 |
|
|
|
|
|
Posedge Unified Security Engine (UNISec)
Posedge Unified Security Engine (UNISec) is a multiple protocol processing engine. The IP core can support eight 1Gbps ports or one 10Gbps port. The architecture handles different security protocols like MACSec, IPSec and DTLS. It addresses the universal issue of IT Security by providing information security and integrity against the rise of security breaches with increased data traffic.
The Posedge UNISec Engine architecture comprises of a packet Mux, packet processor, packet De-Mux, CPU inteface and SAD inteface.
|
Packet Mux:
|
| • |
Port based packet flow |
| • |
Dedicated FIFOs for each port and each FIFO size is 16x134 |
| • |
Data format in the Rx FIFO – sof(1), eof(1), byteen(4),data(128) |
| • |
Contains an Arbiter, which selects the port FIFO on round robin basis |
| • |
Arbiter switch from one port to another port based on two conditions
• on every 128 Byte boundary
• on seeing the EOF
|
| • |
Flow Control |
|
| |
| Packet Tag: |
| • |
IP Header Offset |
| • |
Secure Association Pointer |
| • |
Length information |
| • |
Protocol (MACSec/IPSec), Traffic Direction (Ingress/Egress) |
|
| ^ Top |
| Packet Processor: |
It handles three protocols IPSec, MACSec and DTLS. The IPSec and MACSec are handled in a common engine and perform the following tasks
| • |
Headers insertion and removal |
| • |
Encryption, Authentication, ICV generation |
| • |
Anti-replay verification on Ingress packets |
| • |
MIB Counter updates |
|
| |
| DTLS: |
| • |
1 Gbps DTLS protocol processing |
| • |
No other protocol present in DTLS configuration |
|
| |
| Packet Demux: |
| • |
Port based packet flow |
| • |
Dedicated FIFOs for each port and each FIFO size is 16x134 |
| • |
Data format in the Rx FIFO – sof(1), eof(1), byteen(4),data(128) |
|
| |
| CPU Interface: |
| • |
CPU interface for engine configuration and MIB statistics access |
|
| |
| SAD Interface: |
| • |
All the SAD entries are accessed via SAD interface. The UNISec engine performs read and write accesses to the SAD |
|
|
| |
 |
|
Features
• Flow through engine to handle IPSec, MACSec, and DTLS packets
• MACSec (IEEE 802.1AE) processing
• Rates of 1Gbps per port or one 10Gbps per port for integrated IPSec, MACSec processing and DTLS processing at 1Gbps rate
• IPSec ESP processing in Tunnel and Transport modes
• IPSec defined both for IPv4 and IPv6
• Configurable protocol support on a per port basis
• AES-GCM Encryption and Authentication - IPSec and MACSec (up to 10Gbps)
• AES-128-CBC-HMAC-SHA1 Encryption and Authentication for DTLS
• MIB counter update MACSec Standard for Receive and Transmit side
• Anti-replay protection for IPSec and MACSec
• 128Byte packet Interleaving support
• CPU interface for device management/configuration and MIB statistics access
Applications
• Supports IPv4 and IPV6
• Anti-replay, Alert generation and Handling, Receiving /Sending multiple DTLS records within PMTU
• Handles IPSec, MACSec, and DTLS packets
• Provides interface for device management
Advantages
• Independent block to perform IPSec, MACSec, and DTLS processing
• Easy integration into an existing data path
• Programmable Packet and Key interface
• Low gate count
Deliverables
• Fully Synthesizable RTL
• Testbenches and Testcases
• ASIC Synthesis Scripts
• FPGA Synthesis and P&R Scripts
• Documentation
Tech Specs
| Part Number |
posedge-UNISEC-1.1 |
|
| Short description |
Unified Security Controller |
| Provider: |
posedge Inc |
| Portability |
ASIC, FPGA |
| Type |
Soft |
| Maturity |
Silicon Proven |
| Availability |
Now |
| FPGA Technology: |
Available in Xilinx Virtex-4LX platform
|
| Bus Compliance : |
AMBA AXI, AMBA AHB |
|
| >> Back |
|
|
|
|
|
 |
| |
|
|
| |
 |
|
| » |
Wire Speed Multi-Port Switch / Routing Engine |
| » |
System Peripherals for SoC |
| » |
Flexible IPSec Processing Engine |
| » |
High-Performance MACSec Engine |
| » |
SD/SDIO/MMC Host Controller |
| » |
Universal Flash Controller |
| » |
DDR-I/II Controller |
| » |
Posedge Fast-Path Switching IP |
| » |
Posedge Fast-Path Routing IP |
| » |
Multi-Format Encoder-Decoder |
| » |
I2C, UART, CEC, Ethernet, PCI Drivers |
|
|
|
 |
|
|
| |
| |
 |
|
| » |
System on Chip Design |
| » |
IP & Customization |
| » |
RTL Design and Verification |
| » |
Place and Route |
| » |
Design For Test |
| » |
Device Drivers |
| » |
OS Porting (Linux, xWorks) |
| » |
Linux Optimization |
| » |
Performance Characterization/
Optimization |
| » |
Silicon Bring up |
| » |
Product Prototyping |
| » |
FPGA Design |
| » |
FPGA Verification |
| » |
ASIC Prototyping |
| » |
System Architecture |
| » |
FPGA to ASIC conversion |
| » |
Audio/Video and Image Processing |
|
|
|
|
|
|
| |
| ^ Top |
| |
|
|
| |
United States |
India - Hyderabad |
India - Bangalore |
Taiwan |
|
| |
350 Oakmead Parkway,
Suite 200, Sunnyvale,
CA - 94085. |
Unit - 2, 5th Floor, Building No 9,
Mindspace, Hitech City,
Madhapur, Hyderabad,
Andhra Pradesh - 500 081 |
1st Floor,
No.7/3,
Old Madras Road,
Opp: 100ft Road, Indiranagar,
Bangalore - 560038 |
11F, No. 206, Sec. 1,
Fu-Xing S. Rd. Taipei, Taiwan |
|
| |
Tel : +1 408-642-6964 |
Tel : +91 40 44182299 |
Tel : +91 080 40934275, 40934278 |
|
|
|
| |
| © 2011 Posedge. All Rights Reserved. |
|
|
|
|
|
