SSH and Celotek Partner for High-Bandwidth Encryption
SSH Communications Security Ltd. and Celotek Corp. are partnering to integrate Celotek’s IPSec adapters with SSH’s IPSec Express Toolkit. The software and hardware combination creates an integrated system for network security.
SSH (www.ssh.com) created IPSec Express Toolkit for packet encryption. It has been used by a variety of hardware manufacturers. In the past, Celotek (www.celotek.com) focused on creating hardware for accelerating ATM encryption, but has now moved into the IPSec field.
Through this new partnership, Celotek’s future IPSec adapters will take advantage of APIs in SSH’s IPSec Express Toolkit, enabling the encryption protocols to be processed on the adapter. "You can just take their software, then slap it on the hardware," says Jeff Wilson, director of access programs at Infonetics Research inc. (www.infonetics.com).
The adapters will support Internet Key Exchange (IKE) protocols. These protocols are standards for exchanging the numerical keys for encrypting and decrypting data between client and host.
Currently, IPSec requires a battery of encryption adapters on the server to send encrypted packets out to individual machines. Each adapter isolates transmissions from a cloud of data packets. "This enables a managed-in-the-cloud VPN service," Wilson says.
Virtual private networks (VPNs) and other secure networks restrict access to only authorized users, but once a user accesses a network, the data there is often available to all. Unintended users on the network using packet sniffers or other utilities can intercept critical transfers. VPNs, which use the Internet expose this data to anyone on the Internet.
Encryption prevents rogue users from intercepting data by garbling information and rendering it unreadable. IPSec is an industry standard for packet encryption.
This security comes at a cost. Sending and receiving encrypted data requires complex algorithms to encode and decode the data. Software encryption, running on the main processor, taxes computer performance and slows down the overall operation. In the case of a VPN, which often runs on slower network connections, the result can be crippling.
The IPSec solution consists of a server component and a client component. Celotek focuses on the server component, which provides massive amounts of encrypted throughput, reaching transmission rates up to 4.8 Gbps. Wilson says he is unaware of other companies attempting transmission rates on this scale. "Most adapters are at 100 Mbps right now," he explains.
The IPSec solution is aimed at two types of environments: site-to-site users and remote users. Site-to-site implementations allow offices separated by geography to conduct internal business over the Internet, without loss of security. Remote use, such as VPNs, let single users in the field to conduct business over the Internet without fear of interception.
Jim Kristof, director and co-architect of IP at Celotek, contrasts use of the Internet by distance users with the older practice of leasing dedicated phonelines. Using these adapters in conjunction with the Internet is a more cost effective solution.
High throughput also enables encryption of bandwidth-heavy items such as IP telephony and videoconferencing.
In addition, the adapters can be directly monitored through SSH’s management interface, allowing users and administrators to keep tabs on the security and performance of their network.