MODERN, LIGHTWEIGHT SECURITY
Because the majority of modern cryptographic algorithms were designed for desktop/server environments, many of these algorithms cannot be implemented in (IoT) devices. When current algorithms can be engineered to fit into the limited resources of constrained environments, their performance is typically not acceptable.” NIST
How it works
Relevant Security has developed applications for using RPM to secure IP networking, VPN, WAN optimization, Web traffic, email, instant messaging, file transfer, VoIP, mobile data, mobile commerce, mobile communications, enterprise search, and enterprise data security.
with near real-time performance improving, network operation
10KB code size so security can be embedded in any device and any protocol
supports true federated trust, allowing you to place trust nodes in any topology to support secure peer-to-peer or network transactions
to understand, validate, integrate, use and maintain
using continuous authentication, securing every transaction
RPM is available in C, C++ and Java libraries to enable developers to create secret-key methods for performing continuous, mutual authentication and transaction security.
Technical Benchmarks show that RPM is a highly efficient security method with minimal computational and network overhead.
- Each RPM transaction can be performed in near real time, benchmarked at 5 microseconds per instantiation in software. VHDL and Verilog simulations demonstrate that RPM performs at near line speed in FGPA, ASIC or IC hardware.
- RPM with encryption is an order of magnitude faster than standard PKI authentication and over ten times faster than the world’s fastest AES encryption – and RPM authenticates every packet, not just one like PKI.
- RPM = 5 CPU cycles, single stream
- Koblitz ECC = 81,000 CPU cycles ¹
- AES-GEN = 56.192 CPU cycles, 5
streamIntel AES-NI ² A RPMmulticast application showed that a 10GB file when transferred contains over 7.4 million datagrams with a unique RPM key for 256 bitencryption and mutual authentication of each UDP packet demonstrating that RPM packet level security added only 2 to 5 % overhead measured at the network level with a minimal packet overhead of 1-3%.
Reference Implementations Using RPM
RPM on a Chip (RPMC) simulations in Verilog and VHDL demonstrates RPM wire-speed authentication and security (including encryption) targeted at embedded applications in devices and sensors implemented in an FPGA (field-programmable
RPM Secure TCP File Transfer API provides security of every variable payload of a file transfer, authenticating and encrypting every payload with fresh keys. The file transfer is done over TCP, using 128 bit or 256 bit AES encryption.
RPM Android API provides secure file transfer over TCP, based on the RPM Secure TCP File Transfer API. Efforts are underway to extend this API to a full Secure VPN capability similar to the RPM Secure VPN API discussed below. This API uses the Android Java Cryptographic Extensions (JCE) on the client device and JCE for Linux servers to provide 128 bit or 256 bit AES encryption, along with RPM continuous, mutual authentication.
SSLX® Web Security is a reference implementation of an extension of regular SSL that provides mutual authentication of end-users and web services in near real-time on every transmission. SSLX uses the RPM technology to authenticate and secure every web transaction.
RPM Secure VPN provides real-time, continuous mutual authentication of TCP/UDP data for every transfer between a client and a server while encrypting the data. The RPM Secure VPN API is built for Linux clients and servers using RSA and AES PKI components for secure initial key establishment, 128 or 256 bit AES encryption.
RS VPN Appliances utilize RPM to offer the highest level of security for wired and wireless data in transit over point-to-point and point-to-multipoint 10 Mbps, 100Mbps, and 1Gbps speeds between nodes on a network.
RS VPN VM is available for use on Virtual Machine (VM) instances or integration with other applications.
RS Multicast reference implementation with RPM provides multicast content distribution with mutually authenticated servers and receivers, with unique encryption keys per content payload.
¹ Fast Software Implementation of Binary Elliptic Curve Cryptography Manuel Bluhm, and Shay Gueron, November 10, 2013
² Intel® Advanced Encryption Standard (AES) New Instructions Set, Revision 3.01, September 2012 & Manley, Raymond and David Gregg, “A Program Generator for Intel AES-NI Instructions”, School of Computer Science and Statistics, Trinity College Dublin, Ireland
Relevant Security Corp.
990 South Broadway, Suite 300
Denver, CO 80209