A survey of chips for protecting high-speed networks * Hot market * Hot products * Hot startups

February 13, 2003

22 Min Read
Security Processors

Network security is one of the few markets showing significant growth in these difficult times. The technology is evolving quickly: Companies like NetScreen Technologies Inc. (Nasdaq: NSCN) are delivering highly integrated network security systems; leading networking OEMs such as Cisco Systems Inc. (Nasdaq: CSCO) are integrating security modules into their standard networking products.

A number of semiconductor vendors are now offering high-performance security processors, capable of handling multigigabit streams – significantly increasing the options open to both network operators and equipment vendors. Products range from simple security accelerators that are used with external packet processors to fully integrated devices with clear traffic on one side and encrypted traffic on the other.

In this report we look at the market drivers for network security, the technology required, and the security processors available now and in the next six months. For each security processor we review the performance and level of integration, the availability, features, and cost. We also review each of the vendors.

Here is a hyperlinked summary:

As usual, this report was previewed in a Light Reading Webinar, so if you’d rather look and listen than read, check out the archived Webinar here. The Webinar was sponsored by Cavium Networks and Cisco Systems. The speakers are Jeff Twombly, Cavium’s VP of marketing, and myself, Simon Stanley.

— Simon Stanley is founder and principal consultant of Earlswood Marketing Ltd. He is also the author of several other Light Reading reports on communications chips, including Packet Switch Chips, Traffic Manager Chips, 10-Gig Ethernet Transponders, Network Processors, and Next-Gen Sonet Silicon.

There are three trends driving the need for significantly increased network security: There is increased e-commerce; there is more network traffic; and there is a shift from private to shared networks.

With increased e-commerce – both through home-shopping and more integrated business trading – individuals and companies are sending sensitive information such as credit card and bank account details over the public network. Any concerns about network security are a barrier to e-commerce.

As companies continue to expand across multiple continents and, more importantly, share data across global sites, there is significantly more data being sent across the network. With increased network availability, this traffic is now extending to both remote and mobile workers accessing the network from either home or hotel locations.

To avoid the high cost of private lines, many companies are employing the Internet. The shift from private to shared networks is delivering significant cost savings that more than offset the cost of the additional network security required.

These three trends are driven by one overriding need: profitability. The benefits of trading electronically, the effectiveness of integrated global organizations, and the reduced cost of shared networks all work to increase profitability.

28307_1.gif

Infonetics Research Inc. forecasts significant growth in security products, security services, and public key infrastructure (PKI) – to more than $20 billion by 2005. For hardware and software security products alone, Infonetics forecasts a market growing to nearly $12 billion by 2006.

Network Security

Figure 2 shows a shared network running over the Internet. On the left we have a server farm providing Web-based services to customers through a load-balancing switch. On the lower right is an enterprise network within a company.

28307_2.gif These networks are connected through the Internet to customers, remote workers in small or home offices (SOHO), mobile users, business partners, and one or more branch offices. As it stands, this network provides excellent connectivity but non-existent security.

Until recently, most network security was focused on e-commerce. With customers leery about the safety of placing orders and making payments over the Internet, this was an obvious focus area. Secure Sockets Layer (SSL) provides a standardized, point-to-point solution for exchanging secure information over the Internet.

The focus on network security has now shifted from e-commerce alone, with many companies now needing to support virtual private networks (VPNs), firewalls, and intrusion detection. Figure 3 shows a secure network with SSL transactions, a VPN, and a number of firewalls.

A VPN is a secure network that appears to be private to the user but sends data over the Internet. The VPN can be used to support access to the corporate network by mobile users, remote offices, and the SOHO telecommuter.

(For a primer on VPNs, please see Virtual Private Networks.)

The protection of data on the enterprise network is another key aspect of network security. Firewalls inspect all incoming and outgoing traffic to ensure that no unauthorized data comes in to the network – or is sent out from the network.

