Okay

Get in Touch

General
(508) 921-4600
Email Sales
Email Support

UEI Europe Office
+49 40 63698136
Email EU Sales

Visit this page for local offices and distributors.

UEI has the right cybersecurity solutions to keep your data secure

We offer a suite of cybersecurity tools to help you on your pathway to NIST 800.213 compliance. This includes secure boot, FIPS 140.2 encryption, and 100% control of your hardware and software.

At the heart of our tool suite is the UEI-SAT security automation configurator that takes the engineering and guesswork out of implementing your algorithms, security technical implementation guide (STIG) items, controls, and security protocols. UEI also provides a Secure Linux Toolkit preloaded with libraries to springboard your security development. And when you secure your hardware and software with UEI-SAT, you can add-on the ability to continuously monitor your system to ensure no malicious activity occurs. It's our mission to provide you with the right hardware, tools and support you need during your cybersecurity development and implementation stages.

Cybersecurity Products Overview

Quick Links: Key Security Features UEI Addresses | UEI & NIST Framework | UEI-SAT Security Automation Tool Overview |
UEI-SAT Set Up & Features | Cyber Secure Hardware




UEI’s hardware is designed with the latest tools to keep your data safe and secure. UEI offers easy-to-use cybersecurity solutions that address key features in FPGAs and processors.


AUTHENTICATION OF CODE ON STARTUP


SECURE MEMORY

  • Secure boot firmware in ROM or flash, executed on start up, encryption
  • Encrypted (FIPS 140.2)
  • Locking flash

ENCRYPTION: ACCELERATOR OR LIBRARY IN FLASH OR ROM


TRUSTED EXECUTION ENVIRONMENT (TEE)

  • Two types: symmetric & asymmetric
  • Data at rest
  • Data in motion: for communication
  • ARM TrustZone– silicon features that combines memory protection and secure I/O to make a secure environment


KEY STORAGE


TAMPER PROTECTION

  • Keeping secrets safe with memory protection
  • Physically Unclonable Function (PUF)
  • TPM optional
  • Monitors physical enclosure and power to detect possible tampering


SECURE I/O


SIDE CHANNEL ATTACK PROTECTION

  • Password or challenge/response to open JTAG
  • Locking peripherals
  • Circuits in silicon designed so that electromagnetic signatures (EM) or power analysis do not reveal secrets
  • Can also include protections against physical decomposition of silicon


UEI's Supports NIST SP 800.213: How The Cybersecurity Framework Controls Relationships

The National Institute of Standards and Technology (NIST) has put forth special publication NIST SP 800.53 as a list of specific controls and recommendations to support the design/development and use of secure government IT systems -- outlining how to manage availability, confidentiality, and integrity of data. United States federal/government contractors and agencies must comply with NIST SP 800.53 (Fig. 1). Some state/local governments, and private organizations are adopting these NIST security practices as well.

An integral part of the 800 NIST series is the special publication NIST SP 800.213 and its cybersecurity governance over embedded devices.

Fig.1 - UEI compliance with NIST 800.213 and NIST 800.213A

NIST SP 800.213

NIST SP 800.213A

  • The “Cybersecurity Guidance for the Federal Government - Establishing IoT Device Cybersecurity Requirements”
  • Provides background and recommendations so organizations can consider how their embedded device(s) can integrate into systems
  • Devices and their support for security controls are outlined in the context of organizational/system risk
  • Support of system security considerations from a device perspective – better identify cybersecurity requirements
  • Part A of 800.213, the “IoT Device Cybersecurity Guidance for the Federal Government: IoT Device Cybersecurity Requirement Catalog”
  • 800-213A is a catalog of device cybersecurity features and functions required to properly support 800.213, as well as a catalog of non-technical supporting capabilities, such as support required from device manufacturers
  • The catalog consists of the following:
    • Device Security, Protection, Identification, and Configuration
    • Data Protection
    • Logical Access to Interfaces
    • Software Update
    • Cybersecurity State Awareness

For reference:

  • NIST SP 800.171: A special publication that outlines recommended requirements for protecting the confidentiality of controlled unclassified information (CUI). Defense contractors must implement the recommended requirements contained within to protect covered defense information included in their defense contracts, as required by DFARS clause 252.204-7012.
  • NISTIR 8259: A series of reports that provides guidance for manufacturers and supporting third parties as they design, develop, test, sell, and support embedded devices. It consists of three final documents and one draft document.
  • ISO/IEC 27002: An information security standard that provides best practice recommendations on information security controls for use by those developing and implementing information security management systems (ISMS). Revised in 2022.



