gary
 
» Technology   » Hardware IP   » Software IP
Request More Information     Download Datasheet

Posedge Security Solutions

With the ever increasing internet traffic, the need for keeping the communication secure and protecting the data over the network is essential. The growth of internet is highly dependent on security. Some of the Security elements in the Network include,

  • Data Content Confidentiality
    • To make sure that the data is only known to the intended recipients only. Only the Sender and Receiver can view the content.
  • Data Source Authentication
    • To make sure that the data received is from the claimed sender.
  • Data Integrity
    • To make sure that the original data was not inspected/modified by a third party while the data is in flight from source to destination. Received content is same as the Sent content.
  • Replay attacks
    • To make sure that a third party attacker does not replay the packets.
  • Non-Repudiation
    • To make sure that the sender cannot deny sending the data.

Posedge offers Security solutions ranging from the basic building blocks (Symmetric/Asymmetric Ciphers, Authentication Engines) to High performance Protocol Processing Engines (IPSec, MACSec, and SSL/DTLS offload). The IP cores are designed with keeping the Area, Performance, and Power in perspective. Our solutions are used at the heart of the network to protect the data against the attacks and enable secure communication.
 
Security Solutions

Security Protocol Processing Engines

OSI (Open Systems Interconnection) model defines a framework for implementing protocols in seven layers. Security processing at different layers of the network is depicted in the following figure. With system throughputs of multi 100Mbps to multi Gigabits, Posedge’s protocol processing solutions address different markets such as mid-range to high end VPN/Firewall appliances, SSL accelerators, Secure Ethernet PHYs and Switches, LTE and WiMAX . The products are available in both flow-through and look-aside architecture. Our combo solutions such as the market leading Unified Security Engine provides our customers with a single solution for incorporating both Layer 2 and Layer 3 Security into their products. Interoperability is one key metric in making sure that different secure devices work together. Posedge Secure solutions are proven in Silicon and interoperated with third party secure devices.
OSI

MAC (Layer 2) Security Protocol

MACSec defined by IEEE 802.1AE provides Security at the MAC Layer. This provides a Hop-to-Hop Layer 2 Security and the services provided by MACSec are Confidentiality, Integrity, and Source Authentication. MACSec is used to secure LANs from the attacks of passive wiretapping, Impersonation, and replay attacks. MACsec can also be used to protect non-IP networks. IEEE802.1X defines the key management protocol for MACSec enabled devices.

Benefits or Applications of MACSec include,

• Provides relatively simple to implement security
• Useful to protect non-IP networks where as IPSec allows protection of IP networks only
• Hop-to-Hop Security where as IPSec provides End-to-End Security

IP (Layer 3) Security Protocol

IPSec (IP Security) provides Security at the Network Layer. This uses two protocols Authentication Header (AH) and Encapsulating Security Payload (ESP). AH provides proof-of-data origin on received packets, data integrity, and anti-replay protection. ESP provides all that AH provides in addition to data confidentiality. Internet Key Exchange (IKE) is defined as the Cryptographic key management protocol and is used to setup environment for AH and ESP services by negotiating connection parameters.

Benefits or Applications of IPSec include,

• Provides End to End Security
• Mandatory for IPV6 implementations
• Used to implement VPNs
• Transparent to higher layers (above Layer 3) and protects Layer 3 and above layers

Crypto Infrastructure

Our Cryptographic solutions include both Symmetric and Asymmetric Ciphers. Some of the applications that use these include IPSec, SSL/TLS, WLAN WEP WPA, Networking and Storage systems.

Symmetric Ciphers

Symmetric algorithms (also called Private Key) use the same shared secret key for both encrypting and decrypting the data. These engines are available either in flow-through or look-aside architecture.

AES (Advanced Encryption Standard)

• Key sizes of 128, 192, and 256 bits.
• CBC, ECB, CTR, CFB, OFB modes of operation.
• Supports the High performance (Galois/Counter Mode) GCM.

3DES

• FIPS 46-3 standard.
• Optional DES operation support.
• Cipher Block Chaining (CBC), Electronic Codebook (ECB), Counter (CTR), CFB, OFB modes of operation.

RC4

• Rivest Cipher 4 Algorithm
• Widely used stream cipher in Secure Sockets Layer (SSL) and Transport Layer Security (TLS)
• Supports 128b Key

Asymmetric Ciphers

Asymmetric Ciphers (also called Public Key) use two different keys, one for encrypting and one for decrypting. A public key is published to anyone who wants to send a message and a Private/Secret key so that only the intended receiver can decipher the contents.

Our Hardware IP Engines offload computationally intensive portions of the Public Key Ciphers. This reduces the load on the Host and provides significant performance improvements. These are generally used to support public key negotiations and digital signature schemes.

Public Key Accelerator

 

• Support calculations of complex operations in RSA (Rivest, Shamir, Adelman), DSA (Digital Signature Algorithm), DH (Diffie-Hellman) asymmetric algorithms
• Offload a number of complex mathematical operations such as point multiplication in ECC (Elliptic Curve Cryptography).

Authentication/Hash Engines

Hashing engines are used to provide the Data Integrity and Source Authentication features. The engines take configured length of the data and produce a fixed size Message Digest or Message Authentication Code (MAC).

 

SHA/MD5 Engine

• Supports MD5, SHA1, SHA256, and SHA 512 Algorithms
• HMAC (Hash Message Authentication Code) for all Authentication Engines.
• HMAC-SHA-1 and HMAC-MD5 are used in IPSec and SSL/TLS protocols.

True Random Number Generator

All the cryptographic algorithms or protocols require random numbers. Random numbers are needed to generate the symmetric keys, public/private key pairs, the Initial Vector (IV), etc. Posedge provides a true random number generator (TRNG) using a non-deterministic source (thermal noise) to enable the complete randomness.

 
 
 
 
  United States India - Hyderabad India - Bangalore Taiwan  
  350 Oakmead Parkway,
Suite 200, Sunnyvale,
CA - 94085.		 Unit - 2, 5th Floor, Building No 9,
Mindspace, Hitech City,
Madhapur, Hyderabad,
Andhra Pradesh - 500 081		 1st Floor, No.7/3,
Old Madras Road,
Opp: 100ft Road, Indiranagar,
Bangalore - 560038		 11F, No. 206, Sec. 1,
Fu-Xing S. Rd. Taipei, Taiwan		  
  Tel  : +1 408-642-6964 Tel  : +91 40 44182299 Tel  : +91 080 42028553, 25304488  
lilnkedin
 twitter
 
© 2011 Posedge. All Rights Reserved.
Privacy Policy Sitemap Technology Contact Us