Startup offers gains in multilayer security silicon

Startup offers gains in multilayer security silicon
SAN MATEO, Calif. — A security processor startup with a design team composed of engineers from Compaq Computer Corp.'s former Alpha operation has introduced a new encryption chip that it claims will shatter the current standards for high-end encryption.

In this young field, where new designs routinely offer performance gains that are tenfold improvements or better over their predecessors, such a rate of progress is typical.

Syed Ali, president and chief executive of Cavium Networks Inc., said that Cavium's Nitrox processor family will operate at bulk encryption, Internet Protocol Secure (IPsec) and Secure Socket Layer (SSL) levels to support a full suite of virtual private network and secure Web-transaction duties.

The company pledged to have the first members of its Nitrox family available in the fourth quarter, in time for the new round of access gateways and firewalls being designed in response to heightened interest in security in the corporate world. The increased attention comes as a result not only of the Sept. 11 events, but also of broad-based hacker attacks prevalent in the summer of 2001.

"They are definitely pushing the envelope," noted Linley Gwennap, president of technology research firm The Linley Group (Mountain View, Calif.). "They are bringing out about five to ten times the performance of what some of the other leading vendors are talking about, and about 100 times the performance that people were talking about six months ago."

Gwennap pointed out that a few years ago it would not have been typical to see high-end processor engineers moving into the encryption field. But times have changed, and security is now a high-buzz sector that can attract the best and the brightest. "It's a very hot market," he said.

More flexibility

Ali said that a focus solely on IPsec or SSL processing does not allow the flexibility of creating clients and gateway servers that can handle all duties from file encryption to secure Transmission Control Protocol session creation. While some security-processor developers have shied away from general-purpose programmable engines because of the expense in implementation and programming tools required, Ali said that a single-function hardwired engine operating at one layer in the Open System Interconnect protocol stack has limited applicability in access systems.

Cavium pulled together both microprocessor and security-algorithm specialists in order to handle multiple encryption and authentication duties in single-processor instructions.

The GigaCipher processor core, multiple instantiations of which reside inside a Nitrox processor, is a microcoded integer engine, memory and register-file block optimized for such functions as hashing, symmetric and asymmetric coding and packet-header processing.

GigaCipher blocks have separate memory accesses to on-chip SRAM, local dual-data-rate DRAM and main system memory. Ali said that the ability to access local DDR memory is one factor speeding overall system performance as compared with competitive approaches.

"The key to the efficiency of GigaCipher is that the core can adaptively adjust in near-real-time to the mix of hashing, packet processing and other duties," Ali said. "Tasks can be re-partitioned continuously. Nothing is dedicated to a single task." He said that the balance between SSL handshakes and encryption functions can be adjusted to optimize for different types of Web traffic, with Amazon.com and Schwab.com used as two benchmark Web site types requiring secure transactions.

Jeff Twombly, who recently joined Cavium as vice president of marketing and sales after a stint at classifier specialist Fast-Chip Inc., said that the company did not slack on low-level encryption algorithms as it added IPsec and SSL support. The processor can handle such bulk-encryption algorithms as DES, Triple-DES, ARC4 and even the new Advanced Encryption Standard, at rates of up to 7 Gbits/second for minimum-size packets.

Public-key encryption algorithms can be sustained at rates of up to 60,000 RSA (Rivest-Shamir-Adelman) operations per second, at a 1,024-bit key size. This equates to 50,000 SSL transactions per second, or as many as 40,000 1,024-bit Diffie-Hellman operations.

Augmenting the GigaCipher cores are a hardwired random number generator and a special Security Administration Core. The latter control-plane processor handles such tasks as key management, statistics collection and error recovery.

Cavium has elected to develop a range of processor-core speeds using a relatively conservative process technology, giving the Nitrox family room to grow. A 0.13-micron CMOS process technology provides Cavium with a 400-MHz core.

The core is implemented in three initial family members. The Nitrox 1120 supports a 66-MHz, 64-bit PCI bus interface, aimed at applications that require up to 1-Gbit/s secure bandwidth. The Nitrox 1230 uses a 133-MHz, 64-bit PCI-X bus and local 64-bit access to DDR memory, for applications needing up to 2 Gbits/s of performance. The Nitrox 1340 has an embedded interface to the 500-MHz HyperTransport bus and also offers support for local 64-bit DDR memory, for applications needing 3 to 5 Gbits/s of security processing. In addition, multiple Nitrox processors can be cascaded for special applications.

Ali said that the first generation of processors will not represent a static design point. The company already is developing Nitrox-2, with support for all SPI interfaces, as well as advanced encryption algorithms. The first generation of processors is priced at $295 in lots of 1,000 for the 256-pin 1120; $495 for the 1230 in a 600-pin ball-grid array package; and $595 and $895, respectively, for versions of the 1340 clocked at 350 and 450 MHz.

Cavium has a suite of software deliverables, such as low-level application programming interface drivers, "turbo calls" for SSL and IPsec, and drivers for PKCS 11 and 12 and key management.

Vertical applications

The company is bundling software, processor and evaluation board support for specific vertical applications. For example, an e-commerce package combines a Nitrox (most commonly 1120) with a PCI-X evaluation board with source code for NT, Linux, Solaris and BSD operating systems. A virtual private network and IPsec suite includes a Nitrox with a HyperTransport/packet-over-Sonet evaluation board, and source code for BSD, Linux and VxWorks.

Ali is confident Cavium will be able to come out of the chute in early 2002 with a solution that scales better than the competition. While others, such as Tempe, Ariz.-based Corrent, are not ready to discuss their own specs yet, Corrent's chief system architect John Davis warns that "the least useful thing for an application developer is to see a spec war develop over RSA or SSL operations. We will only see with systems deployed, in practice, how the various security-processor architectures stack up."