Multi-channel AES-256/128 Security Core
Overview
ViaSat’s Multi-channel 100G Security IP core enables high-speed chip and systems designers to incorporate comprehensive high-grade security into their products with minimal integration effort. ViaSat’s core is much more than just an “AES algorithm” core; it is a complete Security System Core. The core includes a comprehensive set of already-integrated security functions which can be dropped into a customer’s FPGA or ASIC design. As the core includes all the security functions, no security expertise is required of the systems integrator.
Key Features
- Data Interface
- 80 channel x 1.33Gbps (106Gbps aggregate)
- Overhead
- Single byte per frame (crypto overhead channel)
- Algorithm & Mode
- AES-256/128 encryption/decryption using counter mode
- Cryptographic Synchronization
- Automatically established after 1 complete cryptographic frame (8 frames = 1 cryptographic frame)
- 80 Fully independent channels
- Each channel may have different TEK, cryptographic state, & peer authentication KEK
- Integrated Key Management
- Traffic Encryption Keys (TEKs) generated using built-in non-deterministic random number generator.
- Secure Key exchange/distribution using AES key wrap.
- Integrated peer-to-peer Authentication (Shared Secret Symmetric Cryptography)
- Peers automatically authenticate each other immediately after the cryptographic overhead channel is established.
- After an upset event (like power loss), authentication is automatically re-established.
- Automatic key-rollover & TEK generation
- New random keys are generated automatically prior to crypto-midnight, and securely exchanged using the crypto overhead channel.
- TEK Roll-over is seamless & transparent to data channel (no lost data before, during, or after TEK roll-over)
- Controlled Cryptographic Bypass for non-encrypted frame data (overhead bytes).
Block Diagram
