Encryption migrates to silicon as Net traffic swells
By Will Wade, EE Times
May 4, 2001 (9:15 AM)
URL: eetimes.com
SAN MATEO, Calif. — As traffic on the Internet swells, so does the market for security ICs, a field that barely existed a few years ago but is now predicted to grow into a billion-dollar market within a few years. Activity in security processors is heating up, with new entries recently announced by Hifn Inc. and Chrysalis-ITS Inc. and more expected from a growing list of vendors.
"Every OEM is looking to design in encryption parts now," said Mark Taber, vice president of sales and marketing for Chrysalis, an Ottawa-based company that specializes in secure socket layer chips and encryption software. "We're counting on lots of growth in our semiconductor division."
More traffic on the Internet means more e-commerce activity and a higher percentage of traffic that needs encryption, said Russell Dietz, chief technology officer at Hifn, the Los Gatos, Calif., company that was one of the first to produce hardware-based encryption devices for the virtual private network market. Also, more users are accessing their corporate networks from home offices, and this too is driving the market for encryption ICs, Dietz said.
Hifn has just released its latest-generation chip, the HIPP II 8154 security processor, which can operate at up to 2.5 Gbits/second. Incorporated into switches and routers from companies like Cisco Systems Inc. and Nortel Networks Ltd., the processor is designed to encode and decode data traffic between employees who are connecting to corporate networks from the field.
This kind of private connection is generally termed a virtual private network (VPN), and Dietz claims that Hifn controls more than three-quarters of the total market for VPN encryption chips. The main competitor is Broadcom Corp., which bought into this market last January with the acquisition of BlueSteel Networks Inc., which owns most of the rest of the VPN market.
While few individual users require a dedicated connection at those speeds, Dietz noted that the ballooning number of VPN users means a corporate LAN will need to aggregate and process encrypted data streams in the gigabit range now, and in the multigigabit range in the near future.
Chrysalis, for its part, has just launched its second-generation device, the Luna 510. It can establish 10,000 parallel encrypted secure socket layer (SSL) connections, against several hundred for competing parts now on the market, Taber said.
Later iterations will be able to quadruple that speed, and Taber said these are the performance benchmarks that will make SSL an indispensable part of the Internet infrastructure.
"If the Internet is going to take off as a vehicle for [business-to-business and e-commerce] transactions, then it must be secure," said Taber. "And as bandwidth increases, these companies are realizing they must do it in silicon. There's no other way."
According to Jeremey Donovan, an analyst at market research house Gartner Dataquest (San Jose, Calif.), the encryption sector is subdivided into two main markets: the more established VPN sector, which delivers protection for direct connections between users and enterprise networks; and SSL, which provides security using the SSL protocol for Internet browser-based transactions.
Migration to hardware
Both need the technology to migrate from software to hardware, for both technological and economic reasons. The increased bandwidth requirements are a main factor pushing encryption out of software, because software can no longer process encrypted data at gigabit speeds. One way to solve this problem is to install more servers, but this is a far more expensive option than implementing a separate encryption system with dedicated silicon.
Another reason to put encryption in dedicated silicon is that it works better there than as part of a general-purpose processor, said Linley Gwennap, president of market research firm The Linley Group (Mountain View, Calif.). He noted that the process of repeatedly scrambling and unscrambling data is a simple mathematical computation, but one that's not much like any of the other functions a microprocessor must do as it powers a switch or router.
"Encryption algorithms are pretty difficult to implement efficiently on a general-purpose CPU," Gwennap said, "but it is pretty straightforward to design a specific piece of hardware to do it."
Gwennap said that he has seen "a big increase in the number of companies working on encryption hardware. Whenever you see this many companies jumping into the market, you have to figure there's a reason for it."
Each subsegment has compelling reasons for the hardware transition. In VPN it is the cost of dedicated telecommunications links. When companies had just a few separate offices, they could lease dedicated lines, which were private and secure, from the telecommunications carriers. But now, with numerous branch offices, home offices and traveling employees, it's too expensive to give everyone a private line. Shifting traffic to the public lines, and encrypting it with a VPN connection, is a more attractive option, said Jeff Wilson, executive director of market research firm Infonetics (San Jose).
In the SSL sector, the presence of encryption can make or break an online sale, and no company will be willing to lose business simply because they didn't offer a secure connection. With bandwidth requirements going up, that necessitates an SSL accelerator system, which sits in a data center and encodes and decodes traffic going in and out of a Web site.
"VPN technology is less for security than for allowing cheap connections. It is a commercial application that can save money," said Wilson. "And in the SSL space, encryption is a commercial application that makes money."
And those value propositions mean a healthy, growing market segment. Wilson estimates that total sales of both silicon and systems in the VPN space will grow from some $2.1 billion this year to $7 billion in 2005. Anecdotal evidence suggests that the SSL segment will see a similar growth rate.
Starting small
Growth is the key word, because the market now is relatively new, and relatively small. Chrysalis' Taber estimated the total demand for dedicated SSL chips today at only a few thousand devices per month, but said that the market could reach $200 million within three years.
The VPN market is also faring well, according to Hifn's Dietz. He estimated the VPN market today in the $200 million range, but expects it to reach $750 million by 2004.
Dietz said customers are now starting to see security as a must-have feature, and that is keeping sales up even as the rest of the technology market has slumped. "In comparison to the broader market, we haven't been as affected [by the downturn]," he said.
"Security is one of the areas that is weathering the storm well," said analyst Wilson. "As it has become a mainstream technology, the customers are being forced to play a catch-up game."
FYI,Jim |
