COST COMPARISON:
Mocana vs Open Source

Features & Benefits

Small footprint, high performance.

Dramatically speeds integration & testing of secure VoIP functionality for your product.

Guaranteed “GPL-Free” code protects your intellectual property.

Zero-threaded, asynchronous architecture.

RTOS neutral and transport agnostic.

Expert development support from Mocana engineers.

Mocana’s NanoVOIP Developers’ Suite is a comprehensive security solution for application developers and device designers trying to build secure VOIP products. NanoVOIP contains all of the protocols, algorithms, standards specifications and tools you need to turn an average VOIP implementation into a fully secure, enterprise-class encrypted voice, video and data solution. Better yet, you don’t need to be a security expert to build secure products with NanoVOIP: our simplified API and common cryptographic code base, along with tens of thousands of lines of sample code and professional development support hide the complexity of crypto, making it easy for your team to roll out a secure VOIP implementation, fast.

he NanoVOIP Developer’s Suite consists of a specially-selected set of Mocana’s best-selling security components. The Suite comes with live-person engineering support that you can call on not just for product problems, but for development and implementation advice. The whole point of NanoVOIP is to help you finish your project faster, cheaper, with code quality than you ever thought possible.

About VOIP Security
Voice-over-Internet protocol (VOIP) is a protocol optimized for the transmission of voice through packet-switched networks. The technology is also referred to as IP telephony, Internet telephony or voice over broadband. VOIP has been around for a long time; its roots can be traced back to the experimental Network Voice Protocol on the ARPANET in 1973. Voice-over-IP systems carry telephony signals as digital audio, typically reduced in data rate using speech data compression techniques, encapsulated in a data-packet stream over IP.

VOIP’s cost and efficiency advantages make it a compelling solution for enterprises and consumers alike, and VOIP is booming: the industry will grow more than 24% in 2008 to $3.19 billion in the US alone. Subscriber growth is expected to rise by 21.2% in 2008 to 16.6 million.

However, like any IP-based service, VOIP transmissions are easy to intercept, or even eavesdrop upon. VOIP is especially vulnerable to four different types of attacks:

Denial of Service Attacks: With VOIP, voice is just another servce running over IP. Unfortunately from a security viewpoint, this means that any Denial of Service attack that brings down the data network also stops all your calls cold – even if the attack isn’t deliberately targeting voice over IP.
SIP Attacks: The increasing popularity of session initiation protocol (SIP) for VOIP is opening up a whole new front in the security war. Like IP, SIP offers little inherent security, and some of its design characteristics leave it especially vulnerable to attack. Using certain SIP extensions can create inadvertent security holes in a VOIP implementation, and SIP’s use of text for encoding can make it especially attractive to hackers. SIP attacks include session tear-down, which allows a hacker to terminate calls or carry out a VOIP-targeted DoS attack by flooding the system with shutdown requests; registration hijacking, which allows a hacker to intercept incoming calls and reroute them; and message tampering, which allows a hacker to modify data packets travelling between SIP addresses.
VOIP Network Hacks: Like any IP system, a VOIP network can be hacked. For example: VOIP service providers use a prefix on IP packets to identify their own calls. Hackers can simply send millions of fake test calls to find out which prefixes were admitted to a given network. Once they determine the prefix, hackers send calls through those providers’ networks for free, and sell this stolen bandwidth through their own front companies.
Eavesdropping Attacks: Man-in-the-middle attacks, where a third party spoofs the MAC addresses of the two speaking parties, can force VOIP packets to flow through the hackers’ system, where they can be “sniffed” and decoded. Remember, too that today’s eavesdroppers no longer need to physically put a tap into a phone line, they can simply gain access from a laptop connected to the Internet anywhere on the planet.

Enterprises and consumers alike are becoming savvy to these threats, and are demanding more comprehensive, encrypted and authenticated VOIP solutions. NanoVOIP is the answer.
Untitled Document

Supported processor platforms:

Awards and Certifications

Nominations
2010 Spiffy Awards Nominee

NanoVOIP™ Features

Very High Performance
NanoVOIP, like all of Mocana’s device security solutions, is designed with an asynchronous core to fully leverage hardware acceleration. Throughput-wise, NanoVOIP typically outperforms competing VOIP security packages handily.

