Electronic Design

Cryptochips Help Eliminate The Security Bottleneck

Hackers truly are hyper to steal your sensitive data. Terrorists wish to bring your network to its knees. Ticked-off employees seek cyber revenge. Whacko grad students are eager to test out their latest diabolical virus. Sound paranoid? Not necessarily. Real, mounting threats are invading the Internet.

As the Internet has evolved, security has turned into priority number one. Although security measures have significantly grown, too many organizations and individuals still ignore it or pay it lip service because it's very complex and expensive to implement. Unfortunately, security is no longer just an option.

Security is still mostly implemented in software in the form of firewalls, authentication, encryption, and other techniques. But increasing network speeds have created an explosion of virtual private networks (VPNs), and the ballooning number of e-commerce transactions has left software lagging speed-wise. Software also is "hackable."

Furthermore, the homeland security push has focused all computer users on securing their local-area networks (LANs), intranets, and Internet connections, as well as their storage-area networks (SANs). Thanks to a new batch of security ICs, security protocols and encryption are now easier to build into secure Web servers, routers, Secure Socket Layer (SSL) accelerator cards, SSL accelerator appliances, load balancers, VPN gateways, layers 4 to 7 switches, and other networking equipment to end the security bottleneck.

The two basic types of secure Internet communications are VPNs and e-commerce transactions. VPNs connect LANs at remote facilities or branch offices via the Internet. Direct connections are too expensive, but the Internet can be used to make these interconnections through a VPN. Thus, it will appear that the LANs are one.

VPN security is handled today by the IPsec protocol, an Internet Engineering Task Force (IETF) standard that creates a secure "tunnel" through the Internet. The protocol operates at the network layer (layer 3) of the seven-layer Open Systems Interconnection (OSI) networking model. It employs standard private key bulk encryption methods, such as data encryption standard (DES), Triple-DES (3DES), advanced encryption standard (AES), and RC4, as well as the popular authentication algorithms MD5 and SHA-1. The primary feature of IPsec VPN connections is a minimum number of interconnections and large volumes of data.

The other type of Internet connection enables purchases and personal transactions via the Internet. An enormous number of these transactions occurs daily, and all e-commerce Web sites where purchases are made must incorporate security to protect your credit card number, password, Social Security number, and other private information. Such sessions are handled by the SSL protocol, another IETF standard. Originally developed by Netscape for its browser, SSL is now incorporated into every browser and all e-commerce servers.

Gradually replacing SSL is an upgraded version called Transport Layer Security (TLS). SSL/TLS operate in the session, presentation, or application layers (layers 5, 6, 7) of the OSI model. It uses public key exchange using the RSA algorithm, then turns to RC4, AES, or 3DES for the bulk data encryption along with the MD5 authentication method.

E-commerce transactions are characterized by an enormous number of sessions with customers and clients where very little data actually changes hands. The process that sets up a transaction, called handshaking, is enormously complex and time consuming. An e-commerce server can handle a few hundred of these transactions per second. But as line rates and the number of transactions increase, a server can quickly be overloaded, greatly lengthening the time it takes to set up and process a session.

Two basic types of encryption exist: private key and public key. Both use mathematical algorithms to covert a plaintext or cleartext message into ciphertext, the encrypted message.

Private key encryption was developed first. The key is a secret bit pattern shared by those using the method. Also known as symmetric encryption, the same key is used for both encryption and decryption. The key is combined with the original plaintext in the encryption algorithm to create the ciphertext that's transmitted. At the receiving end, the ciphertext is combined with the same key in the decryption algorithm to recover the original message. The main problem with private key encryption is the difficulty of sharing or distributing the key while protecting it.

The most widely used private key encryption is DES, originally developed by IBM but now standardized by the National Institute of Standards and Technology (NIST). DES uses an 8-byte, 64-bit key in which one bit in each byte is parity, giving an effective key of 56 bits. During the 1970s, when this was developed, 56-bit keys were considered secure. But as computing power increased dramatically in the 1980s and 1990s, 56-bit keys could be deduced by brute force computing.

A common method to overcome the 56-bit key problem is to subject the data to three sequential encryptions of DES using three separate keys. This method, known as 3DES, is highly secure but requires considerable computing power and time, slowing data transmission. Other popular symmetric private key encryption methods are the AES, developed by NIST to replace DES, and the RC4 algorithm, developed by RSA Associates, a security software firm.

