Broadcom security chips employ BlueSteel architecture
By Loring Wirbel
EE Times
(05/16/00, 3:02 p.m. EST)
LAS VEGAS ? At the recent Networld+Interop show, Broadcom Corp. is offering a security chip that combines support for Internet Protocol secure (IPsec) with Internet key exchange and secure socket layer (SSL) services.
The BCM5805 UBSEC+ device, which was shown last week at the Networld+Interop show here, bears the fruit of Broadcom's recent acquisition of BlueSteel Networks Inc., a security IC specialist.
The chip is the first in Broadcom's CryptoNet family, which will extend from single-user cable modem and digital subscriber line modem applications to large central-office routers and switches, said product line manager Joe Wallace.
The introduction of the multifunction chip propels the CryptoNet family beyond the bulk-encryption markets served by Hi/fn Inc. and Rainbow Technologies Inc., and directly into the multiple-function world occupied by products like the Luna 340 integrated chip from Chrysalis-ITS Inc.
The processor can support IPsec at full-duplex 155-Mbit/second line rates, and can process 250 Diffie-Hellman key exchanges per second. Broadcom will be developing a set of security programming interfaces to allow third-party software developers to work with the architecture, and Wallace said that Broadcom is initiating discussions on certificate authority functions with vendors such as Entrust and Verisign.
The Software Reference Library provided by Broadcom provides a link to TCP/IP protocol stacks via IPsec software. Drivers specific to the operating system (for Windows 2000, Linux, NT, FreeBSD Unix and VxWorks) sit on top of the reference library, and application-specific library interfaces are provided for SSH, OpenSSL and Bsafe packages.
Powerful comparison
Marty Colombatto, vice president and general manager of networking products at Broadcom, said that hardwired elements such as a random number generator and dedicated encryption and hashing blocks are responsible for giving the BlueSteel core the equivalent of 10,000 Mips of software-based security processing. It would take up to 12 Pentium III processors to support the level of virtual private network tunnel creation and encryption enabled by the BCM5805, Colombatto said.
BlueSteel cores first showed up in the BCM5801 device, an encryption coprocessor designed prior to the Broadcom acquisition. But the BCM5805 is the first multifunction security chip capable of operations such as public-key cryptography acceleration, SSL processing and digital key exchange. The 155-Mbit/s rate can support triple-DES or Secure Hash Algorithm-1 operations at 310 Mbits/s.
The processor has an integrated PCI bus interface and uses PCI memory to offer unlimited security association support. Also on the chip is a hardwired direct memory access controller engine, which helps the processor handle flows with small packets.
The device is available in a 144-lead LQFP, and is priced at $100 each in quantities of 1,000.
eetimes.com |
