Skip to main content

OS Cryptographics Accelerators coming soon

Hifn announced a company initiative to advance the level of support and ease of use of hardware security processors. Hifn has contracted with Xelerance Inc., the recognized open source security specialists, in a major development effort to make the industry's fastest cryptographic accelerators as easy to use as graphics or sound cards.

The project integrates Hifn's 795x algorithm accelerators, as well as the 7855 and 8155 security processors, with Linux and FreeBSD. The project also includes integration with the Openswan IPsec protocol stack. In the open source world, Openswan is viewed as the most advanced and flexible VPN solution. Once complete, the project will provide customers with a ready to use, fully-integrated, hardware accelerated, IPsec VPN.

"We want to make high-security cryptography easy to use," said Hank Cohen, Lookaside security manager for Hifn. "We chose to partner with Xelerance in this project because they combine tremendous experience in IPsec systems development with an unmatched position of respect in the open source community."

"We were very pleased to work with Hifn to bring this new level of security integration to the open source user community," said Patrick Naubert CEO of Xelerance. "Our users have been clamoring for hardware security acceleration in Openswan and now we can fill that need."

The foundation for this work is the Open Cryptography Framework (OCF) of Keromytis et. al. The OCF is a hardware abstraction layer within the operating system that allows a variety of hardware and software cryptographic service providers to support both in-kernel crypto users like IPsec as well as user space crypto applications like SSL.

Hifn's work with Xelerance extends the OCF in several ways. Early cryptography chips simply accelerated the application of a cryptographic transform to a data buffer. More recent security processors can offload protocol processing as well as perform complete IP to IPsec transforms in a single pass. Hifn's work with Xelerance extends the OCF to take advantage of the added functionality in Hifn's accelerators and processors to support packet processing, as well as integrate the extended OCF functionality with the native IP and IPsec protocol stacks.

Other extensions include support for IPcomp data compression, public key cryptography support and integration of hardware random number generators.

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at ITProPortal.com where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.