The function of a firewall is the stateful inspection of packets – i.e., to verify the source, destination, and contents of all packets and then to block unwanted traffic. Intrusion detection and prevention goes one stage further, by analyzing traffic patterns. It is used to identify unusual and potentially damaging traffic patterns and block traffic from suspect sources. The intrusion detection system (IDS) will detect any requests for information from the local network and prevent unauthorized access. IDS will also protect the network from denial-of-service (DOS) attacks. A DOS attack usually involves a large number of small packets from unknown sources, causing the network routing system to overload.

Security Systems

Until recently, network security systems were single-function – implementing either VPN, SSL, firewall, or intrusion detection.

Security processing functionality has also been available for some time in security acceleration boards using standard security processors. These are generic boards, typically with PCI or Hypertransport interfaces, that can be used in systems from various networking vendors. For example, the Cavium NITROX-XL board line is a board packaging option of the Cavium NITROX family of security processing devices.

As the need for more than one security function in a network has grown, companies have introduced integrated security systems. These are single integrated units supporting VPN, SSL, firewall, and IDS, typically developed by specialist security system vendors. An example of an integrated system is the NetScreen-5000, supporting VPN, stateful firewall, and DiffServ-based traffic management. Performance is 6- to 12-Gbit/s, depending on functionality (see NetScreen Goes Carrier-Grade and NetScreen Intros Security Lineup).

By integrating either generic or specially designed security blades, network system vendors are introducing security support into their standard networking solutions. Security functions are then available for every box in the network. For example, Cisco has recently introduced a range of security modules for its Cisco Catalyst 6500 series Enterprise and Service Provider switches (see Cisco's Security on a Switch and Cisco Boosts Network Security).

“What you need is a defense where security is inherent throughout your infrastructure and different types of security are deployed as appropriate, potentially within every device,” says Tom Russel, director of marketing for Cisco’s VPN and security business unit. “Now with this platform you're not only able to scale your network technology, but also your high-capacity security as well.”

The Catalyst security modules include a Firewall Services Module with 5-Gbit/s throughput, a VPN Service Module supporting 1.9 Gbit/s, and an SSL Service Module supporting 2,500 connections per second. There is also a Network Analysis Module for network traffic monitoring and troubleshooting.

With security now critical to the functionality of a network, these security components must meet the same availability as the network itself. And, as with all network components, security modules and systems must support either passive or active redundancy.

The security protocols and algorithms discussed in this section ensure the privacy of data being sent over the Internet and the authentication of source and destination.

Secure Sockets Layer (SSL)

The SSL protocol is positioned below the Application Layer and above the TCP/IP Layer (see Figure 4). SSL provides services to applications such as http.

28307_4.gifThe protocol supports authentication of the host and, if required, authentication of the user, as well as encrypted data exchange. A key feature of SSL is the fast set-up and tear-down of the secure connection.

SSL is supported by all major browsers and is therefore available to any Web-based client. Although initially developed to support credit card and electronic transactions, SSL is now also used for VPN applications where the use of standard hardware by the client is a major advantage over IPSec.

IPSec

IPSec has been defined to support VPN applications. It is a Network Layer security protocol that is transparent to the applications above it and to the underlying Link Layer.

IPSec supports two modes: transport, where the existing IP header is reused and therefore not protected; and tunnel, where the entire TCP/IP packet is encrypted and then packed with a new IP header. There are also two IPSec protocols: Authentication Header (AH) and Encapsulating Security Payload (ESP).

IPSecFigure 5 shows the IPSec protocols. At the top, we have the original IP packet with a header and payload. Below, we show the packet with the Authentication Header (AH) added. The AH is added between the IP header and the payload. The IP header is modified to reflect the new packet size. At the destination, the AH is recalculated and checked against the received packet. Using AH, the destination can be confident of the source – but the payload can be read by anyone listening in.