VPN IPsec and e-commerce SSL/TLS use symmetric private key encryption for data protection. Both also employ public key encryption to transmit the private keys. Public key encryption implements two keys—one public key for the encryption process and a private key for the decryption process. This process was a real breakthrough in encryption. Whitfield Diffie and Martin Hellman discovered it in the 1970s, and Ron Rivest, Adi Shamir, and Leonard Adleman improved it. Adleman also created the Rivist-Shamir-Adleman, or RSA, algorithm. Today, the RSA method is widely used in SSL/TLS transactions, while the Diffie-Hellman (DH) method finds a home in IPsec applications.

Public key encryption with RSA transmits the private key for DES or AES during an initial handshake process at the beginning of every SSL transaction. At the start of an IPsec session, the Internet key exchange (IKE) protocol transmits the private keys. Once the private keys have been delivered, the secure session encryption or decryption occurs.

Another part of the secure process is known as authentication. After data to be transmitted is encrypted, it goes through a hashing algorithm to create a hash digest word that's unique to the transmitted data. The hash process is similar to creating a block check code or CRC that's transmitted with the data. At the receiving end, the hash process generates a hash digest on the received data so the two can be compared. If the transmitted and received hash words are the same, the transmission is authenticated.

The hash word, private key, and other networking information form a security association (SA), which is stored and used to validate any packets received. The two most common hash algorithms are MD5 used with SSL transactions, which is typically implemented in software in all browsers, and SHA-1 employed in VPNs with IPsec.

There are three basic types of security chip. The first is the coprocessor. Here, a dedicated processor handles the basic networking functions of classification, forwarding, and traffic management. When encrypted packets are encountered, they are offloaded to the security coprocessor. This "look-aside" arrangement frees the network processor of the horrendous crypto duties, accelerating the whole operation. When data rates begin to exceed about 1 Gbit/s, the data flow must be moved into and out of memory multiple times, which slows down the process.

A second approach, the inline security processor, can greatly speed up the process. Yet it forces the security chip to handle most of the same functions performed by the network processor, like packet reassembly, protocol processing, exception handling, and transmission control protocol (TCP) termination. This leads to some duplication of circuitry, but it is very fast.

A third method is to add the crypto and other security functions into the network processor itself. This approach minimizes the circuitry and cost and produces line-speed security operations.

Broadcom's CryptoNetX line of security coprocessor chips works with a host processor to handle the computationally demanding cryptographic operations. They also offer complete plug-in SSL and IPsec accelerator boards for servers and other Internet boxes (Fig. 1).

For example, the BCM5840/41 are coprocessors for use in implementing the IPsec protocol used in VPNs. Both incorporate patent-pending packet load-balancing circuitry plus support for both DES and 3DES and the AES algorithm with 128-, 192-, or 256-bit keys. It also contains all circuitry for handling MD5 and SHA-1 hash algorithms. The BCM5840 processes at a 2.4-Gbit/s rate, while the BCM5841 works with speeds up to 4.8 Gbits/s.

Broadcom's solution for the SSL/TLS e-commerce marketplace is the BCM5850 and the BCM5821. The BCM5850 performs all SSL/TLS protocol functions, while the BCM5821 handles the RSA public key handshaking functions. The BCM5850 is an offload coprocessor that supports SSL protocol version 3 plus TLS protocol version 1. This chip also handles all symmetric key cryptography and hash functions.

The companion BCM5821 chip takes care of the killer public key encryption processing. It can handle 4000 RSA 1024-bit transactions/s (TPS) or 3000 DH TPS. The chip also contains all of the circuitry for DES, 3DES, ARC-4 encryption/decryption, and authentication with MD5 or SHA-1.

Broadcom additionally offers a line of SSL accelerator adapters. These boards plug into a PCI slot on Web servers, load balancers, switches, and SSL appliances. They significantly reduce the delay associated with SSL/TLS handshakes and processing and improve the speed at which Web pages can be served in secure transaction.

See associated figure.

Cavium Networks' NITROX family of chips aims at multiservice applications where both IPsec and SSL must be handled concurrently with guaranteed bandwidth (QoS). The Cavium processors also incorporate a unique adaptive processing capability that lets their processing power be flexibly allocated between session setup and bulk data encryption, depending on real-time traffic conditions. The NITROX processors scale from 100 MHz on the low-end Lite versions to 5 GHz on the high end. The forthcoming NITROX II family of inline processors extends this speed to 10 Gbits/s in an IPsec application.

