| Security processors do SHA-2, AES-GCM, AES-f8, and run Linux |
Oct. 18, 2005
Cavium Networks will sample a chip at the top of its Nitrox II security processor line in Q1, 2006. The CN28xx will support emerging cryptography algorithms, while retaining backward compatibility with the Nitrox II API, the company says. Linux drivers and sample applications will be included.
Cavium's Nitrox processors are based on a proprietary RISC architecture, and feature multiple cores that can be programmed in microcode to support various security algorithms. The CN28xx offers software compatibility with currently available Nitrox II processors, while adding support for a number of algorithms needed to build next-generation security equipment, Cavium says.
Emergent cryptographic requirements
Cavium says popular hashing algorithm SHA-1 was broken in early 2005, and that SHA-2 will be widely adopted by 2008. The CN28xx will support "all variations of SHA-2," including SHA-224, SHA-256, SHA-384, and SHA-512, the company says. The company expects the chip to be the only available security processor to support SHA-384 and SHA-512.
Cavium also says that IPsec ESP (IP security -- encapsulated security payload) requirements are driving the security industry to adopt AES-GCM (advanced encryption standard -- Galois Counter Mode), which the company says provides an efficient implementation for confidentiality and data origin authentication. The CN28xx will support data speeds greater than 10Gbps when using AES-GCM, the company claims.
Additionally, the CN28xx will support AES-f8, an algorithm used for SRTP (secure real-time transport protocol).
Other features of the CN2800
The CN28xx supports up to eight gigabit Ethernet MIIs, or up to two SPI-4.2 (serial packet interfaces), for total throughputs from 2-10Gbps. The processor also features a PCI-X interface.
Nitrox II CN28xx diagram
(Click to enlarge)
Additional features include:- Supports inline and look-aside system architectures
- Security protocol processors that can concurrently support IPsec, SSL, WLAN security, and multi-protocol
- General purpose CPU can process security control plane protocols such as IKEv1/v2
- Supports a variety of symmetric, asymmetric, and hashing protocols
- IP packet fragmentation and re-assembly support
- NAT traversal over UDP
- IPv4 and IPv6
Planned CN28xx models include:
| Model | Max RSA
1024-bit Exponent | Max DH 180-bit Exponent with 1024-bit Mod | Inline full IPsec processing | Full SSL record throughput (w/AES+MD5) |
|---|
| CN2830 | 4K | 5K | 2.5 Gbps | 2.5 Gbps | | CN2840 | 8K | 10K | 5 Gbps | 5 Gbps | | CN2850 | 12K | 15K | 7.5 Gbps | 7.5 Gbps | | CN2860 | 16K | 20K | 10 Gbps | 10 Gbps |
Director of Product Marketing Rajneesh Gaur said, "Cavium Networks' NITROX family has become the most widely deployed security processor family for IPsec and SSL applications in networking equipment worldwide. The NITROX II CN2800 [will meet] critical customer requirements."
Cavium is a privately held, fabless chip design house with offices in Massachussetts and India. It employs many engineers from DEC's former Alpha chip design team, it says. It claims its Nitrox security processors are used in devices made by nine of the top 10 vendors of multi-gigabit VPN/firewall equipment, L4+ switches, wireless LAN switches, and storage security appliances.
Availability
Cavium expects to sample the CN28xx in Q1, 2006, along with a development kit that includes Linux drivers and sample applications. When it reaches production, the CN28xx chips are expected to sell for $250 to $725, in quantities greater than 5K.
Related Stories:
(Click here for further information)
|
|
|
7 Advantages of D2D Backup
For decades, tape has been the backup medium of choice. But, now, disk-to-disk (D2D) backup is gaining in favor. Learn why you should make the move in this whitepaper.
4 Legal Reasons to Control Internet Access
The Internet is obviously a valuable resource for many organizations. However, many are exposed to legal liability concerns because they fail to control Internet access. Learn if you're safe in this white paper.
Rapidly Resolve J2EE Application Problems
Whether you are in the process of building J2EE applications or have J2EE applications already running in production, you must ensure that they deliver the expected ROI. Learn how in this white paper.
Load Testing 2.0 for Web 2.0
There are many unknowns in stress testing Web 2.0 applications. Find out how to test the performance of Web 2.0 in this white paper.
Build Better Games Online
For the game infrastructure providers, life is complex. Making money from games has become more complicated. Why? Find out in this white paper.
Building a Virtual Infrastructure from Servers to Storage
This white paper discusses the virtual storage solutions that reduce cost, increase storage utilization, and address the challenges of backing up and restoring Server environments.
Gaining Faster Wireless Connections with WiMAX
Welcome to what is quickly becoming the hyperconnected world where anything that would benefit from being connected to the network will be connected. Learn more in this white paper.
Is Your Desktop a Security Threat?
The new wave of sophisticated crimeware not only targets specific companies, but also targets desktops and laptops as backdoor entryways into those business’ operations and resources. Learn how to stay safe in this white paper.
Increasing SAN Reliability by 100 Percent
Storage area networks (SAN) are a strong part of storage plans. Learn how to increase your reliability and uptime by 100 percent in this case study.
|
|
|
|
|
Use of this site is governed by our Terms of
Service and Privacy Policy.
Except where otherwise specified, the contents of this site are copyright © 1999-2008
Ziff Davis Enterprise Holdings Inc. All Rights Reserved.
Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise is
prohibited. Linux is a registered trademark of Linus Torvalds. All other marks are the property of their respective owners.
news feed