Web and Network Communications

The Green Hills Platform for Wireless Devices provides a complete Wi-Fi reference development platform that accelerates the development of Wi-Fi enabled devices.

In the last decade, network connectivity in embedded devices has become extremely common. A wide range of devices—gas pumps, digital video recorders, industrial controls, patient monitoring equipment, and even some vending machines—are now linked to private networks or the internet.

The latest trend for these connected devices is to drop the leash and get online without wires. While going wireless offers many benefits, it also presents many challenges for developers—such as increased software complexity and added security risks. The Green Hills Platform for Wireless Devices provides developers with a complete Wi-Fi reference development platform for building electronic devices that require secure wireless connectivity.

Green Hills Software’s Platform for Wireless Devices accelerates the development of Wi-Fi enabled products by providing key software technologies in a fully integrated and tested package. The platform is a result of the collaboration and joint development of industry leaders in security and wireless technology.

Built on the secure foundation of the INTEGRITY RTOS, the platform incorporates wireless drivers from Atheros with the Devicescape supplicant agent. These software technologies are integrated and validated on a hardware reference platform consisting of the Atmel AT91SAM9263- EK with Atheros AR6001-based radio modules from CardAccess and Silex Technology.

• Atmel AT91SAM9263-ek evaluation kit*
• Atheros AR6001XL/GL family radio modules by:
  • CardAccess*
  • Silex Technology*
• INTEGRITY RTOS
• GHNet v2 TCP/IP stack
• Atheros AR6K device driver
• Devicescape Wireless Security

* Hardware purchased separately, directly from manufacturer

Feature summary

• Configurable, small footprint
• Full IEEE 802.11 and Wi-Fi Alliance standards support
• Comprehensive WLAN client security features
• Enterprise and Personal mode security with WPA/WPA2
• Static and dynamic WEP (64/128/152-bit)
• Supports the full range of 802.1X Extensible Authentication Protocol (EAP) types
• Supports simultaneous use of different drivers
• Supports 802.1X authentication over wired LANs
• Designed to interoperate with all standards-compliant RADIUS servers
• Optional Cisco Compatible Extensions (CCX) version 4 wireless client for embedded devices - only available to Cisco licensees
• Optional Wi-Fi Protected Set-up (WPS)

Lower device costs
Green Hills royalty-free licensing model is ideal for any wireless devices, eliminating the per unit cost to include this valuable software technology in your embedded devices. Whether you ship 10,000 or 1,000,000 units, you never pay a royalty.

Fast time-to-market
With all of the required software pre-integrated and working together, you don’t need to spend valuable time integrating components. Instead, you can focus on adding the unique features and capabilities that will differentiate your product in the market.

	With INTEGRITY, you can isolate the TCP/IP stack and security software in a protected virtual address space and control the access, flow of information, and availability of system resources to applications running in other protected parts of the system.

Security and reliability
Both security and reliability are critical when connecting devices over a wireless network. With the Green Hills Platform for Wireless Devices your device can take advantage of the proven security and reliability inherent to the INTEGRITY RTOS. INTEGRITY has an unmatched pedigree for security and reliability that includes multiple certifications by the FAA for flight critical electronics as well as formal methods analysis and NSA penetration testing performed on the security aspects of the OS.

INTEGRITY’s separation kernel architecture provides isolation, protection, and controlled access to system resources like network services, devices and even system memory and CPU cycles. Without these protection mechanisms devices are susceptible to infiltration, loss of critical data, and denial of service attacks. The ability to partition resources such as the drivers, network stacks, and applications makes INTEGRITY the clear choice for building secure and reliable systems.

For protecting data in transit, Green Hills has partnered with Devicescape to bring the gold standard in wireless security together with INTEGRITY. The Devicescape supplicant agent satisfies the supplicant requirements of both WPA and WPA2 standards. It supports both Personal and Enterprise modes and all the EAP methods mandated by the Wi-Fi Alliance for WPA2 compliance.

top

In 2003, the Wi-Fi Alliance introduced WPA to rectify the shortcomings of the original Wi-Fi security mechanism, WEP (Wireless Encryption Protocol). WPA2, introduced in 2004, implements all mandatory elements of IEEE’s security standard, 802.11i. WPA2 is backwards compatible with WPA, which includes a smaller subset of the 802.11i requirements. WPA and WPA2 can be enabled in two modes – Enterprise and Personal. Both modes provide user authentication and encryption of data traffic (see table below).

For user authentication, WPA and WPA2 use Pre-Shared Keys (PSK) in Personal Mode and 802.1x/Extensible Authentication Protocol (EAP) in Enterprise Mode. For encryption, WPA uses the Temporal Key Integrity Protocol (TKIP) whereas WPA2 uses the stronger Advanced Encryption Standard (AES). AES satisfies the Federal Information Processing Standard (FIPS) 140-2 specification, a security requirement of many government agencies.

• EAP-TLS
• EAP-PEAP (PEAPvO & PEAPv1)*
• MSCHAPv2
  • TLS
  • GTC
  • OTP
  • MD5-Challenge
• EAP-TTLS*
  • EAP-MD5-Challenge
  • EAP-GTC
  • EAP-OTP
  • EAP-MSCHAPv2
  • EAP-TLS
  • MSCHAPv2
  • MSCHAP
  • PAP
  • CHAP
• LEAP
• EAP-MD5-Challenge
• EAP-MSCHAPv2
• EAP-GTC
• EAP-OTP
• EAP-SIM
• EAP-FAST

For the tunneled EAP methods, the mode used by the server to authenticate itself is listed as the first-level bullet; the modes used by the client to authenticate itself are shown as sub-bullets.

The Cisco Compatible Extensions (CCX) Client provides device manufactures a certification-ready device stack that enables connectivity to widely deployed Cisco networks. CCXv1, v2, v3, and v4 are supported. CCXv4 is targeted at enterprise voice and embedded devices. The CCX Client is validated with Cisco CCX infrastructure systems, and has received KeyLabs certification for CCXv4.

WPS automatically configures the WPA parameters for wireless network that can be as easy as pushing a button on the device and the access point.

Wi-Fi Protected Set-up (WPS) was created by the Wi-Fi Alliance to enable easy and secure establishment of wireless networks. WPS automatically configures the WPA parameters for wireless network in one of four simple ways that can be as easy as pushing a button on the device and the access point. There are three functions that are involved in this protocol.

1. Enrollee—device seeking to join a wireless network

2. Registrar—device with authority to grant or deny access to the network

3. Authenticator—access point functioning as a proxy between an Enrollee and a Registrar

The Devicescape WPS provides the Enrollee function for wireless devices. It supports both in-band models covered by the WPS specification 1.0h for the client side, which are the push button and PIN methods. It also supports both enrollee mode where the wireless client is configured by an access point, and registrar mode where the client can configure an unconfigured access point. The WPS also includes a comprehensive simulator and logging/ debugging capabilities.