Security-processor vendors offer encryption smorgasbord

Several companies have recently announced cryptographic accelerators. Comparing the various offerings requires a hard look past the "maximum-performance" numbers of decryptions per second. You also have to consider such factors as bandwidth bottlenecks to the processor, real-world versus theoretical performance, availability, cost, and how much protocol processing must occur before the accelerator ever sees a packet (see "Accelerating high-speed encryption," EDN, Aug 16, 2001, pg 38).

The first two members of Corrent's Socket Armor family, the CR7020 and CR7000, target SSL (Secure Socket Layer) applications running at 1 Gbps (Picture). The full-duplex CR7020 SSL and TLS (Transport Layer Security) security processor supports AES (Advanced Encryption Standard), DES (Data Encryption Standard), 3DES (Triple DES), and ARC4 encryption algorithms. An on-chip modulo engine accelerates asymmetric-key encryption.

You can use the CR7000 public-key accelerator alone or with the CR7020 for a combined performance of many as 2500 RSA (Rivest, Shamir, and Adleman), 1024-bit modulus-key decryptions/sec. Prices for the CR7020 and CR7000 are $350 and $300 (1000), respectively. A reference-development kit is also available.

Hifn's latest offering, the 6565 security processor, can perform as many as 2000 1024-bit RSA transactions/sec and supports 2048-bit RSA keys. For VPN (virtual-private-network) applications, the processor can create as many as 1020 IKE (Internet-key-exchange) main-mode tunnels/sec. These tunnels comprise two 180-bit Diffie-Hellman exchanges, one RSA sign, and two RS verifications using a 1024-bit modulus. You can configure the device to use either a 32-bit PCI 2.1 interface or a direct-access interface, and the device is software-compatible with Hifn's 6500 processor. The company built the 6565 on a 0.18-micron process. It runs at 250 MHz, has a core voltage of 1.5V, and comes in either a 160-pin HQFP or 256-ball BGA. Price is $49.50 (10,000). Alpha-site sampling is available now, and production is scheduled for the first half of 2002.

For those applications requiring software but not hardware, SafeNet has recently released the SafeNet security platform, which includes interfaces to handle packet processing and certificate and policy management among different software packages. The platform includes support for DES/3DES, Rivest's Code 4 and 5, and AES (Rijndael) encryption; Secure Hash Algorithm-1, Message Digest 5, and RACE Integrity Primitive Evaluation Message Digest hashing; Diffie-Hellman and RSA public-key algorithms; digital-signature-algorithms and RSA digital signatures; IPSec (Secure Internet Protocol), IPComp (IP Payload Compression Protocol) SSL, TLS, and ANSI X9.17 protocol support; and symmetric/asymmetric and Security Association key management.

Corrent, 1-480-648-2300, www.corrent.com.

Hifn, 1-408-399-3500, www.hifn.com.

SafeNet, 1-443-442-8113, www.safenet-inc.com.