SafeNet, The Foundation of Information Security
 
 
Language: English English Japanese Chinese Chinese Spanish Portuguese
sample image
Blank
Email this page Print this page Feedback
   SafeXcel IP – Inline Security Engine
Blank
Innovations in information security.
Blank

SafeXcel IP - Inline Security Engine

Silicon-proven Intellectual Property (IP) solution for accelerating security processing through unique data plane offloading.

Support for cryptographic security has become a basic requirement for many networking and mobile silicon devices. This creates a challenge for semiconductor designers who realize that cryptographic security processing needs assist from dedicated hardware to achieve the levels of throughput required by today's applications. The SafeXcel IP Inline Security Engine takes a significant step beyond traditional SoC security architectures with micro-programmed hardware for intensive packet classification, filtering, and flow processing for every packet. The result is superior data rates across all packet sizes and a significant reduction of general-purpose processor utilization for security functions.

High-Performance Security Processing

The SafeXcel IP Inline Security Engine is the ideal choice for communications processors and general-purpose processors that require maximum data plane offload to dedicated security hardware. The Inline Security Engine delivers precisely the throughput levels the market requires, ranging, depending on the selected protocols, to 2.5 Gbit/s and beyond. For designs that already include or don't require packet classification and flow processing, the product is also available in a configuration that includes only the inline cryptographic processing functionality.

Micro-programmed Packet Classification / Flow Processing

The SafeXcel IP Inline Security Engine provides full data plane processing up to the IP/IPsec layer. This capability is enabled by the engine's unique Packet Classifiers / Flow Processors and is not offered by other security IP vendors. While traditional offerings need to rely on external classification, i.e. classification performed by another processor, the SafeXcel IP Inline Security Engine includes micro-programmed hardware assist for this time-consuming task. For every packet, the Packet Classifiers / Flow Processors perform a sanity check, decide how the packet needs to be processed (either by the host processor or by the Inline Packet Engine) or whether it needs to be discarded (filtering), and take care of the associated administration, such as transform and flow information updates. The Packet Classifiers / Flow Processors autonomously instruct the Inline Packet Engine and the Post Processor which operations need to be performed on the packet.

Inline Packet Processing

The Inline Packet Engine implements various data manipulation functions, including data insertion, data removal, data replacement, data retrieval, and crypto, hash, and checksum operations. The Inline Packet Engine performs such operations on incoming data, as instructed by the Packet Classifier / Flow Processor.

The Inline Packet Engine supports well known algorithms DES, 3DES, AES, SHA-1, MD5, and IPsec, as well as SRTP, SHA-2, MACsec, AES-CCM and AES-GCM. In order to achieve Gigabit rate throughputs, the Inline Packet Engine uses a three-stage processing pipeline. For control plane functions that require public-key acceleration and true random number generation, SafeNet provides separate SafeXcel IP modules that operate under control by a host processor.

Integrated Software Support for Security-enabled SoCs

Integrated software support is increasingly becoming a critical success factor for complex SoCs. SoC vendors and their partners need to be able to provide complete systems to the OEMs, consisting of integrated hardware and software. The SafeXcel IP Inline Security Engine has been designed to work seamlessly with SafeNet's leading QuickSec IPsec Toolkit. The QuickSec IPsec Toolkit's advanced architecture allows data plane processing to be offloaded to an SoC's Inline Security Engine, thereby maximizing application performance. The toolkit also enforces policies upon the Packet Classifier / Flow Processor as part of its control plane functionality. This integration of QuickSec Unified on your SoC will create an excellent value proposition to your customers.

Features

  • Support for IPv4 and IPv6
  • Support for jumbo packets
  • Support for IPsec, SRTP and MACsec packet transforms
  • Support for NAT, NAPT, NAT-T
  • Support for extended sequence numbers
  • Support for IP option and extension header muting
  • Support for complete IP header modifications and updates (length, next-header, TTL, and checksum)

Cryptography support

  • DES/3DES (ECB, CBC)
  • AES-128/192/256 (ECB, CBC, CTR)
  • AES-GCM
  • AES-CCM
  • SHA-1/2 / HMAC
  • SHA-256/512 / HMAC
  • MD5 / HMAC
  • GHASH / AES-Galois Counter Mode
  • AES-XCBC-MAC-96
  • Pseudo RNG for IV generation

Deliverables

  • Synthesizable Verilog RTL source code
  • RTL test bench
  • Simulation script
  • Synthesis script
  • User documentation
  • Driver software
  • Microprograms

Benefits

  • Silicon-proven IP Design
  • Includes Packet Classification and Flow Processing
  • Superior throughput across all packet sizes
  • Integrated with QuickSec IPsec Toolkit
  • Flexible, modular architecture
  • World-class support
     Company | Site Map | Privacy Statement | Contact Us | Send Feedback | Terms & Conditions of Sale
     © 2008 SafeNet Inc. All rights reserved. | Use of this website signifies your agreement to the Terms of Use.