Hifn announced a company initiative to advance the level of support and ease of use of hardware security processors. Hifn has contracted with Xelerance Inc., the recognized open source security specialists, in a major development effort to make the industry's fastest cryptographic accelerators as easy to use as graphics or sound cards.
The project integrates Hifn's 795x algorithm accelerators, as well as the 7855 and 8155 security processors, with Linux and FreeBSD. The project also includes integration with the Openswan IPsec protocol stack. In the open source world, Openswan is viewed as the most advanced and flexible VPN solution. Once complete, the project will provide customers with a ready to use, fully-integrated, hardware accelerated, IPsec VPN.
"We want to make high-security cryptography easy to use," said Hank Cohen, Lookaside security manager for Hifn. "We chose to partner with Xelerance in this project because they combine tremendous experience in IPsec systems development with an unmatched position of respect in the open source community."
"We were very pleased to work with Hifn to bring this new level of security integration to the open source user community," said Patrick Naubert CEO of Xelerance. "Our users have been clamoring for hardware security acceleration in Openswan and now we can fill that need."
The foundation for this work is the Open Cryptography Framework (OCF) of Keromytis et. al. The OCF is a hardware abstraction layer within the operating system that allows a variety of hardware and software cryptographic service providers to support both in-kernel crypto users like IPsec as well as user space crypto applications like SSL.
Hifn's work with Xelerance extends the OCF in several ways. Early cryptography chips simply accelerated the application of a cryptographic transform to a data buffer. More recent security processors can offload protocol processing as well as perform complete IP to IPsec transforms in a single pass. Hifn's work with Xelerance extends the OCF to take advantage of the added functionality in Hifn's accelerators and processors to support packet processing, as well as integrate the extended OCF functionality with the native IP and IPsec protocol stacks.
Other extensions include support for IPcomp data compression, public key cryptography support and integration of hardware random number generators.