INTEGRITY Security Services, embedded cryptography

The majority of some 50 billion devices expected to be connected to the Internet by 2020 will be embedded devices. Each with a unique IP address that becomes a target for attack. This connectivity explosion mandates a focus on securing devices, software, networks, and data—from the smallest embedded component to the largest data center—throughout their lifecycles.

Delivering end-to-end security solutions


A connected battlefield is critical to our Armed Forces' success. As multiple classifications of data are transmitted to more devices and vehicles on the battlefield; the requirement for a high assurance, portable encryption toolkit is critical.

To address this need, Green Hills has formed the INTEGRITY Security Services (ISS) business unit. ISS will offer the INTEGRITY operating system with a toolkit to provide reliable and authenticated security software that can ensure these ubiquitous embedded devices remain secure.

ISS toolkits are based on the Green Hills proprietary Federal Information Processing Standards (FIPS) compliant Cryptographic Toolkit. The ISS Cryptographic Toolkit meets the latest government standards and also provides the underlying FIPS compliant cryptographic primitives for use with a comprehensive compliment of security protocols. The toolkits are designed to be small, scalable and certifiable by the US Government. Support is available for Windows, Linux, VxWorks, INTEGRITY and general-purpose operating systems on ARM, Intel, Power Architecture, MIPS and other processor architectures.

Starting with the security toolkits and leveraging all of Green Hills Software's technology, the ISS business unit will deliver complete end-to-end security solutions for devices in all current and emerging markets

INTEGRITY Security Services (ISS) focus

With embedded devices in the automotive, aerospace and defense, industrial control, medical device, mobility, consumer electronics and networking markets all connected in some way, ISS will focus on addressing:

  • Authentication - the process of ensuring that users, devices and software on a network are correctly identified.
  • Authorization - grants users and devices the right to access resources and perform specified actions.
  • Network Access Control - mechanisms that limit access to the network to authenticated and authorized devices, software and users.
  • Confidentiality - using ciphers to transform data to make it unreadable to anyone except those authorized and authenticated to view the data.
  • Integrity - checking mechanisms are designed to detect unauthorized changes to transmitted data through the lifecycle of a device, software and data.
  • Remote Management - a method to monitor, update and manage remotely manufactured and fielded devices.

High Assurance Embedded Cryptographic Toolkit (HA-ECT)


ISS High Assurance Crypto Toolkit

ISS High Assurance Embedded Cryptographic Toolkit (HA-ECT) provides a complete set of cryptographic algorithms for developers requiring a FIPS 140-2 level 1 validation and NSA Suite B-enabled cryptographic module.

In an implementation that was designed from the outset for tightly constrained embedded systems, ISS HA-ECT is optimized to work with the Green Hills INTEGRITY RTOS family (INTEGRITY-178 is the first and only operating system to be certified by the NSA to EAL6+ High Robustness) and other operating systems.

The ISS HA-ECT standardized cryptographic functionality includes: hash functions; random number generators; secret-key and public-key cryptography including Elliptic Curve Cryptography (ECC)—enabling developers to quickly build client and/or server-side applications, thus providing end-to-end security.

Meets government security requirements
The ISS HA-ECT has been ported on a variety of processor platforms, including Power Architecture, ARM, Intel Architecture, and MIPS. ISS HA-ECT enables the developer to create implementations meeting the NSA Suite B Standard- a set of cryptographic specifications that require AES for encryption and elliptic curve cryptography (ECC) for key agreement and digital signatures to secure classified and unclassified communications.

Reduces time-to-market
Software is the most time consuming, expensive, and highest risk aspect of electronic product development. Time to market is the greatest factor in determining your rate of return on investment. Green Hills' ISS Business Unit's mission is to deliver the market's most High Assurance security toolkits ported to every major operating system and CPU architecture. All ISS Security Toolkits are designed to be scalable, extensible and portable to reduce your time to market. Having a single FIPS validated crypto toolkit across all your products will increase the security of your product, while maximizing code reuse to reduce your development cycles.

» Download Embedded Cryptographic Toolkit Datasheet (PDF)

Device Lifecycle Management

INTEGRITY security services device lifecycle management system
INTEGRITY Security Services Device Lifecycle Management (DLM) system delivers and end-to-end security solution for devices in current and emerging markets.