Ultra-Small Size
Optimized for size and memory usage, the NanoVOIP components have specifically designed and written to operate in resource- constrained environments. That means you’ll have more memory, battery and processor power available for the rest of your applications.

Full DTLS and SRTP Support
Mocana NanoVOIP includes Datagram Transport Layer Security (DTLS), which provides endpoint authentication, protecting against eavesdropping, message forgery and interference over an unreliable transport (typically UDP). DTLS involves peer negotiation for cipher algorithm support, public key encryption-based key exchange, and certificate-based authentication. Secure Real-time Transport Protocol (or SRTP) is also included, and it defines a profile of RTP (Real-time Transport Protocol) which provides encryption, message authentication, integrity, and replay protection to voice data in both unicast and multicast applications. NanoVOIP implements DTLS-SRTP extensions to perform integrated security key and association management for SRTP.

Robust Certificate Management
Certificate-based authentication is a prerequisite for securely administering networked devices and services. Certificates need to be updated frequently to ensure the device is operated by the assigned user, that the device has the most updated user privileges, and that the device has the most recent upgrades in its service. Fortunately, Mocana makes embedding certificate management on devices easy, fast, and reliable. NanoVOIP supports and extends the Simple Certificate Enrollment Protocol (SCEP) by automating the formerly manual certificate management administrative tasks of generating and sending new certificate requests; certificate renewal requests; and queries of the CA, CRL, CA capabilities or certificate chain. NanoVOIP also supports OCSP, with an OCSP client that is RFC- compliant and enables applications to determine the revocation state and overall status of any certificate.

Integrated Firewalling
NanoVOIP’s integrated firewall technology protects devices and the networks to which they are connected by preventing unauthorized access. It blocks problematic services, drops unauthorized traffic, and even serves as a useful security audit point, protecting your system against denial of service attacks, PING floods, ICMP attacks, TCP SYN floods and others. NanoVOIP comes with everything you need to firewall even the most resource-constrained devices, and includes helpful documentation that teaches you best practices for building embedded firewalls that are inexpensive, efficient and effective.

Full (not partial) IETF RFC Compliance:

DTLS Extension Establish Keys for SRTP - draft-ietf-avt-dtls-srtp-07
Fully compliant with X.509 v3 certificate
Fully compliant with X.509 v2 CRL format
IETF Draft - draft-nourse-scep-14.txt
RFC2104 HMAC: Keyed-Hashing for Message Authentication
RFC-2616, Hypertext Transfer Protocol - HTTP/1.1
RFC-2617, HTTP Authentication:Basic and Digest Access
RFC-2560 Online Certificate Status Protocol - OCSP
RFC-3280, Internet X.509 Public Key Infrastructure
RFC-3546, Transport Layer Security Extensions (partially supported)
RFC-3711 The Secure Real-time Transport Protocol (SRTP)
RFC-4347, Datagram Transport Layer Security
RFC-4346, The Transport Layer Security (TLS) Protocol Version 1.1
RFC-4279, Pre-Shared Key Ciphersuites for Transport Layer Security

DTLS Cipher Support

TLS-RSA-WITH-AES-256-CBC-SHA
TLS-RSA-WITH-AES-128-CBC-SHA
TLS-RSA-WITH-3DES-EDE-CBC-SHA
TLS-RSA-WITH-DES-CBC-SHA
TLS-DHE-RSA-WITH-AES-256-CBC-SHA
TLS-DHE-RSA-WITH-AES-128-CBC-SHA
TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA
TLS-DHE-RSA-WITH-DES-CBC-SHA
TLS-DH-ANON-WITH-AES-256-CBC-SHA
TLS-DH-ANON-WITH-AES-128-CBC-SHA
TLS-DH-ANON-WITH-3DES-EDE-CBC-SHA
TLS-DH-ANON-WITH-DES-CBC-SHA
TLS-PSK-WITH-AES-256-CBC-SHA
TLS-PSK-WITH-AES-128-CBC-SHA
TLS-PSK-WITH-3DES-EDE-CBC-SHA
TLS-RSA-PSK-WITH-AES-256-CBC-SHA
TLS-RSA-PSK-WITH-AES-128-CBC-SHA
TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA
TLS-DHE-PSK-WITH-AES-256-CBC-SHA
TLS-DHE-PSK-WITH-AES-128-CBC-SHA
TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA
TLS-RSA-WITH-NULL-SHA
TLS-RSA-WITH-NULL-MD5

