Security (MCU, MPU, FPGA)

Security for devices connected to the Internet of Things (IoT) or devices involved in Machine to Machine (M2M) communications is a critical part of all systems being designed today.  This section describes the various aspects of security for the Unison RTOS and how these features create solid and dependable protection.

 

The first step in security is end to end encryption and the two approaches to this that are seen as industry standards are: 

  • TLS/SSL
  • IPSec

The difference between these two approaches is that TLS can be used to set up a secure connection between applications on different machines but IPSec can be used to create a virtual private network which will encrypt all traffic across a link.  At first glance it seems that the VPN is superior but they are more difficult to setup and all good security comes in layers.  

 

TLS is used to build up other secure communications.  Using SMTP (simple mail transport protocol) with TLS, secure email is achieved.   In a similar fashion, https or a secure web server connection using http is created using TLS to access the web server.  In summary the two addition secure methods derived from this are: 

  • Secure email using SMTP and TLS
  • Secure web server communication using HTTP and TLS for HTTPS

 

You might thing that secure shell access and secure FTP file access are achieved the same way.  Some have done this; however the standards which are entirely new protocols which implement these features are: 

  • SSH or secure shell
  • SFTP or secure file transfer

As mentioned above, both are completely new protocols, NOT  telnet running over TLS and FTP running over TLS.  SSH is used for secure configuration of target systems and SFTP is used for secure file transfer to/from target systems.

 

There is two additional security features in the Unison RTOS.  These are SNMP v3 and secure boot.   SNMP v3 is secure for both authentication and transmission of data between the management station and the SNMP agent.  There is no requirement for IPSec or TLS for this security.

 

The secure boot requires the files which are downloaded for reflashing the system to be encrypted and checked before loading.  Using this approach, devices never need to be returned to the factory for upgrades and automatic failure of the updates are automatically detected.  This is all part of the Unison Bootloader.

 

In summary, Unison RTOS includes all the security features that you need built into the environment and tested in the environment.  This includes: 

  • TLS/SSL
  • IPSec
  • Secure mail  or secure SMTP
  • Secure web pages or HTTPS
  • Secure shell - SSH
  • Secure file transfer - SFTP
  • Secure management - SNMP v3
  • Secure Bootloader

Unison RTOS has all the off the shelf security you need for security for MCUs, MPUs, and FPGAs.