News

More performance and speed for IPSec processing

The leading innovator of strong cryptography products, SSH Communications Security, is to announce version 2.0 of the company's flagship product SSH IPSEC Express. The 2.0 upgrade of SSH IPSEC Express features a highly optimized data processing engine. SSH IPSEC Express's engine is now part of the operating system which improves the performance over ten times compared to earlier versions.
SSH IPSEC Express 2.0 is a sophisticated software system which provides privacy and authentication services by using strong, modern cryptographic methods. It allows a communications equipment vendor to outsource its development of cumbersome security functionality to experts. The SSH IPSEC Express provides confidentiality, origin authentication, connectionless integrity and anti-replay protection services to Internet traffic. The new engine of SSH IPSEC Express 2.0 is now part of the operating system 'kernel' which results in greatly improved performance.

"Compared to competing products, the technical excellence of SSH IPSEC Express toolkit is indisputable. The product includes technical solutions not found in any other implementation. It is the most complete product of its kind on the market and that is why it was awarded the European IT Prize in 1998", said Tatu Ylönen, CEO of SSH Communications Security.

Extreme cryptography development

The SSH IPSEC Express 2.0 uses one of the newest and strongest standard-compliant cryptography. The solution supports e.g. Blowfish algorithm which was developed by Bruce Schneider to provide security similar to DES but, with greater speed and efficiency in software. SSH IPSEC Express 2.0 allows the use of strong cryptography world-wide.

"The programming code is of very high quality. It is easy to read, understand, and compile. It is easy to integrate into customer's own products and it gives control and freedom of application innovation to the customer", said Tatu Ylönen.

Portable to any platform

SSH IPSEC Express 2.0 is distributed as source code, which is platform independent. There are only a few components which are platform dependent and need to be ported to different platforms. These modules are carefully identified and separated from the rest of the code and well-defined APIs are defined to platform-specific code.

SSH IPSEC Express 2.0 is designed to be easily portable to almost any platform and operating system, including both general purpose and embedded operating systems. The native out-of-the box support now includes also Windows 95 platform along with the earlier NetBSD, Solaris and Windows NT platforms.

SSH IPSEC Express 2.0 also includes all the modules that are required for implementing IPSEC functionality. These include policy management, certificate management, X.509v3 certificate and revocation list processing, LDAP, and cryptographic libraries. There are no hidden royalties from required proprietary components.

The SSH architecture implements a very fast packet filtering firewall. Access control lists allow very complex filtering rules to be used even in busy routers.

Tested for interoperability

The SSH IPSEC implementation has been tested for interoperability with related products of all major vendors involved in IPSEC development. Since 1997, SSH has been successfully running the IKE (or ISAKMP/Oakley) interoperability testing site http://isakmp-test.ssh.fi/ . This was the first publicly available IKE interoperability testing site, and established the SSH implementation as the compatibility standard.

The SSH IPSEC Express 2.0 conforms to all relevant official and industry standards. Relevant standards include IETF IPSEC standards, ISO X.509 version 3, RSA Laboratories PKCS-1, PKCS-10, NIST Digital Signature Standard DSS (FIPS PUB 186 ), NIST Data Encryption Standard DES (FIPS PUB 46-1), and the ANSI C standard.

SSH Communications Security is committed to providing maintenance and staying at the forefront of IPSEC technology for years to come. Documentation and technical support are important parts of this commitment.

"Any organization developing the technology themselves would have to maintain a group of several people to keep up with the development of technology. Continued maintenance and speed of response is critically important in security technology", explained Tatu Ylönen.

© 2002 SSH Communications Security Corp. All rights reserved. ssh® is a registered trademark of SSH Communications Security Corp in the United States and in certain other jurisdictions. All other names and marks are property of their respective owners.