First announced by the NSA in 2005, Suite B cryptography is built on the Advanced Encryption Standard (AES) with 256-bit keys and Elliptic Curve Public Key Cryptography using the 384-bit prime modulus elliptic curve as specified in FIPS PUB 186-3 and SHA-384, and includes cryptographic algorithms for key exchange, digital signatures and hashing (Suite B Implementers' Guide to FIPS 186-3 (ECDSA), February 2010). Cisco says Suite B is pretty much restricted to government customers, but SHA-2 appeals to the commercial market, with growing interest from service providers. The company says the next-generation encryption (NGE) technologies are required because existing methods like RSA signatures and DH key exchange are increasingly inefficient as security levels rise, and CBC encryption performs poorly at high data rates.
Provided the module performs as advertised, it should enable Cisco to increase its market share in both the federal and enterprise markets, says networking analyst Nick Lippis, Lippis Enterprises. "The barrier of entry into branch office networking just got higher with this addition to the ISR G2. Cisco holds its lead and picks up some share."
In a report on the new offering, Lippis says that the ISR G2’s routing security portfolio is second to none, literally, and Cisco’s 70.3% market share is indicative of the market’s acceptance of this fact. "The previous G1 ISR was equipped with a VPN accelerator module, and many Cisco customers have been waiting for the same on the newer G2 platform. They need not wait any longer."
Suite B support is essential for being part of the U.S. federal government network, he says. "As Cisco’s VPN ISM supports Suite B in hardware, it’s highly likely that it’s the fastest implementation in the industry for IPSec applications, but this needs to be verified via independent lab performance test. Cisco claims that its VPN ISM support of Suite B is three to five times faster than its previous implementation."
See more on this topic by subscribing to Network Computing Pro Reports Security That Never Sleeps (subscription required).