A Closer Look at the Chain of Trust Security Architecture: Wi-Fi Certification, Authentication Support & FIPS 140-2 Turbo

Published on July 3, 2019

Building off of our last post which covered Provisioning and Secure Boot, this week we’re taking a closer look at Wi-Fi Certification, Authentication Support, and FIPS 140-2 Turbo.

Wi-Fi Certification – Enterprise Level of Security

Wi-Fi CERTIFIED™ is an internationally-recognized seal of approval for products indicating that they have met industry-agreed-upon standards for interoperability, security, and a range of application specific protocols. Whether deploying a new infrastructure or integrating new equipment into an existing infrastructure, using Wi-Fi CERTIFIED products ensures interoperability of Wi-Fi products from multiple vendors. Fewer network problems and support calls are often additional advantages of using Wi-Fi CERTIFIED products. Laird Connectivity is pursuing Wi-Fi certification for the 60 SOM series for 802.11ac Wave-2. The 60 SOM will also be WPA2 certified and offer a software roadmap to WPA3 certification. In terms of authentication types, Ezurio (formerly Laird Connectivity) goes beyond most vendors by supporting enhanced authentication methods.

Authentication Support – Ezurio's Enhanced EAP Supplicant

We provide an optimized EAP Supplicant within our embedded Linux package that manages the connection state machine and supports the standard supplicant and security role. The Ezurio supplicant supports additional EAP types versus those found in most open source supplicants. Our supplicant has also undergone extensive testing and optimization including modifications to tune and optimize supplicant behavior, ensuring the best performance in the field. An example would be taking advantage of Ezurio's signature fast scan and roam capabilities for the Enterprise. Support for Cisco Centralized Key Management (CCKM) is also included for greater interoperability and performance on Cisco’s network architecture.

FIPS 140-2 Turbo – On Board Cryptographic Engine

The 60 SOM and IG60 can be equipped with FIPS 140-2 Turbo functionality, which allows you to satisfy federal security requirements for encrypting data in motion and rest. The 60 SOM includes hardware acceleration for encryption therefore supporting FIPS encryption without sacrificing enterprise network performance. The 60 SOM’s software and hardware configuration will be directly NIST certified for FIPS 140-2 Level 1. The 60 SOM certification facilitates end products meeting the FIPS requirements without the need for the end product to go through the certification process directly. The solution will contain capabilities for power-on self-testing and encryption key management. As an added security benefit, these products will support full encryption of onboard network parameters and other information to maintain security of the local network. The hardware accelerator will be accessible via an API interface, allowing its use within the application for things such as encrypting data at rest. This dedicated hardware accelerator allows excellence in cryptographic generation without compromising the rest of the device’s resources and without impacting your application performance.

The 60 Series SOM is our most secure wireless subsystem ever. Learn more at the 60 Series product page.