UEI-SAT BENEFITS:

  • Easy to Implement
  • No Need to Hire Additional Cybersecurity Experts
  • Provide Security Against a Wide Range of Threats
  • Conforms to NIST Best Practices

  • Secure Boot of Applications, OSs & Loader
  • Quickly Transition from Engineering to Deployment
  • And so much more!

Easily configure and control security capabilities in a step-by-step platform -- No cybersecurity experience is needed!

UEI-SAT makes it easy to configure cybersecurity options with no need to trade-off product schedules. Quickly configure and deploy with confidence that security is done right without having to hire additional experts. All security features provide necessary and important protection. With UEI-SAT, you also get:

  • Enablement of your NIST SP 800.213 and 800.213A Features
  • Secure Boot Configuration
  • Secure Key Management
  • And much more


SET UP SECURITY WITH CONFIDENCE

Fig. 2 - UEI's GUI based tool makes setting up security functionality easy.
  • Customized GUI (Fig. 2)
  • Key Generation
  • Uboot/Linux Authentication
  • Linux Kernal and Rootfs Encryption
  • Peripheral and Code Execution Security
  • UEI Hardware Fully Supported





The Right Features for System Control and Lockdown

  • Authenticated and encrypted boot for RTOSes or Linux
  • Generation of public and private keys for RSA (Rivest–Shamir–Adleman public-key cryptosystem) digital signatures
  • Support for up to 4096-bit keys for resilience against quantum computing attacks
  • Signing of application binaries with RSA signatures
  • SHA-256 (Secure Hash Algorithm 2) hashing for authentication of public keys
  • Generation of AES keys up to 256 bits in length
  • AES-CCM (Advanced Encryption Standard-Counter with CBC-MAC) encryption for bootable code stored in flash memory
  • Use of immutable Hardware Assisted Boot (HAB) stored in ROM
  • Use of AES and SHA-256 hardware accelerators
  • Secure UART, USB, JTAG interfaces, and other I/O ports
  • Download the secure binaries to flash memory
  • Support for on-board TPM for key generation and storage

Learn more about UEI-SAT

LEARN MORE IN OUR CYBERSECURITY VIDEO

UEI CYBERSECURITY HARDWARE SOLUTIONS

UEI offers flexible, rugged, high-performance systems that are configurable to a variety of application requirements. Each system chassis can house a selection of I/O boards custom-selected for your application. UEI cybersecurity features are available on both SoloX ARM and ZYNQ UltraScale+ CPU options.

For complete processor information: SoloX ARM Processor Zynq UltraScale+ Processor


UEI CYBERSECURITY PLATFORM OPTIONS

All hosted (PowerDNA) and embedded (UEIPAC) systems are available in SoloX ARM (-11 and -12) configurations. Zynq UltraScale+ based (-33 and -3A) is only available on embedded (UEIPAC) solutions. UEI-SAT offers 3 cybersecurity level options based on the SoloX ARM or Zynq processor selected by the user.

UEI-SAT LEVEL 1

UEI-SAT LEVEL 2

EMBEDDED

  • -11/12: Stock SoloX/ARM - No TPM
  • -33/3A: Stock Zynq - No TPM
  • Security Automation Tools
    • Customized GUI
    • Key generation
    • Uboot, Linux authentication
    • Linux kernel and rootfs encryption
    • JTAG Security

HOSTED

  • -11: Stock SoloX/ARM - No TPM
  • Security Automation Tools
    • Customized GUI
    • Key generation
    • U-boot, PowerDNA Binary authentication
    • DaqBIOS encryption
    • JTAG Security

EMBEDDED

  • -11/12: Stock SoloX/ARM with Onboard TPM
  • -33/3A: Stock Zynq with TPM
  • Security Automation Tools
    • Customized GUI
    • TPM hardware support
    • Key generation
    • Uboot, Linux authentication
    • Linux kernel and rootfs encryption
    • JTAG Security

    Trusted Platform Module (TPM):

    • A hardware random number generator.
    • Secure generation of cryptographic keys for limited uses.