Hifn Widens Security Processor Support

LOS GATOS, Calif. -- Network security and flow classification market leader Hifn (Nasdaq: HIFN - News), today announced full IPv6 and WLAN security (IEEE 802.11i), and SSL VPN support for its existing line of Hifn Intelligent Packet Processing (HIPP) security processors. Hifn security IC customers need only update software to add support for the latest protocols.

"We are fully prepared to support our customers as they move forward to incorporate the emerging IPv6, SSL VPN and IEEE 802.11 'Wi-Fi' wireless standards," said Chris Kenber, Hifn's Chairman and CEO. "Hifn's line of HIPP security processors allow customers to support new security protocols as they emerge, rather than absorb the expense of a full hardware upgrade. This allows Hifn to provide the broadest application and protocol support in the security processor industry."

IPv6 is the successor to the current version of IP, IPv4. It incorporates many new features, most importantly the ability to accommodate a vastly increased number of addresses. IPv6 creates technical issues that need to be solved in the IPsec implementation, such as a longer header to manipulate (40 bytes vs. 20 bytes) and handling of IP extension headers. IPv6 includes IPsec security as a combined part of the standard, as opposed to being a separate option with IPv4.

Hifn supports all four modes of IPsec tunnel mode encapsulation: IPv4 traffic inside IPv4 tunnels (legacy support), IPv6 traffic inside IPv4 tunnels (enterprise upgrades), IPv4 traffic inside IPv6 tunnels (service provider upgrades), and IPv6 traffic inside IPv6 tunnels. Today, IPv4 packets are tunneled inside IPsecv4 tunnels. As IPv6 is deployed, first in the enterprise equipment, and then in the Service Provider equipment, there will be a phase where IPv4 will be tunneled inside IPv6 and vice versa.

The IEEE 802.11 WLAN committee has developed a remedy to the flawed Wired Equivalent Privacy (WEP) security mechanism in the original standard. The new draft standard, TGi, provides two new security mechanisms, one for legacy equipment and another for new equipment using the AES encryption algorithm for more robust security. The Temporal Key Integrity Protocol (TKIP), which solves the existing security problems within WEP for legacy equipment, was co-authored by Hifn's Chief Scientist and distinguished cryptographer, Dr. Douglas Whiting. Until 802.11i is formally ratified, TKIP is part of the Wi-Fi Protected Access (WPA) specification that enhances the security of 802.11. Hifn's current security processors are capable of accelerating TKIP, and with a minimal software update, performance can be further optimized.

Hifn's latest HIPP security processors, sampling now, can perform AES Counter Mode encryption with CBC-MAC Protocol (CCMP), in a single pass. The adoption of CCM, also co-authored by Dr. Douglas Whiting, delivers definite technical benefits in the application of 128-bit block ciphers such as AES. The IEEE 802.11 committee plans to ratify the 802.11i wireless security standard, which includes CCMP, in 2004.

"Hifn's programmable HIPP architecture provides cryptography functions combined with packet processing offload, allowing the simultaneous support of a variety of protocols and the ability to support new protocols as they emerge," said Sanjay Iyer, Senior Analyst at The Linley Group. "This allows Hifn to respond quickly to emerging protocols, for instance wireless protocols such as TKIP, by offering support across their entire line of security processors through new firmware releases. Thus, Hifn is well positioned to serve the evolving security needs of the wireless market."

SSL, the security protocol for e-commerce, is beginning to play a role in the remote access VPN space. SSL VPNs provide remote users with secure, controlled access anywhere via any Web browser. By utilizing the SSL protocol supported by all Web browsers, SSL VPNs offer clientless remote access solutions for many applications.

Hifn's security processors offer the unique ability to dynamically handle both IPsec and SSL processing. By leveraging existing software and protocol support for both IPsec and SSL, Hifn security processors can now support emerging applications that possess both IPsec VPN and SSL VPN functionality. Hifn also supports TLS and proposed AES ciphersuite extensions to TLS. TLS enhances SSL's older key exchange and message integrity options, for even stronger security. Hifn's IPsec and SSL solutions deliver high connection rates and scale to multi-gigabit throughputs.

Hifn was the first company to introduce security processors with intelligent packet processing to offload the Host CPU or NPU by handling both packet transformations and protocol processing, resulting in increased system efficiency. Hifn was the first company to offer a security chip that performs the entire SSL handshake in a single device. Hifn was also the first company to introduce security devices with multiple protocol support, and Hifn continues to be the only vendor offering devices that dynamically allocate the processing of multiple protocols. IPv6, TKIP, TLS, and CCMP represent the latest additions to the suite of protocols currently supported by Hifn devices, which include IPsec, PPTP, TLS, SSL and CCP.

Hifn's security processors are currently being sold to many of the top network equipment manufactures.

Hifn Inc.