Ensigma offers a range of security solutions including basic building blocks (symmetric/asymmetric ciphers, authentication engines), high-performance protocol processing engines (for IPSec, MACSec, and SSL/DTLS offload) and Secure Infrastructure for SoCs. These solutions are designed for optimal power, performance and area, and are used at the heart of the network, to protect data from attack and enable secure communication.
- Ensigma Security solutions have been widely used by major vendors successfully over the years.
- Our highly integrated cost-effective line of high-speed security solutions help reduce time to market and overall risk while delivering high performance solutions.
Security Protocol Processing Engines
The OSI (Open Systems Interconnection) model defines a framework for implementing protocols in seven layers. Ensigma Security processing at the corresponding layers of the stack is depicted in the figure below. Ensigma’s protocol processing solutions address different markets such as mid-range to high end VPN/firewall appliances, SSL accelerators, secure Ethernet PHYs and Switches, and LTE base-stations up to multi-gigabit data rates.. The products are available in both flow-through and look-aside architectures. Our combo solutions such as the market leading unified security engine provides our customers with a single solution for incorporating both Layer 2 and Layer 3 Security into their products. Interoperability is a key metric, ensuring that different secure devices work together. Ensigma’s security solutions are proven in silicon and are interoperable with third party secure devices.
MAC (Layer 2) Security Protocol
MACSec defined by IEEE 802.1AE provides security at the MAC layer. This provides hop-to-hop Layer 2 security. The services provided by MACSec are confidentiality, integrity, and source authentication. MACSec is used to secure LANs from the attacks of passive wiretapping, impersonation, and replay attacks. MACsec can also be used to protect non-IP networks. IEEE802.1X defines the key management protocol for MACSec enabled devices.
Our Cryptographic solutions include both symmetric and asymmetric ciphers. Some of the applications that use these include IPSec, SSL/TLS, WLAN WEP WPA, networking and storage systems.
Symmetric algorithms (also called private key) use the same shared secret key for both encrypting and decrypting data. These engines are available either in flow-through or look-aside architectures.
Asymmetric Ciphers (also called Public Key) use two different keys, one for encrypting and one for decrypting. A public key is published to anyone who wants to send a message and a Private/Secret key so that only the intended receiver can decipher the contents.
Our Hardware IP Engines offload computationally intensive portions of the Public Key Ciphers. This reduces the load on the Host and provides significant performance improvements. These are generally used to support public key negotiations and digital signature schemes.
Public Key Accelerator
- Support calculations of complex operations in RSA (Rivest, Shamir, Adelman), DSA (Digital Signature Algorithm), DH (Diffie-Hellman) asymmetric algorithms
- Offload a number of complex mathematical operations such as point multiplication in ECC (Elliptic Curve Cryptography).
IP (Layer 3) Security Protocol
IPSec (IP Security) provides security at the network layer. This uses two protocols Authentication Header (AH) and Encapsulating Security Payload (ESP). AH provides proof-of-data origin on received packets, data integrity, and anti-replay protection. ESP provides all that AH provides in addition to data confidentiality. Internet Key Exchange (IKE) is defined as the Cryptographic key management protocol and is used to setup environment for AH and ESP services by negotiating connection parameters.
Hashing engines are used to provide the Data Integrity and Source Authentication features. The engines take configured length of the data and produce a fixed size Message Digest or Message Authentication Code (MAC).
- Supports MD5, SHA1, SHA256, and SHA 512 Algorithms.
- HMAC (Hash Message Authentication Code) for all Authentication Engines.
- HMAC-SHA-1 and HMAC-MD5 are used in IPSec and SSL/TLS protocols.
- Wireless crypto Authentication with SNOW-3G, Kasumi, ZUC
True Random Number Generator
All the cryptographic algorithms or protocols require random numbers. Random numbers are needed to generate the symmetric keys, public/private key pairs, the Initial Vector (IV), etc. Ensigma provides a true random number generator (TRNG) using a non-deterministic source (thermal noise) to enable the complete randomness.