ISS Device Lifecycle Management (DLM) is designed to help embedded product providers monetize, manage, and protect their intellectual property. ISS DLM is a conplete system that encompasses all facets of the manufacturing process for today's global—and commonly outsourced—manufacturing environment.

The DLM system protect devices, data, firmware, and applications against cloning, counterfeiting, tampering, malware intrusion, and snoopiong. At the same time, DLM can efficiently manage devices through proper levels of provisioning.

Components in the ISS Device Lifecycle Management system are as follows:

  • DLM INTEGRITY Tracker: serialize and track chips
  • DLM Enable: anable and disable debug port of other chip features anywhere in the supply chain
  • DLM INTEGRITY Armor: securely deliver and authenticate firmware, software, data content and updates
  • DLM Key Management: provide HDCP, Display Port, Black Box, ZigBee, and custom ID keys as well as real-time key uniqueness checking
  • DLM INTEGRITY Service: manage pre-keyed chips for securing and managing devices and application software throughout the supply chain


» Download ISS Device Lifecycle Management datasheet (PDF)

Anti-Tamper Application Guard

INTEGRITY Security Services, Anti-Tamper, embedded cryptography

ISS Anti-Tamper Application Guard (ATAG) provides a high quality software toolkit for adding anti-tamper protection to any application in a portable, small footprint, as well as high-performance, NSA-approved, FIPS-validated Suite B powered toolkit. ATAG includes Green Hills Software's MULTI IDE and these features:

  • hashes static sections (Text/ROData) of application program
  • provides post-build executable and small target object module
  • enables user-selectable hash strength (SHA-1, SHA-256, SHA-384, SHA-512)

With a configurable target anti-tamper object module, users can perform periodic integrity checks of application code with minimal intrusiveness to application execution time. The ISS ATAG Toolkit also reduces development costs, time-to-market, and Bill of Material (BOM) costs while meeting the latest Government Information Assurance (IA) requirements.

» Download Anti-Tamper Application Guard datasheet

Suite B-compliant security protocol toolkits

INTEGRITY Security Services Suite-B compliant security protocol toolkits

ISS Security Protocol Toolkits are based on Green Hills Software's proprietary Federal Information Processing Standards (FIPS) compliant embedded cryptographic toolkit. This cryptographic toolkit meets the latest government standards and provides the underlying FIPS-compliant cryptographic primitives for use with a comprehensive complement of cryptographic algorithms. Small, scalable, and certifiable by the US government, the toolkits can support Windows, Linux, VxWorks, INTEGRITY, INTEGRITY-178B, and general-purpose operating systems on ARM, Intel, Power Architecture, MIPS, and other producessor architectures.

The following security protocol toolkits are available:



» More on ISS Security Protocol Toolkits

Universal Control Segment (UCS) open platform

Integrity Security Services UCS Open Platform

The Green Hills Software INTEGRITY Security Services (ISS) Universal Control Segment Open Platform (ISS UCS Open Platform) provides a complete foundation for building a full featured Universal Control Segment for developers that need to focus on reliability, high availability, security, and anti-tamper protection. In an implementation that was designed from the outset for the Unmanned Aerial Vehicle (UAV) market, the ISS UCS Open Platform is optimized for the Green Hills INTEGRITY® Real-Time Operating System (RTOS) family.

Supported Architectures & Standards
The ISS UCS Open Platform is supported on Power Architecture®, ARM®, Intel® Architecture, and MIPS®. It enables the developer to create implementations meeting the NSA Suite B and MILS standards for encryption and Multiple Independent Layers of Security respectively to secure classified and unclassified communications.

Comprehensive Anti-Tamper Solution
The ISS UCS Open Platform provides an end-to-end anti- tamper solution for tracking all components, firmware and software, including the remote secure delivery and management of application code from the beginning of your development cycle, through application updates, to fielded UCS.

UCS Open Platform Features
The platform consists of the INTEGRITY RTOS, Green Hills Secure Virtualization, ISS HA Framework, FIPS-approved ISS Embedded Cryptographic Toolkit (ISS – ECT), TCP, File System and the awarding winning MULTI® IDE. In addition, the ISS UCS Open Platform is pre-integrated with an ecosystem of 3rd party middleware and applications.

» Download ISS Universal Control Segment Open Platform Datasheet (PDF)