IPSec

InterNiche IPSec provides the bulk encryption and authentication functionality of VPNs in a modular form that provides high performance integration with the underlying IPv4 or IPv6 protocol stack. Its packet classification engine permits export of the classification tree as an XML document for validation or optimization of embedded security policies.

IKE

InterNiche IKE is a complete implementation of the Internet Key Exchange protocol that has been based on the KAME project´s Racoon code-base. A significant number of improvements have been made to complete a commercial quality embedded implementation, including a messaging architecture used to communicate with IPSec, a shared database for security policies and a full configuration API.

Security Subsystem

IPSec and IKE performance is largely determined by the implementation of public key cryptography algorithms. InterNiche has architected a common CryptoEngine security subsystem for its products which offers a choice of optimized software implementations of required algorithms and easy integration with available HW encryption engines. Such HW engines provide significant performance improvements, especially on low power CPUs and are recommended for applications with high throughput requirements.

• High-performance packet classification engine
• Supports AH and ESP protocols
• Supports AES (128,192,256 bits), DES and 3DES encryption algorithms
• Supports MD5, SHA-1, SHA2 (256, 384 and 512 bits) digest algorithms
• Message based interface for Policy and SA management
• Asynchronous packet interface.
• Supports pre-shared keys and X.509 certificate based authentication (RSA and DSA signatures)
• Supports main mode, quick mode and aggressive modes
• Supports all well-known Diffie-Hellman groups for key exchange
• Simple cipher suite expansion through the CryptoEngine
• No "GPL Contamination"

Data Sheet