LinuxDevices.com Archive Index (1999-2012) | 2013-current at LinuxGizmos.com | About  
Follow LinuxGizmos:
Twitter Google+ Facebook RSS feed

Security adapters ship with Linux SDK

Nov 19, 2009 — by Eric Brown — from the LinuxDevices Archive
Share this: Tweet about this on TwitterGoogle+Share on FacebookShare on LinkedInShare on RedditPin on Pinterest

Cavium announced a new line of Nitrox network security adapters that ship with a Linux SDK. The Nitrox XL CN16XX-NFBE family offers a FIPS 140-2-certified hardware security nodule (HSM) with PCI Express Gen2 connectivity and integrated Network Interface Card (NIC) functionality, says Cavium.

The NitroxXL NFBE family is certified to FIPS 140-2 Level 2 and Level 3 standards [PDF link, here], and designed for use in remote access servers, public key infrastructure, database servers, web servers, l4+ switches, load balancers, networking/server appliances, and unified threat management appliances, says Cavium. The adapters offer up to 45,000 RSA operations per second and 5Gbps performance, claims the company.

The Nitrox XL adapters are being integrated into a wide range of HSMs. These are devices with tamper-resistant enclosures, typically offered in the form of a plug-in card or an external security device that can be attached directly to an appliance, server, or desktop computer, according to Cavium.

HSMs provide both logical and physical protection of secure keys from non-authorized use and are widely used to manage digital keys, accelerate digital signings per second, and provide strong authentication to access critical keys for server applications, says the company.

The Nitrox XL CN16XX-NFBE Adapter family is said to support both symmetric and asymmetric cryptographic operations, low power dissipation, and low profile form factors, offering integrated NIC and PCI Express Gen2 capabilities. Functions are said to include secure user login/authentication, user-authorized key creation/deletion, on-card key storage, and secure off-card key archiving/sharing.

The adapters can be used as a typical FIPS-ready HSM device, or customers can add NIC functionality with an option that provides dual gigabit Ethernet ports. In addition, the PCIe Gen2 adapter supports a USB interface for Level 3 applications, says Cavium. The family is offered in multiple SKUs that range in performance from 7,000 RSA Ops/sec and less than 1Gbps throughput, to 45,000 RSA Ops/Sec and 5Gbps, says the company.

The Nitrox adapters are offered with a Software Development Kit (SDK) that includes C-source code for Linux and FreeBSD drivers, says Cavium. The SDK is said to include APIs for OpenSSL, OpenSSH, and PKCS#11, as well as key management utilities, test utilities and reference code.

Cavium's Nitrox processors

Cavium did not offer additional hardware details about the Nitrox XL CN16XX-NFBE Adapters. The company manufactures a line of Nitrox Security Processors, as well as Nitrox DPI CN17XX Layer 7 coprocessors. The Nitrox Security Processors include the top-of-the line Nitrox II chips, which are aimed at "multi-gigabit performance applications in the enterprise edge and data center market segments," says Cavium.

The Nitrox II processors are said to be based on "multiple micro-programmed GigaCipher cores, and support interfaces including SPI-4.2, SPI-3, and PCI-X. Drivers are offered for Linux, BSD and VxWorks.

As we reported earlier this year, Cavium has also introduced a line of Nitrox DPI CN17XX Layer 7 co-processors, which are primarily designed to work with the company's MIPS-based Octeon line of networking system-on-chips (SoCs). These content-inspection coprocessors provide 4Gpbs to 20Gbps of deterministic performance with low latency, support unlimited pattern rule-sets and flows, and ship with a Linux-ready hardware/software kit, says Cavium.

Last week, Cavium announced that it was acquiring MontaVista Software, one of the top two embedded Linux development firms along with Intel-owned Wind River, and a pioneer in pushing embedded Linux as an alternative to proprietary real-time operating systems. The acquisition is expected to be completed next month.

Stated Rajneesh Gaur, Sr. director, Networking and Communications at Cavium Networks, "We developed this product line in close partnership with several major OEMs, who have been extremely pleased with its features and performance, and are using it for a broad range of higher volume applications."

Availability

The CN16XX NFBE FIPS HSM family of adapters is currently under NIST standards-body certification, and prototypes are available now. The production volumes will be available by the end of Q4 2009, and pricing is available on request. More information may eventually be found at Cavium, here.


This article was originally published on LinuxDevices and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.

(advertise here)


Comments are closed.