TargetIPSec™

Internet Protocol Security

Blunk Microsystems’ Internet Protocol Security (IPsec) is available for both TargetTCP6™ and TargetTCP™. IPsec was built from the ground up as an enterprise grade security subsystem for VPN’s or devices such as those requiring USGv6 conformance. Security Policy (SP) configurations can secure categories of network traffic with fine grained precision. Port and address specific traffic can be secured for UDP, TCP and ICMP (ICMP uses code instead of port). SP’s can be configured at compile, boot or run time with API or shell commands. All security is applied transparently of upper layer protocols, including customer and legacy network applications.

Features

  • RFC-compliant protocol suite adds high performance Internet Protocol Security.

    • Internet Protocol Security (IPsec): RFC 4301
    • Authentication Header (AH): RFC 4302
    • Encapsulated Security (ESP): RFC 4303

  • IPsec- Security Architecture for the Internet Protocol

    • includes programmable API and shell interface for associations and policies
      • spshow - display Security Policies
      • sashow - display Security Associations
      • spsave - Save Security Policies to NVRAM
      • sasave - Save Security Associations to NVRAM
      • spadd ‹dir› ‹src› ‹dst› ‹tp› ‹pr› ‹rp› ‹lp› ‹m› ‹ty› [PFS] [START] [NAT] [spi] - Add Security Policy
      • saadd ‹6|4› ‹spi› ‹src› ‹dst› ‹AH|ESP› ‹algo1› ‹key1› ‹algo2› ‹key2› - Add Security Association
      • spdelete ‹dir› ‹src› ‹dst› ‹tp› ‹pr› ‹rp› ‹lp› - Remove Security Policy
      • sadelete ‹spi› - Remove Security Association

  • ESP- Internet Protocol Encapsulating Security Payload

    • Authentication algorithms NULL, MD5, MD5 96, SHA, SHA 96
    • Encryption algorithms DES CBC, 3DES CBC, AES CBC, AES CTR

  • AH- Internet Protocol Authentication Header

    • Authentication algorithms NULL, MD5, MD5 96, SHA, SHA 96

  • Tested interoperable with Windows, Linux, OSX, iOS, Andriod and other TCP/IP stacks

  • Daemon mode allocates one task for IPsec. Whether using daemon or polled integration, IPsec requires one semaphore. Limiting daemon queue size and setting priorities to favor existing connections minimizes any denial of service attempts from affecting the system.

  • Integrated with CrossStep™, Blunk’s IDE for embedded development that includes an integrated project builder, kernel-aware source code debugger, on-chip debug connections for board bring-up and Ethernet debug connections for fast application development.

  • Royalty-free. Includes source code, sample applications, and one year of technical support.

TargetTCP, TargetIPSec, and CrossStep are trademarks of Blunk Microsystems, LLC.