Chrysalis Semiconductor and PMC-Sierra Inc. have announced a joint effort designed to eliminate the time lag that comes with secure socket layer (SSL) web processing.
Under the agreement, Chrysalis Semiconductor, a unit of Ottawa-based Chrysalis-ITS Inc. and PMC-Sierra will work to integrate Chrysalis’s Luna 510 security processor and PMC-Sierra’s RM7000A MIPS-compatible processors. The resulting reference design and board, to be available by the fourth quarter of 2001, will aim to architect security into next generation service switches, said Chrysalis’s president and CEO Steve Baker.
“We intend to reduce bottleneck problems and to bring a much faster, much tighter integrated solution,” Baker said.
When a computer connection enters a secure Web site, a second, secure connection must be established using the secure socket layer (SSL) protocol. The CPU first retrieves encrypted data packets, then sends them, along with the decryption key, to a security chip, and finally, tells the router where to redirect the secure packet. This can result in a dramatic slowdown of the acting web switch. Web switches can perform around 100,000 (TCP/HTTP) unencrypted transactions per second, but current SSL processing reduces that number to 200-1,000 transactions per second, according to Chrysalis.
Baker said Chrysalis’s security chips are designed to obviate this slowdown. The 500 IC series chips, the series that includes the Luna, will be designed to handle 10,000 to 20,000 transactions per second. Combined with the PMC-Sierra RM7000A MIPS processor, a handful of 500 IC chips will bridge the gap between encrypted and unencrypted processing speeds, said Stephen Davis, chief architect for Chrysalis.
But Chrysalis chips will only reach their potential if they are able to talk with neighbouring chips in the system architecture. So Burnaby, B.C.-based PMC-Sierra and Chrysalis will also partner on the implementation of host and embedded software using PMC-Sierra’s RM7000A MIPS processor.
Still, Davis stressed the design will give an e-commerce site flexibility in the percentage of transactions that are encrypted. A bank Web site might want to encrypt 100 percent of its transactions, while an online book retailer may only need encryption for a small percentage of transactions.
Baker said the reference design will also eliminate the need for network equipment vendors to keep up with changes in security standards, algorithms and protocols. The vendors will need only to interface with Chrysalis security engines.
“Our customers are trying to build solutions that are easy to integrate,” Baker said. “We want to turn security processing into a routing decision. The complexity of what is going on under the hood need not be the problem of the system development company.”
Andy Kean, vice president of marketing for PMC-Sierra’s MIPS Processor Division, said only a small number of companies have genuine security expertise. The remaining majority, he said, could benefit from the coming PMC-Sierra-Chrysalis design.
“People are looking for this all-in-one, hardware-software function — cut this design out and paste it into their own,” Kean said. “It’s really a completed function that they can just add to.”
Kean added that while few companies have security expertise, nearly all need security.
“If you want to implement a virtual private network, you want secure transactions,” he said. “So security becomes really important.”
