Understanding Hardware IP Options for Data-in-Transit Protection

This Whitepaper provides technical decision makers for networking silicon with a detailed examination of the available design options for hardware IP acceleration of security protocol processing. The examination includes functional and implementation descriptions as well as the pros and cons of each option, so decision makers can make informed choices for their designs.

The focus is on achieving high throughput ‘Data in Transit Protection’, which translates into a requirement for high speed cryptographic data processing. The performance emphasis is on high-speed data processing, as opposed to high security, or operations requiring high computational loads but little data – this means processing lots of data very quickly, within the context of the resources available to the system. The assumption is that the networking silicon has other things to do than cryptographic processing. Thus, the challenge is not just about doing high-speed crypto. It is about doing high speed crypto while minimizing its impact and footprint on the rest of the system.

Just as Application Processor based systems have evolved over time to become more powerful and more complex, so have the cryptographic coprocessors that accompany these processors. To sketch the broad range of solutions available today, the white paper uses ‘a brief history of cryptographic offloading’ to build a ‘timeline’ of cryptographic offloading solutions, with every step along the way adding additional sophistication to the cryptographic offloading.