The third packet shows the Encapsulating Security Payload (ESP). The payload is encrypted and the ESP field is added after the IP Header. Again, the source is authenticated, but this time the payload can be read only by the intended destination.

Finally, at the bottom, we show the most common IPSec implementation, an ESP tunnel. Here the original IP packet, including the header and payload, is encrypted, protecting not only the payload but also the identity of the source and destination.

Cryptographic Algorithms

SSL and IPSec each consist of three main operations; key exchange, authentication, and encryption.

Before encrypted data can be sent, there must be a key exchange. The key exchange protocol sets up a number of Security Associations (SAs), which are one-way associations that define the protocol, destination, and security parameters used on a secure link. The main cryptographic algorithm for SSL key exchange is RSA.

For IPSec, the Internet Key Exchange protocol (IKE) is used. IKE is based on the Diffie-Hellman public key exchange algorithm and has two modes of operation. The main mode uses an SA for both setup and data exchange, while the aggressive or quick mode uses the SA only for data exchange.

To ensure authentication of the source, destination, and data, a number of algorithms are used, including DSA, MD5, and SHA-1. Most security processors support all these algorithms.

IPSec defines a number of bulk encryption algorithms, but 3DES is the most widely used. 3DES is the Data Encryption Standard (DES) applied three times. An alternative bulk encryption algorithm for IPSec is the relatively new Advanced Encryption Standard (AES).

To look at a test of carrier-class IPSec equipment, see Carrier-Class IPSec: the Bigger the Better.

Performance limitations have been a major inhibitor to the widespread implementation of network security. In any network there is always a tradeoff between security and performance. As a network is made more secure, the processing required to route each packet increases exponentially.

The latest security processors work at full line rate, implement all the security processing, and sometimes off-load packet processing from the host. This high performance level is key to the implementation of pervasive network security with increased network throughput.Security processors dramatically reduce the cost of integrating security functions without degrading performance. They are silicon devices optimized for cryptographic algorithms.

In this report, we’ve surveyed security processors that aim to operate at transmission speeds of 1 Gbit/s and above. By our reckoning, at least eight vendors make such products:

Intel and NetOctave, while they have products in this field, have not disclosed enough information for them to be included in the table below, which gives product details for the other six. They are, however, included in the Vendor Summary on the last page of this report.



Dynamic Table: Security Processors

Select fields:
Show All Fields
CompanyProduct NamePrimary Application SSL RSA Transactions per Second (1,024 bit)IKE Main Mode Tunnels per SecondIPSec Bulk EncryptionDevice TypeOn-Chip SALocal MemoryLocal Security Associations (SA)Bandwidth AllocationTCP/IP ProxyProgrammable?256-Bit AES EncryptionHeader ProcessingIn-Line or Look AsideI/O TypeI/O BandwidthMACHost InterfaceOEM Boards?Sample AvailabilityPricePower

We recommend opening the table and printing it, if necessary, so that you can follow the column-by-column explanation that’s given in the rest of this report.

The first two columns of this table list vendors and products, and the third column shows the primary applications of those products – whether they are designed to support SSL or IPSec or both. Some devices, such as the Cavium Nitrox Plus, will support both SSL and IPSec simultaneously, though the performance for both will be reduced as resources are being shared internally. Other devices such as the Corrent 7020 can be configured or programmed to support either SSL or IPSec, but not both at the same time.

Columns 4, 5, and 6 of the table address the key point of this report. They give the maximum performance of each product, as cited by the vendor, using three metrics:

  • Maximum number of 1,024-bit RSA SSL Signature setups per second: Right now, Cavium appears to be way out ahead of the competition, citing a maximum of 48,000 transactions a second for its Nitrox II processor, an order of magnitude more than other vendors. However LayerN and Zyfer might have something up their sleeves.

  • Maximum number of IKE main-mode tunnels per second: Cavium cites 36,000, an order of magnitude more than figures cited by other vendors. LayerN doesn’t support IPSec.

