Securing Wireless Embedded Devices … ASAP!
Network connectivity has been widely adopted in embedded devices to provide enhanced functionality, convenient management, and sophisticated control. More recently, wireless networks have ushered in the age of untethered computing and devices unfettered by wires are showing up in various embedded application domains.
There is one bump on the road to wireless freedom, however. Despite the many benefits that devices can reap from Wi-Fi connectivity, embedded engineers hold back adding such services to their products’ feature sets because of lingering doubts about wireless security. In wireless networks, information travels through the air and is open to interception by anyone within range, so security efforts for wireless networks cannot be concentrated at the boundaries. Rather, it has to be built right into the device at the protocol layer. Even as IEEE and industry groups address these issues with new standards, supporting and managing a network of devices concurrently using the various generations of 802.11 security can be a significant problem.
ASAP is the industry's first middleware product specifically designed from the ground-up to add secure wireless access-point functionality to embedded devices. Putting TeamF1's highly regarded FIPS-certified cryptographic and authentication frameworks to use, ASAP integrates the latest wireless security technologies with an 802.11 stack and flexible driver framework that works with a variety of 802.11 WLAN devices. ASAP allows the embedded designer to leverage the benefits of wireless communication without the security problems that would otherwise result from the use of difficult-to-protect airwaves.
ASAP is equipped with device-friendly features such as its concurrent support for different generations of 802.11 security technology, from WEP through WPA, up to WPA2 / 802.11i, in either Personal (Pre-shared Key) or Enterprise (802.1X) mode. ASAP also includes an 802.11 MIB, QoS control using 802.11e / WMM™, and support for multiple radios and SSIDs.
802.1X & RADIUS Support
ASAP relies on 802.1X for enterprise-mode authentication and includes a full implementation of the Port-based Network Access Control state machine defined by IEEE 802.1X. In 802.1X mode, ASAP allows the AP to act as an authenticator to the network, while using its built-in RADIUS client functionality to authenticate Wi-Fi clients with the Extensible Authentication Protocol (EAP). When in non-enterprise mode, ASAP also allows the use of pre-shared keys in environments where RADIUS servers are not available.
As the use of wireless local area networks spreads far beyond simple data transfer to intense voice/multimedia streaming applications, the need to address Quality of Service (QoS) issues becomes extremely important. Further, QoS needs to be integrated at the point where security is being inserted since intermediate nodes cannot monitor secure traffic. With this in mind, ASAP also includes full-featured support for the Wi-Fi Alliances's WMM standard (based on IEEE 802.11e) for Quality of Service.
OS and Hardware Support
ASAP is a drop-in access point solution offering a lean yet full featured set of standards-based communication and security features packaged as a coherent, easy to use framework. It has been extensively validated on a variety of CPU architectures including PowerPC, MIPS, X86 and ARM/XScale, which minimizes development and integration efforts. ASAP accelerates the addition of optimized and secure embedded wireless services into your next design by taking advantage of the unique features presented by popular operating systems. ASAP is available with optimized editions for VxWorks® and Linux® with support for the native network driver model, enhanced memory management. Designed specifically with embedded constraints in mind, and with an emphasis on strong security and leading-edge standards support, ASAP can be the building block to add secure wireless AP capabilities to any embedded device.