Broadcom, nCipher team on network security

posted onSeptember 25, 2001
by hitbsecnews

SAN MATEO, Calif. — Security hardware vendor nCipher plc has struck a long-term partnership with networking-silicon giant Broadcom Corp., giving both companies greater access to customers looking to increase their network encryption security technology.

Broadcom will deliver chips to nCipher for inclusion in the English company's security modules. Broadcom will then market the completed component to its networking OEM customers.

NCipher's security modules, which are used either within Web servers or attached to them, are intended to better protect the keys used to encrypt or decrypt traffic. Vice president of marketing Richard Moulds said that the keys used as the basis for encryption algorithms are often stored on servers, within main memory, where they are not as secure as a dedicated box whose only function is to protect the key.

"If a key is just stored in main memory, there are plenty of scripts that can be used to access it," Moulds said. "And the bad guys can do all sorts of bad stuff if the right keys are stolen. You can encrypt your key, and then encrypt the key that was used for that encryption, and so on, but at the end of the chain you are going to have a key that is not encrypted, and it should never be left on a server."

Instead, he said security modules such as nCipher's products can be installed in a system through a PCMCIA slot or attached externally through a SCSI connection. Covered in a hardened epoxy resin, the nCipher modules resist both physical tampering and computer hacking, Moulds said, primarily because they are dedicated to the single function of storing encryption keys.

"They have a very limited operating system, unlike servers, so they don't support commands such as 'give me the key,' " said Moulds. "You can't get the key out of our box."

Encryption keys are used to make connections to Web sites secure, which is critical for financial transactions and e-commerce. Generally, they use the secure socket layer (SSL) format. Broadcom entered the SSL market in January 2000, with its acquisition of SSL acceleration-chip vendor Blue Steel. With the volume of SSL traffic increasing, many networking vendors see the SSL function moving off the server and onto a dedicated box. However, those boxes must be able to work very quickly, or they become a choke point for network traffic.

"We see encryption as fairly important, and so do our customers," said Gary McCulley, product-line manager for Broadcom (Irvine, Calif.). "The trend that we see is that more traffic on the Web will be encrypted."

McCulley said that some estimates now show about 40 to 50 percent of all Web traffic is encrypted, but some predictions suggest that all traffic could be encrypted within four to five years — assuming the systems are fast enough and cheap enough. "As performance improves, encryption will become less cumbersome," he said.

Under the agreement between nCipher and Broadcom, nCipher will manufacture its security modules using Broadcom's SSL encryption accelerator chips. Broadcom will then sell those modules to OEMs as part of its marketing efforts to sell its other networking devices. NCipher will continue to sell the modules to end users, just as it does now.

Although Broadcom has been notable in the past few years for buying up most of the companies it has worked with, and it has spent several billion dollars increasing its presence at almost all levels of networking, McCulley said the company was not interested in acquiring nCipher.

"Our currency is kind of depressed right now," he said, referring to Broadcom's stock price. All of the company's acquisitions have been stock swaps, and even though nCipher is not huge — total revenue last year was in the $20 million range — he said there was never any discussion of buying the company outright.

Charles Kolodgy, research manager for International Data Corp., said that such a deal would not really fit, because nCipher is not a chip vendor. "It doesn't really advance Broadcom's core mission of selling semiconductors," he pointed out.

Kolodgy said that the security market is fairly strong these days, despite the general downturn in the economy, and that it will probably see even more activity in the near future because of the terrorist attacks on the World Trade Center and the Pentagon.

"Many security products are seen as mission critical, and some are required to meet regulatory approval," he noted. "A strong business case can be made that the deployment of security technology can lead to cost savings. And that trend will likely be exacerbated by the attacks."

Security at home

Despite the economic funk of this year — and the very real possibility that the recent attacks will push the U.S. economy into an outright recession — Kolodgy predicted that the security hardware and silicon markets will see some amount of growth over last year.

In fact, he said, the attacks may lead the average consumer to stay home more and travel less, leading to a push to make sure the home is safe. "My personal feeling is that there will be a greater sense of 'my home is my castle,' and people are going to want more security systems," Kolodgy said.

EE Times.

Source

Tags

Networking

You May Also Like

Other Articles In This Section

Recent News

Tuesday, July 9th

China's APT40 gang is ready to attack vulns within hours or days of public release
AI-Powered Super Soldiers Are More Than Just a Pipe Dream
The president ordered a board to probe a massive Russian cyberattack. It never did.
Massive car dealer ransom attack is mostly over after 2 weeks of work-arounds

Wednesday, July 3rd

“RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux
Two of the German military’s new spy satellites appear to have failed in orbit

Friday, June 28th

Indonesian Airports, Data Centres Hit By Worst Cyberattack in Years
Cisco Talos warns of wider security implications following Snowflake breach

Thursday, June 27th

I Wore Meta Ray-Bans in Montreal to Test Their AI Translation Skills. It Did Not Go Well
Researchers upend AI status quo by eliminating matrix multiplication in LLMs
YouTube tries convincing record labels to license music for AI song generator
Critical MOVEit vulnerability puts huge swaths of the Internet at severe risk
Julian Assange to plead guilty but is going home after long extradition fight

Thursday, June 13th

Hackers show off jailbroken checkm8-vulnerable iPad and Apple TV running iPadOS 18 & tvOS 18 respectively
One of the major sellers of detailed driver behavioral data is shutting down
Turkish student creates custom AI device for cheating university exam, gets arrested

Wednesday, June 12th

Chinese-Made Biometric Access System Has 24 Vulnerabilities
Apple and OpenAI currently have the most misunderstood partnership in tech
Adobe to update vague AI terms after users threaten to cancel subscriptions
China state hackers infected 20,000 Fortinet VPNs

Tuesday, June 11th

Russia Is Targeting Germany With Fake Information as Europe Votes
Apple announces macOS 15 Sequoia with window tiling, iPhone mirroring, and more
Apple integrates ChatGPT into Siri, iOS, and macOS
British police to scan 480,000 Formula 1 fans’ faces at Silverstone
Hackers steal “significant volume” of data from hundreds of Snowflake customers

Friday, June 7th

7,000 LockBit decryption keys now in the hands of the FBI, offering victims hope
FCC pushes ISPs to fix security flaws in Internet routing
Can a technology called RAG keep AI models from making stuff up?
How to Lead an Army of Digital Sleuths in the Age of AI

Thursday, June 6th

Mystery object waits nearly an hour between radio bursts
Apple refused to pay bug bounty to Russian cybersecurity firm Kaspersky Lab
Ex-Microsoft security expert torches Windows' new 'Recall' feature
The Age of the Drone Police Is Here

Wednesday, June 5th

Ukrainian Systems Hit by Cobalt Strike Via a Malicious Excel File
TikTok Hack Targets ‘High-Profile’ Users via DMs