Carrier-grade IPsec SDK for Networking OEMs
QuickSec® Server Toolkit enables developers to build robust IPsec VPN gateway software stack. QuickSec® Server Toolkit is a complete IPsec SDK written in highly portable C source code and delivered with extensive documentation. QuickSec® Server Toolkit enables robust and standards compliant authentication, confidentiality, and data integrity for security gateways, routers, printers and network servers.
With hundreds of proven OEM implementations, QuickSec® provides the advanced levels of protection, reliability, and performance mandated by OEM customers and industry standards.
As our customers develop products that must work seamlessly with various IPsec implementations, QuickSec® IPsec Server supports the 100+ standard specifications required to interwork with the various flavor of IPsec. The QuickSec team has worked on IPsec technology for 20 years, and INSIDE Secure co-authored the latest IKEv2 specification (RFC 7296). Interoperability is verified as part of the QA process in INSIDE Secure’s own laboratory.
True Multicore Support
QuickSec® IPsec Server offers true multicore support for maximum scalability. The QuickSec® data plane supports multicore bare-metal implementations as well as various hardware accelerated and software based architectures. The QuickSec® Policy Manager and IKE stacks can utilize multicore environments to achieve best tunnel setup rates optionally taking advantage of hardware acceleration.
Robust Security Performance through Hardware Acceleration
To accelerate performance-critical security algorithms and protocols, QuickSec® IPsec is commonly deployed with many popular security processors such as Cavium Octeon and Nitrox. It also provides support for EZchip TILE Gx series. It is designed to integrate with new or proprietary crypto hardware through well documented APIs. QuickSec® IPsec can take full advantage of a very wide range of hardware accelerators, including plain crypto cores, packet engines, inline hardware accelerators, bare-metal fastpaths as well as public key accelerators.
Security SoC Platform Support
The QuickSec® IPsec Server and Client Toolkits are the first compatible client-side and server-side development tools implementing the most current IPsec security features including MOBIKE, IKEv2, stateful TCP/IP firewall, IPv6/IPv4 support, 64-bit platform support, and pre-integration with specialized mobile and network processors providing cryptographic hardware offload.
Robust Security Performance through Hardware Acceleration
The QuickSec® Toolkits are also an ideal IPsec solution for security-enabled SoCs from silicon vendors that have integrated INSIDE Secure’s hardware security engines into their products to provide robust, high-speed security functions. QuickSec® has been optimized to seamlessly interoperate with the INSIDE Secure security engines embedded in devices from vendors such as AMCC, AMD, and PMCSierra, resulting in excellent security system performance and unparalleled ease of integration.
The server toolkit also includes remote access features and high availability APIs for import and export of IPsec security associations for device redundancy and failover. The small runtime footprint with linear deterministic memory allocation ensures seamless scalability to meet the highest performance demands.
IKEv1, IKEv2 and Certificate Functionality
- IKEv2 (RFC 7296)
- IKEv2 Fragmentation (RFC 7383)
- IKEv2 Redirect (RFC 5685)
- MOBIKE (RFC 4555, RFC 4621)
- Dead peer detection (DPD)
- RSA, DSA and ECDSA public key algorithms (IKE signature modes only)
- Diffie-Hellman key exchange algorithm
- Perfect Forward Secrecy (PFS) option
- IKEv1 main mode and aggressive mode
- Shared secret authentication
- Certificate-based authentication (full PKI support)
- NAT-Traversal (NAT-T)
- Authentication: Pre-Shared Keys (PSK), XAUTH, Certificates, Extensible Authentication Protocol (EAP)
- Multiple Authentication (RFC 4739)
- RSA signature support for SHA2 in IKE according to NIST Special Publication 800-131A
Complete IPsec Cryptography
- Cipher Algorithms:
- GMAC-AES, 3DES
- MAC Algorithms:
- Asymetric cryptophy algorithms:
- ECC DH
- ECC DSA
- PKCS#1, PKCS#5, PKCS#7, PKCS#8, PKCS#10, PKCS#12
- Elliptic Curve Cryptography:
- Brainpool Elliptic Curves (RFC 5639, RFC 6932)
- ECDSA (RFC 4754)ECP Groups (RFC 5903)
- Elliptic Curve Digital Signature (ECDS)
- FIPS140-2 certified cryptography as an optional commercial option
- X.509v3 (PKIX) certificate profile support
- X.509v3 (PKIX) certificate revocation list (CRL) support
- Certificate distribution point support, with LDAP and HTTP
- On-line certificate status checking, using OCSP
- Standard-based certificate enrollment support, using SCEP and CMP.
- RSA signature support for SHA2 in certificates according to NIST Special Publication 800-131A
Remote Access Support
- Built-in IP address allocation
- NAT, NAT Traversal
- EAP authentication
- RADIUS server authentication
- LT2P support
- IPsec AH and ESP transforms.
- IPComp Compression Transform
- Transport mode and Tunnel mode
- L2TP support
- NAT-Traversal support
- Manual (externally generated) and IKE keying support
- Support for nested IPsec tunnels.
- Dead peer detection (DPD) support in the form of Idle flow notification.
- IPv4 and IPv6 support:
- Ipv4 over Ipv6, Ipv6 over IPv4, IPv6 over IPv6
- DHCPv4 and DHCPv6
- High availability APIs import/export of IPsec SAs
- Support for Linux 4K kernel stacks
- Detailed debug logs including per-tunnel debug
- Stateful TCP/IP firewall with attack prevention
- Kernel.org Linux kernel versions 2.6.32, 3.2, 3.4, 3.10, 3.12, 3.14, 3.18 and 4.1.
- Other OS's through portability layer
Features & Benefits
- Multicore capable control and data plans
- Secure Mobility with Support for MOBIKE
- Proven Reliability and Interoperability
- Seamless & Massive Scalability
- Carrier-grade with support for more than a million concurrent tunnels and unbeaten tunnel setup rates
- Standards-Based VPNC Certified Compatibility
- Broad OS and Hardware Acceleration Support
- Deterministic Memory Allocation and Resource Utilization
- Integrated Client and Server IPsec Toolkits
- Reduced Development Cost and Time
- World-wide OEM Customer Support