Downloads
Benchmarks
Build vs Buy
Mocana vs OpenSSX
Standards
 
 

"We were using OpenSSH but decided to replace it with Mocana's solution. We also decided to use Mocana's Embedded SSL Server. Because of Mocana's small footprint we have been able to reintroduce features we had previously taken out of our products because of the large footprint of the Open Source based software. Runtime performance also proved to be twice as good with Mocana's solutions and we do not need to worry about supporting and maintaining our own code base. We believe Mocana's solutions will give us a real edge in the marketplace."

— Director of Software Engineering,
Publicly Traded
Networking Company
 

About Open Source

When embedded systems development teams investigate which security tools to include in their devices and applications, open source libraries often seem attractive. There seems to be an open source solution for virtually any security protocol, such as OpenSSL, OpenSSH, and the various flavors of Swan IPsec (FreeS/WAN, Openswan, and strongSwan). Such projects are popular, offer loads of optional user-written add-on modules, and best of all, they're free!

A closer observation, however, reveals that there is in fact "no such thing as a free lunch", especially when it comes to implementing security in non-PC environments. Common downsides to using open source security code in production environments include:
  • Porting considerations—Open source security products were designed for desktop systems. To adapt them to embedded devices requires costly development time for non-trivial platform ports, performance optimizations, and footprint reductions.

  • Security concerns—Open source security code has a history of routine and significant security flaws, and of non-adherence to standards which causes interoperability issues.

  • Hidden costs—Open source libraries appear to be free, but when the cost of extra development, maintenance, legal liabilities, and so on are included, the TCO (total cost of ownership) usually exceeds that of Mocana's commercially sold and supported code. (Open source TCO can be easily calculated by using Mocana's FREE Calculator.

  • Support issues—Lack of documentation, samples, support, and maintenance for open source means developers are on their own and must invest significant time to integrate security code, all the while raising the risk of introducing security holes into their application.

  • Code quality—The quality of open source code varies considerably from project to project, and even among modules in a given code base. Testers cannot take anything for granted, and will spend considerable effort on platform testing and integration efforts.

  • Certification and legal issues—Open source security code has a history of difficulty getting and keeping FIPS validations, as well as leaving manufacturers with considerable legal exposure due to unresolved or simply ambiguous issues of patent protection, IP indemnification, licensing, and (unknown) country of origin.
In response to these limitations, Mocana built NanoSSL™ (Client and Server) and NanoSSH™ (Client and Server) from the ground up. Along with the rest of the Mocana Nano- product line, they offer many valuable benefits, including:
  • Considerably higher performance than their open source counterparts
  • Considerably smaller footprints than the open source code bases
  • Open-standards based, RFC compliant implementations
  • Zero-threaded, asynchronous architecture
  • RTOS netural and transport agnostic
  • FIPS validated cryptographic algorithms
  • Full featured, flexible architecture
  • Ongoing development, maintenance, and support
White Paper
For an in-depth discussion of these issues, download the Mocana vs. Open Source White Paper
Download the White Paper
Contact Mocana

Please fill out the form below. All fields are required.
First Name
Last Name
Company
Job Title
Phone
Address
City
State
Zip Code
Email

Your Privacy

Country
Embedded security source code packages can only be delivered to valid business email addresses.
I'd like to receive email updates and news from Mocana*
I have read the Mocana Terms and Conditions


Comparing OpenSSL/OpenSSH to NanoSSL/NanoSSH

Issue Open source Mocana NanoSSH and NanoSSL
Organization Volunteer network. Mocana is the winner of the Red Herring 100 Top Tech Startups in North America.
Platforms Developed for desktop environmnets; platform support not guaranteed. Abstraction layers for more than 20 OSes and 50 silicon CPU platforms.
Performance Little or no data available for performance on embedded systems. In head-to-head tests against open source implementation, the Mocana Nano-product line typically delivers 2x to 3x the number of operations per second.
Size OpenSSL: ~470 KB
OpenSSH: ~270 KB		 NanoSSL: 50 KB
NanoSSH: 70 KB
FIPS 140-2 OpenSSL: Presently certified (has twice lost its certification).
OpenSSH: No.		 Common set of FIPS 140-2 certified algorithms is used by all products in the Mocana Nano- product line.
Vulnerability monitoring No. Users must keep up-to-date on vulnerability reports, apply patches, re-port, and retest. Yes. Mocana monitors many security resources. If vulnerabilities are found, Mocana releases patches and automatically notifies customers.
Interoperability Known issues. No guarantees. Guaranteed. Backed up by VPNC testing.
Documentation Ad-hoc, incomplete, and inconsistent. Full suite of professional technical documentation.
Tech Support Project website FAQs, user forums, generic developer email aliases. 24/7/365. Dependable, personal, hands-on.
Maintenance Users must monitor project websites, download and apply patches, re-port, retest, and reoptimize. Not backwards compatible for embedded systems. Automatic notification of patches and new releases. Backwards compatible, with conversion functions for convenience.
Architecture Designed for desktop systems. Standalone, socket/stream interfaces. Designed for embedded systems. ROM-able, reentrant, asynchronous event driven. Fully documented ANSI C API.
Integration Lengthy process for OS ports, testing, and even rewriting functions in assembly for performance optimization. Process must be repeated for every new release. Easy, and typically in less than two hours. Backwards compatibility means no repeated integration is required for new releases.
Features Often fail to fully implement a protocol's specifications. Fullest, most unambiguous support for IETF standards as formalized in the RFCs.
Status codes Most often a single error code, -1, for every error. Over 900 unique status codes, with macro defines for easy use.
Memory leak detection None. Easy to use memory leak debugger included in all Mocana Nano- products.
Testing Ad-hoc, volunteer, with users providing de facto beta testing. Rigorous, continuous, integrated testing, employing test monkwys, commercial standalone test tools, fuzz testing, and third party testing and verification.
Patent protection and IP indemnification Users assume all risk. Ownership is straightforward, and Mocana fully indemnifies its customers.
Licensing Covered by the GNU GPL (General Public License), which carries many conditions and is open to interpretation. Customers granted unconditional license.
Known country of origin Cannot be determined, which can restrict export to some markets. Yes. US.


Download the White Paper
Contact Mocana

   

Sales | Support | Library Info | Contact | Privacy Policy | FAQs | Site Map

Copyright © 2008 Mocana Corporation