soon be extended to other applications, devices, and communications networks, says the company. Directives in the U.S. and Europe are said to be seeking to expand the requirement to industries including finance, manufacturing, healthcare, transportation, communications, and other utilities.
SafeZone architecture and use cases
(click images to enlarge)
The SafeZone FIPS Encryption Toolkit now secures data in transit over SSL/DTLS and IPSEC communications sessions per FIPS 140-2, as well as data-at-rest (DAR) on Android devices. The Toolkit integrates NIST-approved algorithms for symmetric and asymmetric cryptography, including:
- AES and 3DES for confidentiality
- SHA-1 and -2, AES CMAC, and GMAC for authenticity
- RSA, DSA, and EC-DSA for digital signatures
- XTS-AES DAR confidentiality protocol
- Key transport, key agreement, and key derivation protocols
The SafeXone module enables the use of cryptographic secrets, such as a Root Key or Hardware Unique Key (HUK), with keys securely managed by an asset store, says Inside Secure. Self-testing functionality and two-operator role configurations are also available.
The SafeZone FIPS Encryption Toolkit software supports Linux and Android devices as well as any mobile or resource-constrained device using an embedded operating system with 100K memory requirements. The FIPs module is integrated in the Toolkit’s SafeZone product, as well as the Android-ready MatrixDAR and QuickSec VPN Client for Android products.
MatrixDAR is a DAR encryption solution that protects stored contents on an Android device and its removable storage media. It replaces Android’s native crypto libraries with libraries certified for the FIPS XTS-AES protocol. QuickSec VPN Client for Android is a mobile VPN solution that features a customizable reference GUI and full source code.
In the company’s announcement, Inside Secure EVP for embedded security solutions Simon Blake-Wilson was quoted as saying, “Using software development tools that incorporate this pre-validated module, manufacturers can meet current and future security requirements, avoid the lengthy and expensive FIPS validation process, stay focused on their core competency and get their products to market more quickly.”
The company’s announcement further suggests its new mobile-focused SafeZone technology was in part a byproduct of its Dec. 2012 acquisition of French security firm Embedded Security Solutions (ESS).
SafeZone Encryption Toolkit with FIPS 140-2 certification appears to be available now. More information may be found at Inside Secure’s SafeZone Encryption Toolkit page.