Cavium Claims Security First
Staking its claim for some wireless turf, Cavium Networks Inc. is releasing what it claims are the first chips to handle all security standards for wireless LANs (see Cavium Intros 802.11i Chip).
Most makers of 802.11 chips say they'll support the Advanced Encryption Standard (AES), which is a piece of 802.11i, but Cavium's Nitrox Wireless aims to handle all security-related processing, including multiple encryption standards and 802.1x authentication. The chips target wireless LAN switches; in fact, Cavium also announced a product win with Aruba Networks Inc. today.
Cavium is hoping to gain an advantage by offering 10 varieties of Nitrox Wireless, featuring 802.11i processing speeds from 50 to 4,000 packets per second. All 10 use the same application programming interface (API), meaning a systems designer can create one architecture to accommodate any of the chips.
The chips are variations of the Nitrox security processor, which Cavium pitches for SSL and IPSec offloading. As with those protocols, Cavium believes the full weight of AES will be enough to require a dedicated security processor. "In other encryption-engine devices, the CPU has to do a lot of choreographing of the event, giving the [security] processors a lot of instructions," says Mike Scruggs, Cavium product manager.
Specifically, Nitrox Wireless will support the CCMP mode of AES, which is mandated by 802.11i. CCMP is short for Counter-Mode CBC-MAC Protocol (and CBC-MAC stands for Cipher-Block-Chaining Message-Authentication Code, a name that seems to have been created just to make people sorry for asking.)
For backwards compatibility, the chips also support the Temporal Key Integrity Protocol (TKIP), part of the Wi-Fi Protected Access standard that's being deployed as vendors await 802.11i (see 802.11 Security Issues Sorted?). Nitrox Wireless also supports AES' offset codebook (OCB) mode. OCB won't make it into the final version of 802.11i, but it was considered for a time, and some client devices supporting it might be out there, Scruggs says.
Likely competitor Hifn Inc. (Nasdaq: HIFN) doesn't have a wireless-specific chip but does support CCMP in its HIPP family of security processors, says Doug Makishima, vice president of marketing.
Hifn is preparing a firmware release to improve its TKIP support, and a similar booster shot for CCMP will come out later, when 802.11i is closer to finalization (it's still "several quarters" away, Makishima said after last week's IEEE 802 meetings in San Francisco). The company's trump card is that it employs Doug Whiting, who co-authored the original CCMP proposal submitted to the National Institute of Standards and Technology (NIST).
For now, Hifn has its own share of wins among WLAN switch vendors, none of which can be named, Makishima says.
Prices for the Nitrox Wireless chips range from $15 to $500. All are sampling now, with production slated for the fourth quarter of 2003.
— Craig Matsumoto, Senior Editor, Light Reading