The Linley Group

A Guide to Security Processors and Accelerators,
Seventh Edition

Table of Contents

Preface	xvii
Executive Summary	xix

Chapter 1. Security-Processing Concepts	1
Cryptography Basics	1
Why Use Encryption?	1
What Is Encryption?	1
Cryptography Concepts	2
Keys and Key Exchange	2
Hashing	3
Authentication	3
Cryptography Applications	4
Virtual Private Networks	4
Secure Browsing	4
Wireless Voice and Data Security	4
TCP and Network-Level Security	5
TCP Termination and Proxies	6
Denial-of-Service Attacks	7
Firewalls	7
Intrusion Detection and Prevention	9
Regular-Expression Matching	9
Content Inspection	11
Compression	11
Virus and Spam Prevention	12
Application-Level and XML Security	12
Chapter 2. Security Standards	15
Cryptographic Algorithms	15
DES and 3DES	15
Advanced Encryption Standard (AES)	16
RC4	16
SHA-1, SHA-2, MD5, and HMAC	17
Diffie-Hellman Key Exchange	17
RSA	18
DSS and DSA	19
Elliptic-Curve Cryptography	19
LZS and Deflate	19
Security Protocols and Standards	20
IPSec	20
IKE	22
IPComp	23
L2TP and PPTP	23
SRTP	24
SSL and TLS	24
FIPS 140	25
Port-Based Network Access Control and MACSec	26
Wireless Security Protocols	26
Wi-Fi and 802.11	26
3G Wireless and WiMAX	27
Chapter 3. Security-Processor Background	29
Integrated Security Processors	29
Common Characteristics	30
Content-Inspection Accelerators	31
VPN and SSL Accelerators	32
Accelerating Encryption	32
Common Features	33
Software Issues	35
Measuring Performance	36
Algorithms	36
Measuring Wire Speed	37
Packet Size	38
Protocol Throughput	38
Content Inspection	39
Chapter 4. Trends and Market Overview	41
Network-Security Equipment	41
VPN / Firewall	41
Single-Application Appliances	42
Layer 4–7 Switches With SSL Termination	42
Unified Threat Management Systems	43
Technology Trends	43
Emergence of Integrated Security Processors	43
Multicore Performance Scaling	43
SSL VPNs	44
Advances in Cryptography	45
IP Licensing	45
Market Data	46
Market Size and Segmentation	46
Market Share by Vendor	47
Market Forecast	47
Chapter 5. Integrated Security Processors	49
Cavium Octeon	49
Company Background	49
Key Features and Performance	50
Security-Design Details	52
Product Roadmap	55
Conclusions	55
Freescale MPC8548 and MPC8572	56
Company Background	56
Key Features and Performance	57
Security-Design Details	58
Product Roadmap	61
Conclusions	61
Intel Tolapai	62
Company Background	62
Key Features and Performance	63
Conclusions	64
Netronome	65
Company Background	65
Key Features and Performance	66
Security-Design Details	68
Product Roadmap	70
Conclusions	70
RMI XLR and XLS	71
Company Background	71
Key Features and Performance	72
Security-Design Details	74
Product Roadmap	76
Conclusions	77
Tilera Tile64	78
Company Background	78
Key Features and Performance	78
Conclusions	80
Chapter 6. Content-Inspection Accelerators	83
cPacket	83
Conclusions	84
LSI (Tarari)	84
Company Background	84
Key Features and Performance	85
Design Details	87
Product Roadmap	89
Conclusions	89
NetLogic NETL7	90
Company Background	90
Key Features and Performance	91
Conclusions	92
Sensory Networks	92
Chapter 7. VPN and SSL Accelerators	95
Broadcom BCM58xx	95
Company Background	95
Key Features and Performance	96
Design Details	97
Conclusions	98
Cavium Nitrox	99
Key Features and Performance	99
Design Details	101
Conclusions	103
Hifn ASP	104
Company Background	104
Key Features and Performance	104
Design Details	106
Conclusions	109
SafeNet SafeXcel	109
Key Features and Performance	110
Design Details	112
Conclusions	115
Chapter 8. Product Comparisons	117
Integrated Security Processors	118
SMB-Class Processors	118
Enterprise-Class Processors	120
High-Throughput Data-Plane Processors	123
Content-Inspection Accelerators	125
VPN and SSL Accelerators	128
Lookaside VPN Accelerators	128
Flow-Through VPN Accelerators	130
SSL Accelerators for E-Commerce	131
Chapter 9. Conclusions	133
Vendor Outlook	134
Market Directions	136
Appendix: Further Reading	139
Index	141

List of Figures
List of Tables