  • Maximum throughput for IPSec bulk payload processing supporting 3DES-CBC and HMAC-SHA-1: Once again, Cavium tops the lot at 10 Gbit/s.

In this report, security processors are split into four broad types (column 7 of table), based on functionality.

  • The first is the Security Accelerator. This device implements bulk encryption for IPSec or the Diffie-Hellman algorithm for the IKE. The security accelerator is used in conjunction with a host CPU or network processor to accelerate IPSec or SSL.

  • The second is the Security Co-Processor which implements SSL or IPSec header processing as well as bulk encryption. The security co-processor is used with a network processor and usually has a Look Aside interface over which data is passed to and from the device.

  • The third is the In-line Security Processor, which receives and transmits clear packets on one side and encrypted packets on the other. This is typically referred to as a ”bump in the wire” and may include integrated Ethernet MACs.

  • Finally, a recent development is the inclusion of bulk encryption engines in a standard network processor. The Intel IXP-2850 is a version of the yet-to-sample IXP-2800 network processor and includes a number of cryptographic engines as well as the standard packet engines. As indicated above, the cryptographic performance of this device has not been disclosed, so it’s not included in the table.

In Figure 6, the position on a typical line card of each type – security accelerator, security co-processor, in-line security processor, and on-chip security engines – is shown.

28307_6.gifSecurity Accelerator

Figure 7 shows a security accelerator including bulk encryption, public key exchange, and authentication blocks.

28307_7.gifEach block contains a number of cryptographic engines. The security accelerator is connected to the host CPU via a PCI or PCI-X bus or through Hypertransport or POSPHY level 3 interfaces.

Packets are received over the WAN Interface and processed by the CPU. The CPU makes requests to the security accelerator for cryptographic functions as required. The CPU sends any parameters required by the accelerator along with the data.

This is a simple approach to accelerating security functions, but performance is limited as all security protocol processing takes place on the host CPU, and packets for encryption are passed over the bus many times.

Security Co-Processor

28307_8.gifThe security co-processor includes SSL and IPSec protocol processing functions, as well as bulk encryption, PKI, and authentication blocks. The security co-processors are primarily used with a network processor with a Look Aside interface. This interface is PCI, PCI-X, Hypertransport, or POSPHY-L3.

The security co-processors include a protocol processor to handle the IPSec protocol and SSL records. The protocol processor needs to handle security associations. These can be stored locally or sent from the network processor on a per-packet basis. Local security associations are stored in either on-chip memory or external memory. The number of local security associations supported depends on the amount of memory available.

Columns 8, 9, and 10 of the table show the type of memory used for storing local security associations and the number of SAs supported both locally and on-chip.

Security co-processors are available from Cavium, Corrent, and HiFN. The Cavium Nitrox Plus devices support bandwidth allocation based on traffic priority and type, as shown in column 11.

In-line Security Processor

28307_9.gif In-line security processors, such as the Cavium Nitrox II, receive and transmit clear packets on one side and encrypted packets on the other. The device is placed in the "fast path" and is often referred to as a bump in the wire. These devices need to be protocol-aware, with, for example, IPSec on one side and IP on the other.

The in-line security processor includes a full packet processor. Some devices such as the LayerN UltraLock include a TCP/IP packet processor as well (column 12). By implementing the TCP/IP stack, this device can act as a proxy host, offloading the entire SSL processing from the server farm.

These in-line security processors are just being announced, with samples expected in the first quarter of 2003 from Cavium, HiFN, and LayerN.

At the core of any security processor is the cryptographic engine. Adding additional engines in parallel heightens performance. There are two types of cryptographic engines in security processors: fixed function and programmable.

The fixed function engines are optimized for specific algorithms and make efficient use of silicon. Security processors with fixed function engines are limited to one or two applications, depending on the type and number of each engine included.

