Sun Contribute Next Generation Security Technologies to Open Source Project

9/19/2002 - Sun has contributed an Elliptic Curve cryptography code implementation to the OpenSSL (Secure Socket Layer) project. Elliptic Curve cryptography is an emerging public-key cryptosystem which provides the same degree of security as those used in SSL today with approximately one-eighth the key size. This makes the technology especially useful for mobile devices and other small devices that are limited in the power, CPU performance, memory, or bandwidth.

"ECC keys are one eighth as long as keys currently used and, therefore, more suitable for small devices with limited power and storage," said Whitfield Diffie, Chief Security Officer, Sun Microsystems, Inc. "This will allow the builders of an upcoming generation of tiny Web clients to enjoy the security benefits of an open-source implementation of SSL."

OpenSSL provides an open source implementation of the Secure Socket Layer (SSL), the dominant security protocol used on the Web today. Sun's contribution also includes a full-strength, general purpose ECC library which is highly modular and usable for other protocols besides SSL.

The new cross-platform source code contributed by Sun Laboratories is available under the OpenSSL project's open source license which allows free use for commercial and non-commercial purposes; thus affording developers the opportunity to incorporate this next generation cryptographic technology into innovative new security-enabled products and services. This implementation can be put to use quickly and internationally, with the confidence that the technology has been tested through the strength of the open source development method.

"This contribution reaffirms Sun's commitment to advancing open source software and the Internet's security infrastructure," said Jim Mitchell, VP and Director, Sun Microsystems Laboratories. "Sun Labs researchers are actively contributing to the deployment of next generation security mechanisms, both by working on standards development and by freely sharing technology developed at Sun. With the inclusion of ECC in OpenSSL, Sun is seeding the adoption of key technologies critical to the security needs of the wireless mobile industry, and the coming tsunami of small devices reachable over the Internet."

Designed to promote ECC technology standardization and interoperability, Sun's contributions to the OpenSSL project include:

The latest version of the OpenSSL code containing ECC cipher suites can be found at the OpenSSL FTP site. The download file is named: openssl-SNAP-20020911.tar.gz or later version.

About ECC
Elliptic Curve Cryptography (ECC) is an emerging public-key cryptosystem endorsed by the National Institute of Standards and Technology for U.S. government use and standardized in IEEE 1363, ANSI X9.62 and ANSI X9.63. Compared to currently prevalent cryptosystems like RSA, DSA and Diffie-Hellman, ECC offers equivalent security with smaller key sizes, which results in faster computations, lower power consumption, as well as memory and bandwidth savings. For example, 163-bit key Elliptic Curve technology offers the equivalent security strength of a 1024-bit RSA system.

About OpenSSL
Managed by a worldwide community of volunteers, the OpenSSL Project develops and supports the OpenSSL toolkit, an open source implementation of SSL, the dominant security protocol used on the Internet today.

About Sun Microsystems
Since its inception in 1982, a singular vision — "The Network Is The ComputerTM" — has propelled Sun Microsystems, Inc. (Nasdaq: SUNW) to its position as a leading provider of industrial-strength hardware, software and services that make the Net work. Sun can be found in more than 170 countries.

Sun, Sun Microsystems, the Sun logo, SunNetwork and The Network is the Computer are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and in other countries.

Previous Page | News by Category | News Search

If you found this page useful, bookmark and share it on: