Cavium Networks' NITROX family of chips aims at multiservice applications where both IPsec and SSL must be handled concurrently with guaranteed bandwidth (QoS). The Cavium processors also incorporate a unique adaptive processing capability that lets their processing power be flexibly allocated between session setup and bulk data encryption, depending on real-time traffic conditions. The NITROX processors scale from 100 MHz on the low-end Lite versions to 5 GHz on the high end. The forthcoming NITROX II family of inline processors extends this speed to 10 Gbits/s in an IPsec application.
Corrent's CR7000 chip, a public key accelerator, focuses on speeding up the initial handshaking operation in SSL. It can tackle up to 3800 TPS using the RSA 1024-bit public key exchange algorithm. Plus, it supports the DH public key algorithm. The CR7000 can be used in IKE transactions with IPsec, where it can do up to 2000 setups per second. Hash processing is included on-chip.
The Corrent CR7020 is a coprocessor for accelerating either SSL or IPsec operations at up to 1.5-Gbit/s speeds. It includes the DES, 3DES, AES, and ARC4 crypto circuits, plus SHA-1 and MD5 authentication. On-chip exponentiator circuits handle RSA, DSA, or DH public key acceleration. With all the functionality of the CR7020, and complete IPsec protocol processing, the newer CR7120 chip runs at a rate of up to 3 Gbits/s.
Corrent also makes both SSL and IPsec acceleration board products. These include small-form-factor (PMC) versions.
Long-time security chip supplier HiFN has announced some new products in its HiFN Intelligent Packet Processing (HIPP) family. The 7855 is designed for IPsec applications at speeds of up to 650 Mbits/s. It supports IKE public key exchanges and DES, 3DES, and all modes of AES bulk symmetric encryption algorithms. The 7855 suits T3 connections and up to OC12 lines (622 Mbits/s). The HiFN 7815 is a 325-Mbit/s, less expensive version of the 7855.
Both of these processors also incorporate data compression, the process of reducing the original message size by seeking redundancies to speed up serial data transmissions. Most often, the LZS compression method and its newer derivative MPPC (Microsoft point-to-point compression) are used in high-speed data applications. Compression is performed before encryption and can nearly double the data rate.
The new 7955 and 7956 processors are designed for IPsec applications as well and can run at speeds up to 756 Mbits/s, depending upon the bulk encryption mode. They handle RSA, DSA, DH, and IKE public key processing, SHA-1 and MD5 authentication, and LZS and MPPC compression.
HiFN's highest-performance security chips, the 8300 and 8350 FlowThrough processors, deliver true "bump-in-the-wire" performance at speeds up to 4 Gbits/s. They can be placed directly in the datapath to handle all security functions without the aid of outside components or software. The chips are optimized for IPsec applications and support all of the standard public and private key encryption methods and authentication methods. They include an IKE stack. The 8300 runs at speeds up to 600 Mbits/s, while the 8350 operates to 4 Gbits/s.
Intel's security offering is the IPX2850 network processor, part of Intel's IPX2xxx network processor product line. Combining high-performance packet processing capability with security features in one chip, it enables such applications as VPNs, Web e-commerce, and storage-area networks. Security features include 3DES and complete AES cryptography, along with SHA-1 hashing function. It can accommodate speeds of up to 10 Gbits/s. Intel's software support allows you to implement both IPsec and SSL/TLS operations with this chip.
Recent startup Layer N Networks is focusing its efforts on creating the fastest SSL chip. A forthcoming UltraLock chip implements line-speed SSL security at speeds to 1 Gbit/s. In any e-commerce transaction, most of the process time is devoted to the public key exchange. The RSA encryption algorithm involves raising a value to the 1024 power, which isn't a trivial task. Instead of tackling the problem with brute force computational power, Layer N simplified the math algorithms to achieve line-speed SSL.
The UltraLock chip is a form of inline or flowthrough processor rather than a coprocessor (Fig. 2). The chip incorporates two complete TCP/internet-protocol (IP) processors that act as TCP/IP proxies for SSL traffic, eliminating the need for an external processor to run these protocols. When an SSL transaction is detected, the queue manager passes it to the SSL/TLS processor, where the RSA public key algorithm is executed to provide the private key. Next, either the DES, 3DES, AES, or RC4 bulk encryption method is implemented. Authentication typically is tendered by MD5 hashing, but SHA-1 can be handled. Layer N will sample the chip in the first quarter of 2003.
All of these chips help secure the Internet. But don't forget the even greater need to secure the new wireless frontier. For instance, there's the forthcoming battle to encrypt and secure consumer entertainment intellectual property. Needless to say, more stories on security will arrive soon.
