Aiming to accelerate virtual private networks, chipmaker Hi/fn
is shipping an encryption processor that combines compression, encryption, and authentication on a single chip.
The security chip, called 7711 Encryption Processor, is designed for routers and other networking equipment to compress and encrypt data without
using the device's main processor, thus improving performance and keeping
data moving faster.
Ascend Communications is already using
the new chip, which was available in test quantities in October, in its Max
6000 remote-access concentrator. 3Com is
adding the 7711 processor to its NetBuilder router as an add-on dual
processing engine (DPE) to give companies virtual private network
capabilities and better performance on their existing networks.
Using a separate chip to compress and encrypt data lets a device handle
more concurrent sessions and provide VPN capabilities.
"Our chip increases throughput and the fastest encryption available," said
Steve High, Hi/fn's director of marketing communications. "Instead of
running on the main CPU of the router, encryption and compression are done
on our chip. That allows performance to keep up."
Other chips can encrypt or compress data and can be used in a multichip
set or as a hardware/software combination, in part because encryption
algorithms run faster on a chip than in software. Atalla, for example, a unit of Tandem/Compaq, offers an encrypt/decrypt
chip designed for handling Internet card payments using the Secure
Electronic Transactions (SET) protocol.
But putting those functions on a single chip results in higher performance,
which is important for companies leasing high-speed T1 or T3 lines that
want to get the full use of the bandwidth. Otherwise that bandwidth is reduced because a
router can't keep up when it's both compressing and encrypting data.
Hi/fn is targeting routers, other network devices, and VPNs as applications
for its chips.
Larry Howard, vice president and analyst at Infonetics Research noted that a
commonly used encryption algorithm, Triple-DES, requires 50 to 100 times
more processing power than straight IP routing. For that reason, he said,
hardware-based VPN solutions provide a critical performance advantage.
Hi/fn's 7711 combines seven compression, encryption, and authentication
algorithm engines on a single chip: Lempel-Ziv-Stac (LZS) and Microsoft
Point-to-Point Compression (MPPC); DES, Triple-DES, and RC4 encryption; and
SHA and MD5 authentication. It also supports the IPSec, SSL/TLS, PPP, and
PPTP networking protocols.
A free 7711 reference design kit is available for manufacturers of routers,
switches, remote access concentrators, and other network equipment to
integrate the chip into their products. The 7711 costs $58 in quantities of
10,000, comes in a 144-pin TQFP package, and is pin-compatible with Hi/fn's
9711 compression coprocessor. It operates on a 3-V supply with a typical
power dissipation of 0.5 W, and all input and output pins are 5-V tolerant.