With its 20-year history, the Fusion Embedded TCP/IP Stack is the most widely used portable network protocol suite in the world with thousands of design wins and millions of Fusion network enabled products shipping.

Fusion Embedded IPsec Source Code is a simple add-on for the Fusion TCP/IP stack that allows systems that are running Fusion TCP/IP to use encrypted and authenticated communication.

Fusion Embedded IPsec Protocol Features:

Strong encryption - Encrypting your system’s Internet traffic means the content that is passed over the Internet cannot be easily read by intermediate nodes. The strength of the encryption refers to how easy it would be for the encrypted data to be ‘cracked’. Fusion IPsec offers varying levels of encryption, and different encryption algorithms, trading off between processor usage and level of security.
Data integrity - By calculating a checksum and placing the checksum within the encrypted data, it can be made very difficult for the data that is passed over the Internet to be modified. Fusion IPsec automatically checks whether a packet received using IPsec has been tampered with. A modified packet is discarded and will normally be re-sent by the originator.
Peer Authentication - Authentication is achieved with digital signatures*. This means that a recipient of data can be sure that any data received is from the real source and not an imposter
Replay Protection - Duplicated packets (duplicated by an intermediate node on the Internet) can be prevented using an encrypted sequence number within the packet*. Duplicate packets are discarded

Fusion Embedded IPsec Source Code Features:

• Integral part of the Fusion TCP/IP stack. By integrating the IPsec Source Code into the Fusion TCP/IP stack, we avoid the unnecessary additional processing that a “Bump-In-The-Stack” (BITS) implementations suffer.
• ‘Drop-in’ solution saving engineering cost and time-to-market
• Not based on Open Source - designed and written for Embedded Systems
• Port available for MS Windows
• Manual Configuration of Security Associations (SA)
• Dynamic configuration of Security Associations through optional IKE interface (IKEv2 enhancements also available)
• Authentication Header (AH) and Encapsulating Security Payload (ESP)
• Authentication transforms using HMAC-MD5 and HMAC-SHA-1 (as per RFC 2402) and NULL (RFC 2406)
• Encryption using DES, 3DES, AES and Blowfish (RFC 2451) and NULL (RFC2406)
• Both Transport and Tunnel modes are supported (Gateway and Host)
• Security policies based on individual or ranges of IP address(es), Port number(s) and/or protocol number
• Security policies determine whether to “apply” IPsec, “bypass” or “discard”
• Open configuration API
• Uses extensible PKI library written and designed for embedded systems with hooks for alternative cryptography providers including hardware assistance
• Royalty-free license for OEMs
• Ansi C Embedded Source Code

RFC Support:

1321 - The MD5 Message-Digest Algorithm
1829 - The ESP DES-CBC Transform
1853 - IP in IP Tunneling
2401 - Security Architecture for the Internet Protocol
2402 - IP Authentication Header
2403 - The Use of HMAC-MD5-96 within ESP and AH
2404 - The Use of HMAC-SHA-1-96 within ESP and AH
2406 - IP Encapsulating Security Payload (ESP)
2410 - The NULL Encryption Algorithm and Its Use With IPsec
2451 - The ESP CBC-Mode Cipher Algorithms
3602 – The AES-CBC Cipher Algorithm and its use with IPsec

Embedded Systems Perform Better with Fusion Security Protocols!