New security algorithms can be deployed via secure remote updates to Sitehop's FPGA firmware. AES-256 is virtually impenetrable using brute-force methods. While a 56-bit DES key can be cracked in less than a day, AES 256 would take trillions of years to break using current computing technology. Quantum Resistant Cryptology Assuming all goes well to overcome the issues in Quantum computing and the rate of progress continues exponentially it will still be over a hundred years before a quantum computer could be built that would be capable of cracking AES 256 in less than a year.

The Sitehop SAFE100 is a high-performance FPGA card intended for 100 Gigabit Ethernet Low-Latency Encrypted tunnels via its dual QSFP28 slots. It uses cutting-edge FPGA technology to add real-time line-rate performance to your application and offloads the data path for speed, latency and security with zero CPU load. Thousands of secure IPSec data path connections are measured in nanoseconds, regardless of packet size.

A private key certificate, also known as a digital certificate or identity certificate, is a type of certificate that contains information about an individual or organization and their private key. The certificate is typically issued by a trusted third party, known as a certificate authority (CA), and is used to verify the identity of the individual or organization and to establish secure connections. A private key certificate contains the following information: •The identity of the individual or organization •The public key of the individual or organization •The digital signature of the certificate authority (CA) to verify the authenticity of the certificate •An expiration date, after which the certificate is no longer considered valid The private key is used to encrypt data, and the certificate is used to verify the authenticity of the private key and the identity of the owner. When a client wants to establish a secure connection with a server, it requests the server's certificate, and the client's software can verify the authenticity of the certificate and the server's identity by checking the digital signature of the certificate authority (CA). The client then uses the server's public key to establish a secure connection. It’s worth noting that private key certificates are different from public key certificates, which are used for encryption, but don't contain private keys.

Sitehop’s proprietary algorithm Small packet size can negatively impact the performance of encryption because it increases the overhead of the encryption process. When the packet size is small, the ratio of overhead (e.g. header information, padding, etc.) to data payload increases, which can decrease the overall efficiency of the encryption process. Additionally, small packet sizes can also increase the likelihood of packet fragmentation, which can further decrease performance.

There are multiple ways to use Sitehop’s NMS: Cloud deployment, local deployment or by using our custom RestAPI. The Rest API comes complete with full documentation for further ease of use.

Many devices slow down when encryption is enabled. Sitehop’s encryption solution sits at the edge of your network as a “bump-in-the-line” that enables 100% encryption offload – and it does it at 10% power usage.

Most (if not all) hacks are software based. The Sitehop SAFE100 user data is never in software, it passes through a series of custom designed hardware devices on a single chip. Communication to-and-from the hardware is strictly controlled. The hacker attack profile is extremely small, and that the throughput time of the device (latency) is as short as possible. Sitehop SAFE100 encryption keys are held by the user/company, not third-party companies. An FPGA is used to increase security over alternative software solutions, by reducing the attack surface and making them much harder for cyber criminals to compromise. The SAFE100 is designed so that the Encapsulated Security Payload (ESP - the user data) never leaves the FPGA so it is never in software. The SAFE100 utilizes high grade cryptography (AES-256-GCM) to keep the ESP data secure. CRYPTOGRAPHY Sitehop uses AES-256-GCM encryption, implemented completely in the FPGA chip. AES-GCM is carried out with the key-length of 256-bit is suitable to perform at high speed of electronic applications in term of security. Advanced Encryption Standard with Galois Counter Mode (AES-GCM) is introduced by United States of America National Institute for Standard and Technology (NIST). AES-256 is 340 billion-billion-billion-billion times harder to brute force than AES-128. To put this into perspective, the universe is 14 billion years old. It is therefore SAFE100 to say that even at its lower bit sizes, AES is highly resistant to brute force attacks from conventional computers. One of the company’s unique selling points is that all the encryption and VPN functions are performed 100% in the FPGA chip. This is significant because this approach greatly reduces the attack plane for intrusion. Software gets hacked by finding exploits. The FPGA firmware is defined to a very specific task.

Sitehop is bringing to market the cybersecurity industry's first 1Tbps Enterprise VPN with extremely low power consumption, ultra-low-latency and defence grade security for datacentres and large company infrastructure. The Sitehop SAFE1000 features ten of the 100G FPGA Cards in a 2U rack, providing 1Tbps of secure data throughput whilst maintaining the sub 1us latency. Add real-time line-rate performance to your application. Offload the data path for speed, latency, and security, with zero CPU load. Thousands of secure IPSec data path connections are measured in nanoseconds, regardless of packet size.

Over 4000 secure concurrent connections with every subscription.

Point to point, Site to Site PTMP, Site to Multi-Site Mesh, Multi-Site to Multi-Site

The SAFE100 communicates using the IPSec protocol. It communicates with any other IPsec device, which makes it easy to phase into your network. IPSec is made of 2 parts: 1.the configuration and 2.the data for the connection. The configuration is set up using IKE-V2 which is running in the software on the FPGA chip. But the software has message filters (implemented in firmware) so only allowed messages can pass in and out, which are FPGA enforced. The data is made up of ESP packets which are most of the packets running through the VPN. These ESP packets cannot get to the software and are only processed in the firmware. Since the data path is not running on software and the allowed messages in and out of software are highly limited there is very little for a hacker to attack. Most software hacks involve running some sort of exploit on the processor to allow malicious code to be run, this will not happen on the SAFE100 for the above reasons.

FPGAs are useful to businesses because they can be dynamically reprogrammed with a data path that exactly matches a specific workload, like data analytics, image inference, encryption, or compression. Optimized FPGAs are also more power-efficient than running equivalent workloads on a CPU. FPGA HARDWARE-ENFORCED SECURITY The foundation of our product line is in the firmware that runs the field programmable gate array (FPGA). The SAFE’s unique features are a result of implementation. •• Every stage is designed from first principles •• Sitehop testing is continuous, comprehensive, and cutting-edge Guarantees and fundamental assurances are rare in cybersecurity. The goal is to find the solution that offers the lowest risk of compromise compared to other solutions. FPGA-based security reduces security risk to the lowest possible level and gives organizations a high degree of confidence that their components cannot perform any functions other than the ones they were designed to perform. Nothing can eliminate all cybersecurity risk; however, the addition of hardware security technology can turn previously vulnerable spots into the strongest points in a network and dramatically reduce an organization’s attack surface. An FPGA is used to increase security over alternatives, by reducing the attack surface and making them much harder for cyber criminals to compromise. The SAFE100 is designed so that the Encapsulated Security Payload (ESP - the user data) never leaves the FPGA chip and is never in software. The SAFE100 utilises high grade cryptography (AES-256-GCM) to keep the ESP data secure. •FPGAs are useful to businesses because they can be dynamically reprogrammed with a data path that exactly matches a specific workload, like data analytics, image inference, encryption, or compression. Optimized FPGAs are also more power-efficient than running equivalent workloads on a CPU. •One of the most important things to understand about FPGA has to do with how it relates to the CPUs and GPUs that most people are used to working with. CPUs and GPUs are instruction-based architectures. They’re general purpose – which is what makes them easier to attack via software-based methods.