The SecureBooster is a highly integrated, high-speed SSL and VPN security and cryptographic processing system on a board. It incorporates a complete suite of security and compression protocols in hardware, including:
- IPsec ESP and AH transforms
- IPcomp Deflate compression
- MPPE transforms using RC4
- Full suite of IKE macro operations
Not only is the core algorithms supplied in the SecureBooster, also the surrounding protocol handling, including header addition and stripping is included. Features are implemented in hardware that are unavailable with any other solution, such as:
- ESP header insertion/validation, including SPI and replay counter processing
- Full AH ‘mutable bit’ processing, includingIPv4 options fields
- MAC ICV validation on inbound packets
- Automatic IV generation and insertion
- ‘Black Key’ handling. Keys in SA database are stored encrypted and are decrypted on the fly by the on-board Crypto Processor prior to use
- RC4 key replication, key scheduling, and MPPE-specified key update
Full Suite of Algorithms
The SecureBooster incorporates all of the necessary algorithms for SSL and VPN applications:
- DES, Triple-DES and RC4 encryption
- MD-5 and SHA-1 Hashing with HMAC
- Deflate Compression
- Public Key computations:
- Diffie-Hellman Key Negotiation
- RSA Encryption & Signatures
- DSA Signatures
- Random Number Generation
With the SecureBooster installed on the secure server, host processors can off-load SSL and VPN packet transforms, also the crypto computations needed for key management handshaking (i.e. IKE) that can have a serious effect on system performance.
Highest Throughput Available
The SecureBooster has the fastest on-board core processing engines available today, more importantly; the surrounding system integration features have been carefully designed to remove performance bottlenecks. By performing virtually the entire security and compression protocol steps with the on-board Crypto Processor,
|
|
multiple bus movements are avoided, and operations has be pipelined to minimize latency. A hardware-enabled Descriptor Ring, located in on-board Crypto Processor, utilize dual port memory to control packet movements. This feature allows asynchronous processing between the Host CPU and the SecureBooster. Since multiple packets can be queued for processing, it provides the most optimize performance for the SecureBooster.
When processing IPsec with the worst-case algorithms (3-DES and SHA-1), the SecureBooster can easily support a full-duplex OC-3 channel – even with small packets!
With compression enabled, the throughput can exceed 600 Mbps.
Hardware-Based Security
The SecureBooster has been designed from the ground-up with security in mind. It provides un-compromised protection for its algorithms, key material and key generation processes. Unencrypted (red) key material is never permitted to leave the SecureBooster on-board Crypto Processor.
The SecureBooster is designed for FIPS 140-1, level 3 security. The on-board Crypto Processor is the only single-chip FIPS 140-1 solutions that provide full IPsec support.
‘Direct Boot’
The SecureBooster incorporates with a ‘Direct Boot’ feature. This boot option allows the on-board Crypto Processor to auto-load a high-performance IPsec packet driver from an on-board EPROM. This feature provides the OEM developer to achieve full throughput without have to write any code to run on the on-board crypto processor. Of course, the OEM still retains the ability to fully customize the packet driver should it be required.
Hot Swap ready (TRL3613)
The TRL3613, a 3U or 6U cPCI model, is compliant to the latest cPCI Hot Swap requirement. SecureBooster supports power-on hot swap application in the cPCI systems within a five-nine environment.
Applications:
- Crypto Engine for Internetworking Devices (Routers, Switches, etc.)
- Firewall accelerator
- Server VPN accelerator
- Workstation Security Module
|