Cavium Networks' NITROX family of chips aims at multiservice applications where both IPsec and SSL must be handled concurrently with guaranteed bandwidth (QoS). The Cavium processors also incorporate a unique adaptive processing capability that lets their processing power be flexibly allocated between session setup and bulk data encryption, depending on real-time traffic conditions. The NITROX processors scale from 100 MHz on the low-end Lite versions to 5 GHz on the high end. The forthcoming NITROX II family of inline processors extends this speed to 10 Gbits/s in an IPsec application.
Corrent's CR7000 chip, a public key accelerator, focuses on speeding up the initial handshaking operation in SSL. It can tackle up to 3800 TPS using the RSA 1024-bit public key exchange algorithm. Plus, it supports the DH public key algorithm. The CR7000 can be used in IKE transactions with IPsec, where it can do up to 2000 setups per second. Hash processing is included on-chip.
The Corrent CR7020 is a coprocessor for accelerating either SSL or IPsec operations at up to 1.5-Gbit/s speeds. It includes the DES, 3DES, AES, and ARC4 crypto circuits, plus SHA-1 and MD5 authentication. On-chip exponentiator circuits handle RSA, DSA, or DH public key acceleration. With all the functionality of the CR7020, and complete IPsec protocol processing, the newer CR7120 chip runs at a rate of up to 3 Gbits/s.
Corrent also makes both SSL and IPsec acceleration board products. These include small-form-factor (PMC) versions.
Long-time security chip supplier HiFN has announced some new products in its HiFN Intelligent Packet Processing (HIPP) family. The 7855 is designed for IPsec applications at speeds of up to 650 Mbits/s. It supports IKE public key exchanges and DES, 3DES, and all modes of AES bulk symmetric encryption algorithms. The 7855 suits T3 connections and up to OC12 lines (622 Mbits/s). The HiFN 7815 is a 325-Mbit/s, less expensive version of the 7855.
Both of these processors also incorporate data compression, the process of reducing the original message size by seeking redundancies to speed up serial data transmissions. Most often, the LZS compression method and its newer derivative MPPC (Microsoft point-to-point compression) are used in high-speed data applications. Compression is performed before encryption and can nearly double the data rate.
The new 7955 and 7956 processors are designed for IPsec applications as well and can run at speeds up to 756 Mbits/s, depending upon the bulk encryption mode. They handle RSA, DSA, DH, and IKE public key processing, SHA-1 and MD5 authentication, and LZS and MPPC compression.
HiFN's highest-performance security chips, the 8300 and 8350 FlowThrough processors, deliver true "bump-in-the-wire" performance at speeds up to 4 Gbits/s. They can be placed directly in the datapath to handle all security functions without the aid of outside components or software. The chips are optimized for IPsec applications and support all of the standard public and private key encryption methods and authentication methods. They include an IKE stack. The 8300 runs at speeds up to 600 Mbits/s, while the 8350 operates to 4 Gbits/s.
Intel's security offering is the IPX2850 network processor, part of Intel's IPX2xxx network processor product line. Combining high-performance packet processing capability with security features in one chip, it enables such applications as VPNs, Web e-commerce, and storage-area networks. Security features include 3DES and complete AES cryptography, along with SHA-1 hashing function. It can accommodate speeds of up to 10 Gbits/s. Intel's software support allows you to implement both IPsec and SSL/TLS operations with this chip.
Recent startup Layer N Networks is focusing its efforts on creating the fastest SSL chip. A forthcoming UltraLock chip implements line-speed SSL security at speeds to 1 Gbit/s. In any e-commerce transaction, most of the process time is devoted to the public key exchange. The RSA encryption algorithm involves raising a value to the 1024 power, which isn't a trivial task. Instead of tackling the problem with brute force computational power, Layer N simplified the math algorithms to achieve line-speed SSL.
The UltraLock chip is a form of inline or flowthrough processor rather than a coprocessor (Fig. 2). The chip incorporates two complete TCP/internet-protocol (IP) processors that act as TCP/IP proxies for SSL traffic, eliminating the need for an external processor to run these protocols. When an SSL transaction is detected, the queue manager passes it to the SSL/TLS processor, where the RSA public key algorithm is executed to provide the private key. Next, either the DES, 3DES, AES, or RC4 bulk encryption method is implemented. Authentication typically is tendered by MD5 hashing, but SHA-1 can be handled. Layer N will sample the chip in the first quarter of 2003.
All of these chips help secure the Internet. But don't forget the even greater need to secure the new wireless frontier. For instance, there's the forthcoming battle to encrypt and secure consumer entertainment intellectual property. Needless to say, more stories on security will arrive soon.