SafeNet, The Foundation of Information Security
 
 
 
sample image
   SafeXcel 1840 - High-Performance Security Co-Processor
Customized solutions from world-renowned designers.

SafeXcel 1840 - High-Performance Security Co-Processor

The SafeXcel™-1840 is a highly integrated, high-speed network security co-processor targeted to VPN applications in mid-to high-range network devices and appliances. With the SafeXcel-1840, host processors off-load not only packet processing but also the Public Key computations, optimizing overall system performance.

Overview

Designed for the VPN Appliance Market and Optimized for IPSec
With the acceleration of VPN performance in mid-to high-end network devices and appliances as a design focus, the SafeXcel-1840 security co-processor provides powerful and efficient IPSec processing. By accelerating only the critical and processor-intensive security functions, the SafeXcel-1840 delivers an excellent value proposition to manufacturers in the VPN appliance market.

The SafeXcel-1840 also accelerates the algorithms used to implement SSL VPNs, allowing vendors to create multi-functional security appliances with a single security co-processor.

Efficient Data, Control and Management Architecture
The SafeXcel-1840 incorporates separate interfaces for data, control and security association database access, enabling fast packet processing and highly efficient control and SA management systems. It also incorporates convenient and common hardware interfaces, supporting PCI-X and S/DRAM memory interface capabilities to ensure easy integration with the widest variety of network and host processors, such as IBM NP4GS3, Intel IXP 2400, and Agere APP5xx.

Broad Platform Support
Full driver support is available immediately for development on most common operating systems including Windows, Linux and VxWorks. A variety of other operating systems are already supported, and additional OS driver support is delivered on request.

Complete VPN Security Features
The SafeXcel-1840 incorporates a complete suite of security features in hardware, including:

  • IPSec, ESP, and AH transforms
  • Basic encrypt/decrypt and hash operations
  • SSL, TLS, and MPPE cryptographic operations

Core algorithms are supplied in the SafeXcel-1840, along with surrounding protocol handling, including header insertion and stripping. The hardware includes several features unavailable with competing chip solutions, including:

  • ESP header insertion/validation, including SPI and replay counter processing
  • Full AH 'mutable bit' processing, including IPv4 options fields and IPv6 extension headers
  • HMAC ICV validation on inbound packets
  • Automatic IV generation and insertion
  • ARC4 key replication, key scheduling, and MPPE-specified key update

Full Suite of Algorithms
The SafeXcel-1840 incorporates all of the necessary algorithms for IPSec and SSL applications:

  • AES, DES, Triple-DES and ARC4 encryption
  • MD-5 and SHA-1 Hashing with HMAC
  • Public Key computations:
    - Diffie-Hellman Key Negotiation
    - RSA Encryption & Signatures
    - DSA Signatures
  • Random Number Generation

With the SafeXcel-1840, host processors can off-load the cryptographic computations needed for key management handshaking (i.e. IKE) - which can seriously affect system performance. The Public Key Accelerator in the SafeXcel-1840 typically provides more than 200 times the performance of a 32-bit RISC processor.

Power, Flexibility, and High-Assurance
The SafeXcel-1840 offers design flexibility with a variable-rate public key operations clock, allowing trade-offs between public key processing speed and power consumption. And as a feature of SafeNet's commitment to high assurance design, the SafeXcel-1840 chip is outfitted with FIPS compliant cryptographic algorithms - allowing our customers to achieve FIPS 140-2 certification for their appliances.

Gigabit Throughput
The SafeXcel-1840 achieves high throughput with fast core processing engines and an integration strategy carefully designed to remove performance bottlenecks.

A hardware-enabled Descriptor Ring, located in on-chip Dual-Port Memory, controls packet movements. This allows asynchronous processing between the Host and the SafeXcel-1840. Descriptor Ring processing also allows multiple packets to be queued for processing. Thus "starving" of the SafeXcel-1840 is avoided.

An on-chip DMA controller intelligently allocates packet requests among the multiple packet engines. Each packet engine contains dedicated core

crypto and hashing engines, allowing them to work independently. Each engine also contains its own pair of 2K-byte packet buffers, providing efficient burst transfers of data.

A high speed Host PCI-X bus interface supports efficient data paths to the chip. As a result, the SafeXcel-1840 design can support half-duplex OC-12 when processing IPSec with the worst-case algorithms (Triple-DES and SHA-1) and 1500-byte packets.

Applications

  • Crypto Engine for Internetworking Devices
  • Routers and Switches
  • VPN Gateways
  • Firewalls
  • Server IPSec or SSL accelerator
  • iSCSI Storage Security
  • Workstation Security Module
Related Links
Related Documents
     Company | Site Map | Privacy Statement | Contact Us | Send Feedback | Terms & Conditions of Sale
     © 2009 SafeNet Inc. All rights reserved. | Use of this website signifies your agreement to the Terms of Use.