Global Sources
EE Times-Asia
Stay in touch with EE Times Asia
EE Times-Asia > Embedded

Security ICs add muscle for faster, deeper inspection

Posted: 16 Mar 2006 ?? ?Print Version ?Bookmark and Share

Keywords:rick merritt? security? integrated silicon? data center?

Security systems are expected to handle ever more jobs at faster throughput rates these days. That fact is causing bottlenecks in current products, pushing systems and chipmakers to offer more integrated silicon and systems for the next generation.

Although the security appliances used in today's data centers often have 100-400Mbps interfaces to the corporate network, many of them are stuck scanning packets at rates as low as 40-60Mbps. "People are either turning some of the security functions off or learning to live with lower network performance," said Tom Moore, VP of sales and marketing at security chip designer Hifn Inc.

In a bid to remove the bottlenecks, the company plans to release its Hifn Pattern Matching (HPM) software, which it says can speed throughput to gigabit rates while shrinking the rules databases used by security appliances. The company claims two OEMs that used HPM saw scan rates hit nearly 1Gbps, while another saw its rules database shrink from about 30MB to as little as 3MB.

"There is indeed such a bottleneck and if their software does what they claim, it should get wide support," said Bob Wheeler, a senior analyst covering security for The Linley Group.

HPM is optimized for X86 CPUs, but is also available for the PowerPC. Hifn sells the code by negotiation for an up-front licensing fee of "a couple of hundred thousand dollars and a royalty of a half to 1.5 percent of the product's ASP," said Moore.

That's a unique approach in an industry otherwise focused on using hardware accelerators or specialty processors.

Startup Tarari Inc. plans to announce the first ASIC-based implementation of its PCI-X coprocessor board today. The T9000 handles content inspection, XML processing and other jobs, complementing a host system.

Another startup, Cavium Networks Inc., recently expanded its line of purpose-built security processors intended to act as the main CPU in a security appliance. New single- and dual-core versions of its Octeon family supporting content inspection sell for $50 to $125.

"The traditional approach has been to add security coprocessors to a system based on a general-purpose processor. But if Cavium is successful with its purpose-built CPU, it could change the game for everyone else," said Wheeler.

The moves come at a time when security systems themselves are becoming more integrated. "All security functions are converging into common God boxes that handle virtual private networking, firewalls, intrusion detection and more," said Russell Dietz, chief technology officer of Hifn.

As one step in that direction, Hifn rolled out two versions of its chips supporting the Secure Real-time Transport Protocol (SRTP). The 8170 and 7870 are specifically geared to serve security needs of voice-over-IP (VoIP) calls in media gateways and border session controllers that live at the edge of public and private networks.

The corporate VoIP systems will typically run at 100-200Mbps, while the carrier systems aggregating consumer VoIP traffic will need to handle 1-2Gbps data rates, Dietz added.

The new chips are versions of Hifn's existing security processors in a 130nm process and are optimized for low latency. Versions of the product can handle raw throughput measured at 550-720Mbps, depending on packet size, Deitz said. The SRTP support comes in the form of new microcode.

The Hifn chips will sell at $110 to $210 in quantities of 1,000.

- Rick Merritt
EE Times

Article Comments - Security ICs add muscle for faster, ...
*? You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.

Back to Top