Gigabit Security's in the Chips

With security concerns on the rise, the race is heating up in the market for high-speed chips that secure data being sent over high-bandwidth connections.

Earlier this week, startup Cavium Networks announced it would be partnering with Applied Micro Circuits Corp. (AMCC) (Nasdaq: AMCC) on development of its Nitrox and Nitrox II products, while another startup, Corrent Corp., announced it is sampling its CR7020 product. And yesterday a pioneer in the market, Hifn Inc., announced that engineering samples of its HIPP II are now available.

All three companies offer, or plan to offer, chips that process Internet protocol security (IPSec) and secure socket layer (SSL) technology at gigabit rates. IPSec secures tunnel creation, VPN establishment, and embedded encryption support, and is mostly limited to enterprise intranet. SSL designs access devices for businesses and residential clients that want secure Web transactions on the Internet.

“I think security processing is going to be the next hot area,” says Bob Merritt, director of emerging markets at Semico Research Corp. “If it’s not already on the top of everybody’s list, it will be over the next few quarters.”

Up until recently, however, the importance of security has not been as recognized as one might think. Network security concerns have often been lost in the wake of an ever-growing demand for high-speed network processing. When asked, most companies say they want their networks to be as secure as possible. But when push comes to shove, they just haven’t been willing to pay the price, either in dollars or in slower processing, often opting to secure only the most vulnerable areas of their networks, like their e-commerce and VPN portals.

“The problem till now has been that security chips take up a lot of cycles,” says Mark Gordon, Corrent’s vice president of marketing. “That can give you a bottleneck, which can really slow down your system. If you just accelerate the data, the processor has to worry about offloading.”

According to Sayed Ali, CEO of Cavium, security slows down the system because it deals with four major computer-intensive areas: authentication, confidentiality, integrity, and non-repudiation.

The solution, says Gordon, is moving such functions over to security-processing hardware. “Network processors are adding a lot to functionality,” he says. “That is absolutely critical at gigabit rates.”

Initial hardware solutions, however, have been very expensive and can only be deployed in key areas. However, as the competition in this area becomes tougher, observers say they expect prices to drop. In the first quarter of 2002, both Corrent and Cavium are planning to launch their security processing chips with prices as low as $295 per package. And in the second quarter, another startup, Layer N Networks Inc., will start shipments of its UltraLock; and Hifn will ship its HIPP chip for $275.

With prices coming down, observers say they should soon see affordable high-level security on every router and switch line card.

Regardless of the price, companies are starting to find that ignoring security can be far more costly than acquiring even high-cost devices.

And judging from the growing security market, that’s exactly what a lot of people are thinking these days. According to a study from Infonetics Research Inc., hardware systems and board sales are expected to grow from $2 billion in 2001 to $3.5 billion by 2004.

But even though the market is exploding, it's not clear how many players will survive. A growing number of companies have their eye on this market, says Gartner/Dataquest analyst Joseph Byrne. “The key takeaway is that this is a crowded market."

“It’s still too early to start picking winners in this game. I think the race is just starting,” says Semico's Merritt. “When bigger companies start buying up the companies doing this, that’s the point when everyone’s acknowledged the importance of this. We haven’t quite gotten there yet.”

Some other companies that play in this area are: Broadcom Corp. (Nasdaq: BRCM), Motorola Inc. (NYSE: MOT), and NetOctave Inc.

— Eugénie Larson, special to Light Reading
edgecore 12/4/2012 | 7:25:46 PM
re: Gigabit Security's in the Chips socketz,

Broadcom should have beem mentioned!

My understqanding is the BCM1250 is not an NPU, its a high end (dual mips core) CPU.

rjmcmahon 12/4/2012 | 7:26:18 PM
re: Gigabit Security's in the Chips Security logic is definetly needed, though it is hard see how a startup can leverage a security chip into long term revenue generation. Revenue generation seems to require a solution or a service.

The cable cos seem to understand this, as many have included in their contracts w/consumers the rights to exclude VPN forwarding through their networks. This allows them to make money by charging the employer for VPN services, a much richer source of revenue than the individual employee, particularly since employers will have to provide 24x7x365 access to their networks in order to compete.

As an aside, the current model of terminating network level security at the data center doesn't scale nor does it address mobility and roaming issues associated with next generation wireless networks.

PS. Network and application security doesn't seem anyway related to 911.
jumparound 12/4/2012 | 7:26:19 PM
re: Gigabit Security's in the Chips Cisco uses SafeNet in their PIX series, and Hifn for most of their other product lines.

Also, in response to the "Security chips aren't needed" statement. Imagine having to purchase multiple, and expensive NPUs in order to crunch through all the encryption, hashing, and authentication.
sandiego 12/4/2012 | 7:26:20 PM
re: Gigabit Security's in the Chips Is this why Verisign is diversifying itself every which way but Sunday -- because their core trust solutions are an endangered species? Anyone know what or Whose ASICs Cisco uses in their PIX boxes?
HarveyMudd 12/4/2012 | 7:26:28 PM
re: Gigabit Security's in the Chips In spite of the recent happenings in the US, the security needs are not absolute.

The security chips would increase the cost so much that they would eventually become obsolete. So two sets of chips are needed: one without security and other with security features. It should be pointed that security chips would have no more 2-35 of the market.

Security chips are mere hype.
ZigZag 12/4/2012 | 7:26:28 PM
re: Gigabit Security's in the Chips NetOctave (www.netoctave.com) weren't mentioned, but they're a new key player with high-speed SSL and IPSEC processors and embedded systems.

socketz 12/4/2012 | 7:26:29 PM
re: Gigabit Security's in the Chips Broadcom deserves more recognition than given to them in this article.

SSL Processors

BCM5821: 4000 1024-bit RSA transactions/second and 3000 IKE negotiations per second

Roadmap for record layer processing.

IPSec Processors

BCM5840: Full-duplex OC-48 IPsec encryption and authentication - regardless of packet size

Reference Designs that combine these two parts with their BCM1250 (SiByte) NPU.

Sign In