The National Security Agency (NSA) in the United States mandates cryptographic algorithms in support of SECRET and TOP SECRET communications in government and military systems. By mandating the algorithms, the NSA encourages interoperability among departments in the United States but also with allies. Suite B includes the following algorithms:
As per CNSSP-15 (Committee on National Security Systems Policy 15) AES with either 128 or 256-bit keys and SHA-256 are specified to protect classified information up to the SECRET level. Protecting TOP SECRET information requires the use of 256-bit AES keys combined with SHA-384.
For asymmetric algorithms, the NSA has mandated the conversion of equipment to Elliptic Curve Cryptography (ECC). At the very high security level required for SECRET and TOP SECRET communications, an RSA key length of 4096 or 8192 would have been required and made the asymmetric algorithms very inefficient on all but the most powerful processors. Therefore, the much lighter ECC algorithm was chosen using the 256-bit prime modulus elliptic curve as specified in FIPS-186-2 for the protection of classified information up to the SECRET level. Use of the 384-bit prime modulus elliptic curve is required for the protection of TOP SECRET information.
Elliptic has both hardware and software solutions that are targeted specifically at Suite B. Elliptic also offers consulting services to help customer develop new products compliant with Suite B or adapting existing products to meet the standard. One of the key focus areas for Elliptic consulting is deciding what operations are done in software and what should be offloaded in hardware. Elliptic consultants can offer customers guidance on the most effective solution and can work with Ellipsys software which fully supports hardware engine integration in support of the final design agree with the customer.
Elliptic IP portfolio includes a selection of cores for Suite B applications for SoC/ASIC designs. It also includes Ellipsys Cryptography Middleware in support of Suite B. The middleware is split into symmetric algorithms such as AES and SHA, and the asymmetric ECC algorithms used for authentication and key exchange. The middleware is licensed as C source code.
Security Protocol Accelerators and Processors
- CLP-45: Configurable Look Aside AES Core
- CLP-300: RSA and Elliptic Curve Public Key Accelerator
- CLP-26: Hash Look Aside Core
- CLP-100: Hash Flow Through Core
Ellipsys Cryptography Middleware
A highly programmable and unique Security Protocol Accelerator specifically designed to efficiently process data for high capacity wireless and network applications. The engine is perfectly suited for applications that deal with multiple active connections and significant traffic load on different contexts, such as 4G LTE-Advanced wireless cellular base stations and femtocells.