On the other hand, programmable cryptographic engines can be used to support any of a number of algorithms using code supplied by the vendor. Support for new algorithms can be added once the security processor is deployed in the field. Programming of the cryptographic engines can be by device, by group, or by individual engine.

Most of the products in the table are programmable (see column 13). The exceptions are Broadcom’s range of hard-coded security accelerators, Corrent’s CR7020, and LayerN’s Ultralock.

Security processors implement 3DES and ARC4 bulk encryption as well as RSA and Diffie-Hellman key exchange. For authentication they support SHA and MD-5. All but Broadcom’s products also support AES (see column 14).

Some security processors also support header processing (see column 15). This means that the security processor such as the HiFN HIPP III can run the full IPSec and SSL protocols.

Interfaces

As well as the device type and configuration (In-Line or Look Aside, column 16), the table shows the I/O type (column 17) and bandwidth for the main packet interface (column 18) . The bandwidth is the aggregate bandwidth of all the packet interfaces.

Most in-line devices have either POSPHY level 3 or SPI-4 interfaces. Those devices that include integrated Ethernet MACs, such as the HiFN HIPP III, support Gigabit-Ethernet GMII interfaces (column 19).

A security co-processor or in-line security processor may also have a separate host interface (column 20). This interface is either PCI, PCI-X, or MII for devices with integrated Ethernet MACs. It’s worth pointing out that most vendors also offer production boards incorporating their chips. Column 21 gives the details, column 22 the sample availability, and column 23 the price for production quantities, for those vendors willing to disclose this information.

Column 24 gives power consumption, excluding memory. Tread carefully, because some vendors give typical power consumption while other give maximum, so it’s tough to make comparisons.

This page summarizes developments that are spelled out in detail in the table and on pages 4, 5, and 6 of this report.

Broadcom Corp.

Broadcom has a range of four hard-coded security accelerators. The BCM5820 and BCM5821 support SSL acceleration, interfacing with the host processor through a PCI bus. Broadcom also supplies OEMs with security boards for SSL.

The BCM5840 and BCM5841 support IPSec acceleration interfacing to the host processor through either POSPHY-L3 or a simple FIFO interface.

“Security is a strategic market for Broadcom because we believe in the proliferation of broadband, and we believe for that to happen, it has to be secure,” says Joe Wallace, product line manager at Broadcom. “As the market grows, the technology will become commodity or integrated… If you ‘fast forward’ five years, I think you will see security being just another feature of Broadcom's networking products.”

Related Light Reading Articles

[Editor’s note: Light Reading is not affiliated with Oracle Corporation]

Cavium Networks

The Nitrox family of security processors is fully programmable and covers a wide performance range. The third-generation Nitrox II in-line security processors, due to sample early in 2003, are expected to achieve the highest performance in our table, with 48,000 SSL RSA transactions per second. The earlier Nitrox and Nitrox Plus devices are all in production.

Four million local security associations are supported on every Nitrox device through the use of external DDR DRAM. Cavium also produces a range of security boards using its security processors.

“Nitrox is a wide family of products that address either IPSec or SSL. Every cipher core has micro code, and you can up load the right code to run either IPSec or SSL,” says Syed Ali, president and CEO of Cavium. “For Nitrox Plus we did some changes to the cores so that you can run both IPSec and SSL on different cores at the same time.”

Related Light Reading Articles

  • News Analysis: Cavium and ABIT Target VPNs

  • Newswire: Cavium's New Security Chip

  • Newswire: Cavium Boosts Security

  • Newswire: Cavium Expands Into Japan

  • Newswire: Cavium Scores $15.5M

Corrent Corp.

Corrent has two security processors (CR7020 and CR7120) in production, as well as the CR7000, a device that accelerates public key computations for IKE or SSL. All the devices have hard-coded cryptographic engines to increase performance.

