home products company partners clients news careers contact us
optical network encryption

Optical Networking
security

Overview

Including security at optical line rates was once considered a luxury, but is now becoming an essential feature. Helion developed the world's first FPGA-based 10Gbps encryption engine back in 2004, and since then has been refining its high rate solutions so as to make them easier to deploy and more efficient in terms of resource and power utilisation.

The optical networking standards do not include specifics on how to encrypt the payload data (OPU) being carried. Since properly designed encryption has various requirements and overheads, these must be accomodated within the limits of the network. Helion has developed a methodology for supporting this, making deployment much more straightforward than it otherwise might be.

Helion Optical Networking security solutions

As part of a wider range of high-rate encryption solutions, the Helion 10Gbps "Optical" AES-GCM Encryption IP Core is ideal for those customers looking to add encryption to optical transport networks, for example OTN2 or SONET/SDH for OC-192 line rates.

A Choice of Two
This core is available in two versions, each with a 64-bit data interface:

  • A generic core, where proprietary encapsulation, non-standard line rates, and the overhead may be freely chosen to suit both the encryption and other application requirements. There is considerable flexibility in the frame format provided the encryption timings are met. The maximum line data rate supported is typically in the range 10Gbps to 16Gbps.

  • An OTU2 core, using the G.709 OTU2 frame format, which assumes it is possible to "steal" both unused and reserved frame overhead for the necessary encryption overhead. Some flexibility in the overhead locations used, and further customisation of this core, is possible to suit the specific customer application.

What modes do these cores support?
Both solutions integrate together all of the AES and GHASH functions required to perform bulk encryption on the client payload. They offer a choice of confidentiality only (AES-CTR mode), authentication only (GMAC mode), or both together (full AES-GCM). At the application frame level, the cores also include IV generation and insertion, and MIC insertion and checking. The encrypt and decrypt modules are distinct but very similar, differing only in the details of the top level IV and MIC handling.

Supported Technologies
This AES-GCM core is available for most high performance FPGA technologies, and also ASIC. The interfaces are designed to allow simple connection into an optical networking datapath, processing one 64-bit word per clock for nominal 10Gbps operation. However, it is capable of supporting up to 16Gbps in many FPGA technologies using higher clock rates; in the range 156 to 250MHz is typical.

What about Higher Rates?
For higher rate support (OTU3 and OTU4 rates) please contact Helion for more information.

Measured Area and Performance
AES-GCM core - OTU2 version
Encrypt or Decrypt direction - both are similar

TARGET MAX CORE CLOCK AREA
Altera Arria V GZ (C4) 312MHz 12,100 ALMs
Altera Arria V GZ (C3) 333MHz 12,100 ALMs
Altera Stratix V (C2) 370MHz 12,100 ALMs
Altera Stratix V (C1) 380MHz 12,100 ALMs
Xilinx Virtex-6 (-1) 233MHz 5,200 slices
Xilinx Virtex-6 (-2) 270MHz 5,200 slices
Xilinx Virtex-6 (-3) 312MHz 5,200 slices
Xilinx Virtex-7 (-1) 312MHz 5,500 slices
Xilinx Virtex-7 (-2) 370MHz 5,500 slices
Xilinx Virtex-7 (-3) 400MHz 5,500 slices

Note 1: A minimum clock rate of 167.33MHz is required to support OTU2 rates with the above core, but any rate between this and the maximum quoted may be used for convenience.

Note 2: The above figures are quoted for the OTU2 version of the core; the more generic core is similar, and typically a few percent smaller. Please contact Helion for specific data on this.

Contact

For more detailed information on this or any of our other products and services, please feel free to email us at helioncores@heliontech.com and we will be pleased to discuss how we can assist with your individual requirements.


Copyright © Helion Technology Limited, 1998-2014. All rights reserved. Privacy and Cookies
Web Site Developed by Goldstag Limited