 |
|
DAILY NEWS AND INFORMATION
FOR THE GLOBAL GRID COMMUNITY / OCTOBER 13, 2003: VOL. 2 NO. 41
|
Breaking News -
Security:
Hifn Announces Support For HIPP
Line Of Security Processors
Network security and flow classification market leader Hifn, announced full
IPv6 and WLAN security (IEEE 802.11i), and SSL VPN support for its existing
line of Hifn Intelligent Packet Processing (HIPP) security processors. Hifn
security IC customers need only update software to add support for the latest
protocols.
"We are fully prepared to support our customers as they move forward to
incorporate the emerging IPv6, SSL VPN and IEEE 802.11 'Wi-Fi' wireless
standards," said Chris Kenber, Hifn's chairman and CEO. "Hifn's line of HIPP
security processors allow customers to support new security protocols as they
emerge, rather than absorb the expense of a full hardware upgrade. This allows
Hifn to provide the broadest application and protocol support in the security
processor industry."
IPv6 is the successor to the current version of IP, IPv4. It incorporates
many
new features, most importantly the ability to accommodate a vastly increased
number of addresses. IPv6 creates technical issues that need to be solved in
the IPsec implementation, such as a longer header to manipulate (40 bytes vs.
20 bytes) and handling of IP extension headers. IPv6 includes IPsec security
as a combined part of the standard, as opposed to being a separate option with
IPv4.
Hifn supports all four modes of IPsec tunnel mode encapsulation: IPv4
traffic
inside IPv4 tunnels (legacy support), IPv6 traffic inside IPv4 tunnels
(enterprise upgrades), IPv4 traffic inside IPv6 tunnels (service provider
upgrades), and IPv6 traffic inside IPv6 tunnels. Today, IPv4 packets are
tunneled inside IPsecv4 tunnels. As IPv6 is deployed, first in the enterprise
equipment, and then in the Service Provider equipment, there will be a phase
where IPv4 will be tunneled inside IPv6 and vice versa.
The IEEE 802.11 WLAN committee has developed a remedy to the flawed Wired
Equivalent Privacy (WEP) security mechanism in the original standard. The new
draft standard, TGi, provides two new security mechanisms, one for legacy
equipment and another for new equipment using the AES encryption algorithm for
more robust security. The Temporal Key Integrity Protocol (TKIP), which solves
the existing security problems within WEP for legacy equipment, was
co-authored by Hifn's chief scientist and distinguished cryptographer, Dr.
Douglas Whiting. Until 802.11i is formally ratified, TKIP is part of the Wi-Fi
Protected Access (WPA) specification that enhances the security of 802.11.
Hifn's current security processors are capable of accelerating TKIP, and with
a minimal software update, performance can be further optimized.
Hifn's latest HIPP security processors, sampling now, can perform AES
Counter
Mode encryption with CBC-MAC Protocol (CCMP), in a single pass. The adoption
of CCM, also co-authored by Whiting, delivers definite technical benefits in
the application of 128-bit block ciphers such as AES. The IEEE 802.11
committee plans to ratify the 802.11i wireless security standard, which
includes CCMP, in 2004.
"Hifn's programmable HIPP architecture provides cryptography functions
combined with packet processing offload, allowing the simultaneous support of
a variety of protocols and the ability to support new protocols as they
emerge," said Sanjay Iyer, senior analyst at The Linley Group. "This allows
Hifn to respond quickly to emerging protocols, for instance wireless protocols
such as TKIP, by offering support across their entire line of security
processors through new firmware releases. Thus, Hifn is well positioned to
serve the evolving security needs of the wireless market."
SSL, the security protocol for e-commerce, is beginning to play a role in
the
remote access VPN space. SSL VPNs provide remote users with secure, controlled
access anywhere via any Web browser. By utilizing the SSL protocol supported
by all Web browsers, SSL VPNs offer clientless remote access solutions for
many applications.
Hifn's security processors offer the unique ability to dynamically handle
both
IPsec and SSL processing. By leveraging existing software and protocol support
for both IPsec and SSL, Hifn security processors can now support emerging
applications that possess both IPsec VPN and SSL VPN functionality. Hifn also
supports TLS and proposed AES ciphersuite extensions to TLS. TLS enhances
SSL's older key exchange and message integrity options, for even stronger
security. Hifn's IPsec and SSL solutions deliver high connection rates and
scale to multi-gigabit throughputs.
Hifn was the first company to introduce security processors with
intelligent
packet processing to offload the Host CPU or NPU by handling both packet
transformations and protocol processing, resulting in increased system
efficiency. Hifn was the first company to offer a security chip that performs
the entire SSL handshake in a single device. Hifn was also the first company
to introduce security devices with multiple protocol support, and Hifn
continues to be the only vendor offering devices that dynamically allocate the
processing of multiple protocols. IPv6, TKIP, TLS, and CCMP represent the
latest additions to the suite of protocols currently supported by Hifn
devices, which include IPsec, PPTP, TLS, SSL and CCP.
Hifn's security processors are currently being sold to many of the top
network
equipment manufactures.
|