Embedded Network Security Design

Held September 13, 2007

Session 1: Security Technology Overview

Bob Wheeler, senior analyst at The Linley Group, will present an overview of security technologies (e.g., VPN, DoS, firewall, IDS/IPS, antivirus), where they are being deployed in the network, and the available merchant silicon for implementing these technologies.

Session 2: Innovations in Secure Communications Processors

This session, moderated by Linley Gwennap, examines the latest innovations in communications processors aimed at improving system security and security performance.

A Scalable Architecture for Acceleration and Trust
     Geoff Waters, Senior Systems Engineer, Freescale

To many, the term “network security” brings to mind VPN and crypto acceleration for IPSec. A broader view of security would include not just cryptographic protection of data in motion, but also stronger authentication of users and systems as well as hardening the network infrastructure against direct attacks. This presentation will examine future embedded communication processor features, which can allow system developers to scale system performance and harden systems while considering a broad spectrum of network security threats.

Multicore IA, QuickAssist Technology, and the “Tolapai” Integrated IA Processor
     Frank Gates, Platform Solutions Architect, Intel

The Intel Architecture (IA) is known for its versatile instruction set, backward compatibility, continued innovation, rich SW ecosystem, and leading performance. Intel's recent multicore innovations extend this architecture leadership to support high throughput and complex content processing in security platforms. In this presentation, Intel will also describe new IA innovations including Quick Assist Technology and the new code-name Tolapai system-on-a-chip processor.

Enabling Broad Security Services at Multi-Gigabit Speeds with the Tile Processor
     Anant Agarwal, CTO, Tilera

Today’s network security solutions integrate a wide variety of security services, including firewall, IDS/IPS, virus scanning, Spam filtering, and VPN processing. Combined with the increase in network speeds from 1Gbps to 10Gbps, this has created an enormous demand for compute power in security applications. Tilera will discuss its recently announced TILE64 processor and the opportunities that an array of 64 processor cores on a single chip affords in designing a high-performance and flexible security platform.

Session 3: Pervasive and Cost-Effective Content Inspection

This session, moderated by Bob Wheeler, will examine new silicon architectures that lower the cost of content inspection or deep-packet inspection, enabling broader integration of these functions.

Embedded Network Security: Let's Get Real
     Rony Kay, President and CTO, cPacket Networks

The evolving network needs centralized and localized functions to support pervasive visibility and security. The solution for pervasive security is to embed cost-effective visibility and enforcement capabilities into network infrastructure. In this talk, cPacket will discuss its novel silicon architecture for inspecting every bit in every packet at line rate and for enforcing policies.

Scaling the Cost of Unified Threat Management
     Dave Finlay, VP of Product Management and Co-founder, Tarari

Enterprises worldwide have rushed to deploy Unified Threat Management (UTM) devices to protect their external network gateways. But historically, the cost of providing similar deep-packet security has been prohibitive to SMB and residential deployments due to the high cost of specialized silicon. This talk explores why popular enterprise gateway processing techniques don't scale down to SMB and residential gateways and introduces a technology—Tarari's T10—that does.

Session 4: Securing Network-Equipment Designs

Security functions are no longer isolated to dedicated network-security equipment such as VPN/firewall appliances. As cryptography and other security technologies become more widespread, network-equipment vendors increasingly need to embed these technologies in their designs. This session, moderated by Bob Wheeler, examines the application of intellectual property and merchant chips to meet these evolving OEM requirements.

Securing and Optimizing SAN-Replication Links
     Russell Dietz, CTO, Hifn

Mission-critical enterprise applications are driving demand for higher availability, which, in turn, is driving the need for broader deployment of data replication. At the same time, protection against data leakage and the increased frequency of replicated data exchanges have created a need for securing replication links while also reducing the data required to travel over those links. In this talk, Hifn will present a solution to help storage OEMs rapidly implement data encryption and compression to replication modules in their storage fabrics and systems.

Embedded Security Solutions for High-Performance Networking Devices
     Steve Singer, Systems Engineering Manager, SafeNet

With the next-generation of communication products demanding solid security functionality in combination with higher and higher bandwidth, the need for more sophisticated security solutions is growing. This presentation will cover the differences between the classical look-aside security architecture and the in-line architecture, which can deliver higher performance. The presentation will also discuss SafeNet’s intellectual property and software for integration with ASICs and processors.

Securing the Keys to the Treasure: Keeping the Pirates at Bay
     Mike Borza, CTO, Elliptic Semiconductor

Sophisticated counterfeit operations cost network equipment manufacturers hundreds of millions of dollars in lost revenue every year. But by integrating identification and authentication (I&A) engines into network equipment, designers can now ensure that only factory-original boards, modules and systems are used by customers putting an end to the piracy. In this presentation, Elliptic will explore the security algorithms for I&A, typical core configurations, and a typical flow from processor bootstrap forward through provisioning.

Session 5: Future Directions for Network-Security Processing

This panel discussion will discuss long-term concerns such as: What security functions must be implemented throughout the network? What silicon products will be needed to perform these functions? How much performance will be required? What are the alternative approaches to integration of multiple functions?

Moderator: Bob Wheeler, The Linley Group
Panelists:   Geoff Waters, Freescale; Steve Singer, SafeNet; Rony Kay, cPacket Networks; Dave Finlay, Tarari; and Russell Dietz, Hifn