Symmetry Innovations

VPN IPsec/IKEv2 SDK
Overview

The Cypherbridge Systems VPN SDK implements IKEv1/IKEv2/IPsec for a cryptographically secure solution for IP packet networking. It provides authentication, data encryption and message integrity for embedded devices. VPN SDK is a standards based, full featured toolkit delivering system benefits including security and performance for embedded platforms, smartphones, tablets and more.

uVPN SDK Features
IPv4 and IPv6
IPsec

IPsec adds peer authentication, encryption and message integrity to IP packet networks, protecting against loss of data privacy, integrity, identity spoofing, and replay attack. IPsec adds security at the network IP layer, with no changes needed to existing client/server or streaming applications. Widely adopted, standards based and interoperable with all network equipment, IPsec can be deployed in host-to-host security channels, remote access VPN to corporate network, or network-to-network.

The VPN SDK supports AH and ESP protocols, as illustrated in the following diagram showing ESP enscapulation over a network-to-network tunneled VPN:

The VPN SDK is designed for both IPv4 and IPv6 operation and is optimized for deployment in embedded systems.

IPsec Features
IKE- Internet Key Exchange

VPN uIKE implements IKEv1 and IKEv2 standards based protocols to set up Security Associations (SA) for IPsec. Peer systems dynamically establish and synchronize the IKE SA through mutual authentication and secure exchange of session keys. The SPD governs the policy and management of the security layers. The Security Policy Database (SPD) is used to define traffic flows, such that selected network traffic and direction can be configured on a granular basis. This allows all or selected network traffic to be protected with IPsec. VPN uIKE stores the keys in the Security Association Database (SAD). IPsec fetches the cipher and authentication type and keys from the SAD, then applies security to an IP packet to encrypt outbound traffic, and decrypt inbound packets.

uVPN Integrated Solution

The following diagram shows the relationship between IKEv2 protocol, the SPD/SAD tables, IPsec, and the components of the embedded TCP/IP stack. The VPN SDK implements "bump-in-stack" security processing at the datagram layer, interfaced by the NetIF ingress and egress software APIs:

IKE Features
Evaluate Now
Download PDF
Go to top of page