Rich Cryptography Algorithm/Construct Support

Diffie-Hellman
RSA
PKCS #1, Version 1.5
PKCS #5
PKCS #7
PKCS #8
PKCS #10
PKCS #12
Configurable encryption and message digest algorithms:
  - 3DES
  - RC4
  - RC2
  - AES
  - MD2, MD4, MD5
Digest algorithms with RSA encryption: – SHA-1, SHA-224, SHA-256, SHA-384, SHA-512

Symmetric Cryptography

AES128-CTR

Message Digest

HMAC-SHA1-32
HMAC-SHA1-80
HMAC-SHA1-96

Untitled Document

Supported processor platforms:

Awards and Certifications

Nominations
2010 Spiffy Awards Nominee

NanoVOIP™ Benefits

Works Where Others Won’t
NanoVOIP fits into tiny memory footprints where other implementations simply can’t... and open-source packages can’t match Mocana’s throughput performance.

FIPS Certified
All government agencies and most contractors require FIPS-certification of cryptographic engine —a difficult certification to achieve. NanoVOIP’s core cryptographic engine is available to you in source, or as a government-certified FIPS 140-2 Level 1 validated binary.

Complete Solution
There are a lot of other VoIP security packages out there. But almost all of them are incomplete—missing critical standards, algorithms or code that you’ll need to finish your VoIP security implementation. Only NanoVOIP offers everything you need together in one package, to get the job done right—and fast. Guaranteed.

GPL-Free Code
NanoVOIP is usually less expensive than “free” open source code, especially when engineering, testing and support costs are factored in. Since we guarantee that NanoVOIP contains absolutely no GPL code, you can be confident your intellectual property won’t accidentally become public domain because of “GPL contamination”—something open source projects can’t do.

Platform Independent
NanoVOIP, like all of Mocana’s device security toolkits, is CPU-architecture and platform independent. NanoVOIP is immediately available for over 30 operating systems and 70 processors. Platforms supported out-of-the-box include Linux, Monta Vista Linux, VxWorks, OSE, Nucleus, Solaris, ThreadX, Windows, MacOS X, (ARC) MQX, pSOS, and Cygwin. NanoVOIP is endian-neutral, and can be used without an RTOS if required.

No Crypto Expertise Required
NanoVOIP features an extremely powerful, but simple and easy-to-use API. You don’t need to be a crypto expert, because NanoVOIP hides all of the complexity of the cryptography. You can focus on your development project, and let NanoVOIP worry about the security. Plus Mocana’s developer support team is always available to answer your questions about our products or embedded development in general.

Dramatically Speeds Your Development Cycle
NanoVOIP is a ready-made, pre-optimized and exhaustively tested VoIP security solution that frees your in-house development resources to focus on what’s really important: the functionality of your project. NanoVOIP allows you to develop proprietary systems while giving you the freedom to substitute in the commercially available components you choose.

Untitled Document

Supported processor platforms:

Awards and Certifications

Nominations
2010 Spiffy Awards Nominee

NanoVOIP™ Architecture

Untitled Document

Supported processor platforms:

Awards and Certifications

Nominations
2010 Spiffy Awards Nominee

Mocana products are built for developers, OEMs and ISVs. DSF for Android, NanoSSH and other products are not finished security applications usable by IT personnel or end users.
Please fill out the form below. All fields are required.
First Name
Last Name
Company
Job Title
Phone
State
Email	Your Privacy
Country
Embedded security code packages can only be delivered to valid business email addresses.
When is your project starting?
What is your target OS/CPU?

	I'd like to receive email updates and news from Mocana*

	I have read the Mocana Terms and Conditions
Form Source: Lead Source: