Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

2/26/2013
10:15 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Allegro Software Announces Integrated Embedded Device Security And FIPS 140-2 Compliance

Announced addition of FIPS 140-2 compliant Allegro Cryptography Engine to RomPager suite of embedded Internet toolkits

SAN FRANCISCO & BOXBOROUGH, Mass.--(BUSINESS WIRE)--At the RSA® Conference 2013 in San Francisco, CA, Allegro, a leading supplier of Internet software for embedded devices, today announced the addition of the FIPS 140-2 compliant Allegro Cryptography Engine, ACE&trade, to the RomPager® suite of embedded internet toolkits. Specifically engineered for the rigors of embedded computing, ACE makes embedding standards-based security protocols into resource sensitive embedded systems such as military, energy and healthcare embedded applications fast, easy and reliable while decreasing time to market.

FIPS 140-2

Billions of embedded systems are quietly working behind the scenes of almost all modern technologies, from automobiles and factory floors, healthcare networks and new medical devices, defense and energy markets to space exploration missions. Increasingly, these critical embedded systems are built from commercial products, and often incorporate standards-based network connectivity. Early networked desktop PCs and servers were unprepared to address the new security implications of network connectivity. The same is true for many of today's embedded systems which presents a significant new security concern that must be addressed immediately and systematically. Many industries, especially post 9-11, now have a heightened awareness that embedded systems and larger enterprise systems with embedded devices are vulnerable to all types of Internet attacks. Within the government, the National Institute of Standards and Technology (NIST) and National Security Agency (NSA) have taken steps to ensure security and compatibility between communicating computers by defining Federal Information Processing Standards (FIPS). Working together they have specifically identified a set of guidelines (FIPS 140-2) for cryptographic-based security systems to protect sensitive information in computer and telecommunication systems, whether desktop or embedded, and asserted the requirement that vendors must comply to these standards to sell and support the government or its contractors. In addition to the government systems market, the FIPS 140-2 standards have been adopted by the financial (Check21, etc.), energy (Smart Grid) and healthcare (HIPAA, HITECH, etc.) industries to safe-guard their data.

ACE and Embedded Device Security

The Allegro Cryptography Engine (ACE) is a cryptographic library module specifically engineered to meet the critical needs of embedded computing systems in addition to fulfilling the requirements needed for FIPS 140-2 validation. The module provides embedded systems developers with a common software interface to enable bulk encryption and decryption, message digests, digital signature creation and validation, and key generation and exchange. In 2005, the NSA defined a set of cryptographic algorithms that when used together, are the preferred method for assuring the security and integrity of information passed over public networks such as the Internet. Today, Suite B is globally recognized as an advanced standard for cryptography that defines algorithms and strengths for encryption, hashing, calculating digital signatures and key exchange. ACE includes a platform independent, government-certified implementation of the NSA Suite B defined suite of cryptographic algorithms.

"The next-generation of network-enabled embedded systems must meet the need for high encryption standards to ensure data privacy," says Bob Van Andel, President of Allegro. "The availability of Allegro's validated ACE FIPS toolkit significantly reduces development, integration and testing time, while giving our customers the security they need." ACE is delivered as ANSI-C source toolkit and will be available in Q2-2013. Stop by Allegro's booth at the RSA Conference 2013, Booth #238 to discuss embedded device security and your product designs.

About Allegro

Allegro Software Development Corporation is a premier provider of embedded Internet solutions with an emphasis on device management, embedded device security and UPnP-DLNA networking technologies. Since 1996, Allegro has been a force in the evolution of secure device management solutions with its RomPager embedded web server and RomPager Secure toolkits. Also an active contributor to UPnP and DLNA initiatives, Allegro supplies a range of UPnP and DLNA toolkits that offer portability, easy integration and full compliance with UPnP and DLNA specifications. Allegro is headquartered in Boxborough, MA and can be found on the web at http://www.allegrosoft.com.

- See more at: http://www.rsaconference.com/events/2013/usa/for-media/sponsor-news.htm#sthash.vUkGhUXB.dpuf

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
The Cold Truth about Cyber Insurance
Chris Kennedy, CISO & VP Customer Success, AttackIQ,  11/7/2019
6 Small-Business Password Managers
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/8/2019
Black Hat Q&A: Hacking a '90s Sports Car
Black Hat Staff, ,  11/7/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprise
Assessing Cybersecurity Risk in Today's Enterprise
Security leaders are struggling to understand their organizations risk exposure. While many are confident in their security strategies and processes, theyre also more concerned than ever about getting breached. Download this report today and get insights on how today's enterprises assess and perceive the risks they face in 2019!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18881
PUBLISHED: 2019-11-12
WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile.
CVE-2019-18882
PUBLISHED: 2019-11-12
WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled.
CVE-2019-18873
PUBLISHED: 2019-11-12
FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the pa...
CVE-2019-18874
PUBLISHED: 2019-11-12
psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.
CVE-2019-18862
PUBLISHED: 2019-11-11
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.