“All our algorithms are hard coded. We have IPSec in firmware in our packet engine. We do better than one gigabit, full duplex IPSec throughput with small packets, and our chip is only running at 150 megahertz so we have a lot of headroom,” says Mark Gordon, VP of marketing at Corrent. “We will be able to get up to 10 Gbit/s without having to re-architect our design.”

The CR7020 is basically a bulk encryption device supporting either SSL or IPSec. The CR7120 is IPSec on a chip. A unique feature of the CR7120 is that it can be used either as a co-processor or as an in-line security processor.

Related Light Reading Articles

  • Newswire: Corrent Certified by Check Point

  • Newswire: IBM and Corrent Team Up

  • Newswire: Corrent Scores $16 Million

Hifn Inc.

The Hifn HIPP II processors were the first security processors to include header processing and achieve multi-gigabit performance. All the HIPP processors are fully programmable. These co-processors with POSPHY-L3 and PCI interfaces are now in full production and support either SSL or IPSec.

The HIPP III IPSec in-line security processors are expected to sample in the second quarter of 2003. With three or four integrated Gigabit-Ethernet MACs, these devices have GMII packet interfaces and an Ethernet host interface.

Related Light Reading Articles

  • Newswire:Hifn Q1 Revenues Rise

  • Newswire: Hifn Intros Security Processors

  • Newswire: Hifn Secures Lucent Firewalls

  • Newswire: Agere, Hifn Team on Security

Intel Corp.

The Intel IXP-2850 is an enhanced version of the planned IXP-2800 network processor expected to sample towards the middle of 2003.

“We have taken our general purpose Network Processor Architecture and have added high-speed cryptography capability to it,” says William Mello, marketing programs manager at Intel. “We have integrated two identical cryptography units into the 2800. They are integral to the architecture and sit on the same internal buses as the micro engines.”

The cryptographic engines support DES, 3DES, and AES encryption, as well as SHA-1 authentication. Other security functions, such as MD-5 authentication and header processing, must be implemented in software using the packet engines or XScale processor core.

In real applications, the device is unlikely to achieve 10-Gbit/s line rate performance for IPSec or SSL. However, in applications where only part of the traffic is secure, this device is likely to provide an attractive solution.

Related Light Reading Article

  • News Analysis: Intel Moves on Security

Layer N Networks Inc.

The Layer N Networks Ultralock is a highly integrated, 1-Gbit/s, SSL in-line security processor. The device includes both SSL header processing and a full TCP/IP processor.

“We see the request from the SSL handshake and we reply transparently. We terminate TCP traffic, we look at all the cell records, we order them, we respond to the client, and then we receive the bulk encrypted traffic and decrypt it,” says Ed Reynalds, VP for marketing at LayerN. “The host processor does not see anything other than clear traffic.”

The Ultralock has integrated Gigabit-Ethernet MACs with GMII packet interfaces and an Ethernet host interface. It is expected to sample in the first quarter of 2003.

Related Light Reading Articles

  • Newswire: Layer N Expands UltraLock Family

  • Newswire: Layer N Selects SABER

NetOctave Inc.

NetOctave was building security accelerator boards for both SSL and IPSec using its own security processors. NetOctave released very limited information on its NSP3200 and NSP4200 security processors so was not included in the table.

HiFN bought the storage team in September 2002, and CyberGuard agreed to buy the rest in January this year.

Related Light Reading Articles

  • Newswire: CyberGuard Buys Piece of NetOctave

  • Newswire: NetOctave Demos Security Accelerator

  • Newswire: NetOctave, Intel Integrate Chips

  • Newswire: NetOctave Scores $7.8M

Zyfer Inc.

Zyfer designs, develops, and manufactures precision time/frequency generation and synchronization products aided by Global Positioning Satellites (GPS), using both in-the-clear civil and crypto-secured military signals. Zyfer has recently released information on the SKP100 in-line security processor under development. Zyfer has not yet disclosed the timescale for samples.

Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.

You May Also Like