Discretix IPSec Accelerator
Discretix IPSec Accelerator (DxIPSA) offers a wide range of solutions for the acceleration of both cryptographic and protocol-related IPSec operations. DxIPSA is a robust embedded security solution for semiconductor designers, guaranteeing quick time-to-market, and significantly decreasing design and engineering costs.
Today’s networks are the backbone of an increasingly connected world, transporting high-definition content, rich multimedia services and sensitive corporate information. Faced with ever-increasing bandwidth requirements, SoC designers must expand network throughput while maintaining robust security. The traditional approach to securing network traffic used symmetric hardware cryptographic cores to accelerate data processing, while the sequencing of cores – required by the protocol – was performed by the host processor. DxIPSA addresses the requirements of broadband networks with a high-performance, integrated IPSec acceleration engine that supports a wide range of algorithms and protocol-related operations. DxIPSA provides an enhanced processor off-loading by adding dedicated hardware to perform core-sequencing and protocol related operations.Technical Overview
Via a slave interface, the host processor defines which packets should be processed by DxIPSA. In order to minimize processor intervention, the number of aggregated and processed packets is configurable.
The DxIPSA obtains the relevant Security Association (SA) parameters per packet from the Security Association Database (SAD), via a DMA master port1.The DxIPSA then initializes a processing unit to handle the packet. The processing unit streams the packet (using a DMA master port) through the required cryptographic engines, adds/removes required header/trailer, and sends it to a configured place in memory. Local packet memory is not required.
The DxIPSA engine can have between 1-8 internal processing units, all of which are identical, and capable of processing inbound or outbound IP traffic.
DxIPSA Engine - Potential Connection Schemes
- Improved host processor offloading using dedicated hardware
- Flexible and scalable implementation
- Power-efficient solution
- Highly-configurable - variety of interfaces and cryptographic capabilities
- Ease of integration and quick time to market
- Synthesizable Verilog RTL source code
- Test vectors and testing documentation
- Synthesis script and constraints
- System architecture specification
- Hardware and software integration guidelines
- ANSI-C software reference code
- Comprehensive acceptance test program