Hardware-Security Overview: VPN 101 and Security Processing

To achieve high-performance security processing with dedicated hardware, users must understand basic security concepts and technology.

By Bill Anderson, Safenet

Today's communications and networking systems need to include security features to provide authentication, integrity, and confidentiality. Authentication will ensure communication with only authorized users or machines, while integrity is needed to ensure that data hasn't been changed during transit. Confidentiality will ensure that data is kept confidential and protected against eavesdropping. All three of these aspects are implemented through a variety of security protocols and algorithms.

Security features are the foundation of gateways, routers, unified security appliances, broadband-access devices, and cell phones. They also form the roots of applications like digital rights management, e-commerce, and virtual private networking (VPN). As the name suggests, VPNs are a private data network that uses the existing public telecommunications infrastructure. These networks maintain privacy through the use of a tunneling protocol and security procedures. Typical VPN security functions include standard security protocols, such as Internet Protocol Security (IPsec) and Secure Socket Layer (SSL). The IPsec system is ideal for securing high-performance, long-term VPN connections between devices (e.g., traffic between network gateways). Similarly, the SSL is well suited for securing short-term VPN connections from a host to many users (e.g., online banking transactions, e-commerce).

Cryptography, or the application of codes and ciphers, is the foundation of networking security. All security protocols use a variety of standard crypto algorithms for the encryption/decryption of data (DES/3DES, AES, ARC4), public-key encryption (RSA, ECC), and message authentication (SHA-1, SHA-2, MD5)--to name a few (see the Table).

Network bandwidth availability can be increased through technologies like Gigabit Ethernet, 802.11n, and 3G/4G wireless. Such increases drive customer demands for higher system performance of communications and networking systems. In turn, the security processing within these systems cannot become a bottleneck for overall system performance. Crypto-based security performs very computationally intensive mathematical algorithms. It therefore becomes a challenge to accelerate security processing beyond Gigabit- level performance.

Higher Performance through Hardware
One of the best ways to achieve a high level of performance is to build security processing in dedicated hardware ICs that are optimized to quickly process specific security algorithms, such as AES. This is in contrast to processing the algorithms in software only by using a general-purpose CPU to execute the security algorithm code. Another advantage is that hardware security is almost impossible to tamper with, whereas software code is comparatively easy to access and alter. For power-constrained applications, dedicated hardware also has the advantage of being much more power efficient than general-purpose hardware (i.e., a CPU executing security software).

Phase 1: Security Co-Processors
Over the last decade, the trend to hardware- based security has led to dedicated security co-processors. These co-processors perform security functions and take most of the security-processing burden off of the standalone general-purpose CPUs. In these dual-chip architectures, security co-processors provide the benefits of higher throughput and lower CPU utilization (during security processing).

Furthermore, the co-processor model has minimal impact on the system/software architecture. It also ensures flexibility: The co-processor only needs to be present if security acceleration is needed.

Phase 2: Security-Enabled Processors
The co-processor model is partially being replaced by cost-efficient single-chip solutions. With the need to provide competitive differentiation and the trend toward ever-greater levels of integration and throughput, chip manufacturers have begun to integrate dedicated security processing directly into their NPUs, communications processors, and application- specific integrated circuits (ASICs). Compared to previous co-processor security architectures, these new single-chip, security-enabled processors feature lower cost, higher performance, lower power consumption, and higher levels of security.

Traditionally, security processing in hardware was limited to the bulk crypto processing of specific granular algorithms, such as AES. In the next step, more advanced security functionality like higher-level protocol processing (IPsec, SRTP, SSL) gets embedded into hardware. It is combined with cipher/hash processing.

Small-Packet Challenge
In many systems, the security processing of large IP packets (1500 Bytes) has been accelerated to multi-Gigabit performance. Yet achieving the same performance levels for small-packet (40-Byte) security processing has so far been quite a challenge. The percentage of overhead and associated packet processing is much higher for a given data stream of small packets than it is for big packets. The performance of small-packet security processing has been a problem for security system designers for a long time.

This situation is made more critical with the expected rise of small packets in today's data traffic. This rise will largely be driven by applications like voice-over-Internet-Protocol (VoIP). Specifically, the architectural bottleneck to higher packet performance exists because each packet still needs to be processed--to some extent--by the general-purpose CPU. Such processing must take place both before and after the packet gets offloaded for security processing to the embedded security accelerator. For small packets, this CPU processing burden is relatively higher.

Phase 3: Inline Security Processing
In 2005, SafeNet introduced a chip solution for completely autonomous packet processing (fastpath inline security processing). In contrast to the previous, so-called "look-aside" security architectures (see Figure 2), this concept of inline security processing eliminates any security- processing-related interaction with the general-purpose CPU core (e.g., packet classification, filtering, and flow processing). It also offloads all security functions to the dedicated inline security engine. The result is superior data rates across all packet sizes and a reduction of general-purpose- processor utilization for security functions.

Bill Anderson is Vice President of Marketing at SafeNet's OEM/Networking Division. He oversees networking security products including semiconductor IP and chips for hardware acceleration, security protocol stacks, and advanced VPN software toolkits. Anderson has Bachelors and Doctorate degrees in Electrical Engineering with specialization in cryptography from the University of Waterloo, Ontario, Canada. His expertise is in cryptography, speech coding, digital communications, and information theory.