Security performance in networking equipment has been a bottleneck for many years. Until recently, it was only available at a high cost due to the very segmented demand. Yet with the explosion of e-commerce, virtual private networks (VPNs), secure remote-access using the Internet, homeland-security recommendations, HIPAA requirements, storage standards, digital rights management, and VoIP security concerns, the need for always-on ubiquitous network security is growing rapidly.
Security-processor vendors have been gearing up to meet this challenge for the past couple of years and are now ready to serve the mass-market price/performance requirements. The price/performance and architectural requirements of the security processor market vary as much as the networking market targeted by these security chips. For low-performance devices like mobile phones, PDAs, and home gateways, control processor vendors are integrating security cores into the control processor to reduce cost and space.
Security is a multitiered problem in networking. Hence, it needs a multitiered solution. Today, security is being deployed in the link layer with emerging protocols for wireless and wired links, in the IP layer with the IPsec protocol, over the TCP/IP layer with SSL protocol, and in the application layer with emerging protocols for Web services and digital rights management.
In addition to the networking layer protocols, access control, authentication, intrusion detection, and antivirus security, applications are being developed in different layers of the network to increase security. With the consolidation of security applications into a single platform, security processors will need to handle security at multiple layers. Hence, there's a need for a flexible solution that addresses today's requirements and can adapt to the emerging needs.
To solve these diverse security-processing requirements, security-processor vendors have moved away from standard ASIC chip-design flows to a custom chip-design flow. As a result, more area- and power-efficient transistors can be packed in and more programmable processor cores built. This creates flexibility very much like control processors, but targeted for a broad range of security applications.