Corrent's CR7000 chip, a public key accelerator, focuses on speeding up the initial handshaking operation in SSL. It can tackle up to 3800 TPS using the RSA 1024-bit public key exchange algorithm. Plus, it supports the DH public key algorithm. The CR7000 can be used in IKE transactions with IPsec, where it can do up to 2000 setups per second. Hash processing is included on-chip.

The Corrent CR7020 is a coprocessor for accelerating either SSL or IPsec operations at up to 1.5-Gbit/s speeds. It includes the DES, 3DES, AES, and ARC4 crypto circuits, plus SHA-1 and MD5 authentication. On-chip exponentiator circuits handle RSA, DSA, or DH public key acceleration. With all the functionality of the CR7020, and complete IPsec protocol processing, the newer CR7120 chip runs at a rate of up to 3 Gbits/s.

Corrent also makes both SSL and IPsec acceleration board products. These include small-form-factor (PMC) versions.

Long-time security chip supplier HiFN has announced some new products in its HiFN Intelligent Packet Processing (HIPP) family. The 7855 is designed for IPsec applications at speeds of up to 650 Mbits/s. It supports IKE public key exchanges and DES, 3DES, and all modes of AES bulk symmetric encryption algorithms. The 7855 suits T3 connections and up to OC12 lines (622 Mbits/s). The HiFN 7815 is a 325-Mbit/s, less expensive version of the 7855.

Both of these processors also incorporate data compression, the process of reducing the original message size by seeking redundancies to speed up serial data transmissions. Most often, the LZS compression method and its newer derivative MPPC (Microsoft point-to-point compression) are used in high-speed data applications. Compression is performed before encryption and can nearly double the data rate.

The new 7955 and 7956 processors are designed for IPsec applications as well and can run at speeds up to 756 Mbits/s, depending upon the bulk encryption mode. They handle RSA, DSA, DH, and IKE public key processing, SHA-1 and MD5 authentication, and LZS and MPPC compression.

HiFN's highest-performance security chips, the 8300 and 8350 FlowThrough processors, deliver true "bump-in-the-wire" performance at speeds up to 4 Gbits/s. They can be placed directly in the datapath to handle all security functions without the aid of outside components or software. The chips are optimized for IPsec applications and support all of the standard public and private key encryption methods and authentication methods. They include an IKE stack. The 8300 runs at speeds up to 600 Mbits/s, while the 8350 operates to 4 Gbits/s.

Intel's security offering is the IPX2850 network processor, part of Intel's IPX2xxx network processor product line. Combining high-performance packet processing capability with security features in one chip, it enables such applications as VPNs, Web e-commerce, and storage-area networks. Security features include 3DES and complete AES cryptography, along with SHA-1 hashing function. It can accommodate speeds of up to 10 Gbits/s. Intel's software support allows you to implement both IPsec and SSL/TLS operations with this chip.

Recent startup Layer N Networks is focusing its efforts on creating the fastest SSL chip. A forthcoming UltraLock chip implements line-speed SSL security at speeds to 1 Gbit/s. In any e-commerce transaction, most of the process time is devoted to the public key exchange. The RSA encryption algorithm involves raising a value to the 1024 power, which isn't a trivial task. Instead of tackling the problem with brute force computational power, Layer N simplified the math algorithms to achieve line-speed SSL.

The UltraLock chip is a form of inline or flowthrough processor rather than a coprocessor (Fig. 2). The chip incorporates two complete TCP/internet-protocol (IP) processors that act as TCP/IP proxies for SSL traffic, eliminating the need for an external processor to run these protocols. When an SSL transaction is detected, the queue manager passes it to the SSL/TLS processor, where the RSA public key algorithm is executed to provide the private key. Next, either the DES, 3DES, AES, or RC4 bulk encryption method is implemented. Authentication typically is tendered by MD5 hashing, but SHA-1 can be handled. Layer N will sample the chip in the first quarter of 2003.

All of these chips help secure the Internet. But don't forget the even greater need to secure the new wireless frontier. For instance, there's the forthcoming battle to encrypt and secure consumer entertainment intellectual property. Needless to say, more stories on security will arrive soon.

Need More Information?
Broadcom Corp.
(949) 450-8700

Cavium Networks
(408) 844-8420, ext. 202

Computer Security Institute (CSI)
(415) 947-6320

Corrent Corp.
(480) 648-2300

(408) 399-3500

IEEE Computer Society Technical
Committee On Security And Privacy

Intel Corp.
(973) 967-6548

Internet Engineering Task Force

Layer N Networks
(512) 250-2129, ext. 132

NIST Information Technology Laboratory
(301) 975-6478

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.