top of page

SAFEblade 1100 Solution

FRONT UNIT OUT_edited.png

The Sitehop SAFEblade Solution is an easy-to-use hardware-enforced high-security device that sits on the edge of a network.

 

With the lowest encryption latency (delay) available on the market, the SAFEblade 1100 is orders of magnitude quicker than the competition.  

 

Most (if not all) hacks are software based. User data passing through the SAFEblade never enter the software, instead, it passes through a series of custom-designed hardware devices on a single chip.

 

Communication to and from the hardware is strictly controlled. This means that a hacker's attack profile is extremely small and that the throughput time of the device (latency) is as low as possible. 

 

The Sitehop SAFEblade 1100 is a 100Gbps module card with sub 1us encryption/decryption latency.  

·       >4000 concurrent IPsec tunnels 

·       AES-256-GCM Encryption 

·       Low power, 40W 

 

Sitehop’s unique selling point is in the firmware that defines the programmable hardware. Two SAFEblade 1100 modules can be mounted in a SAFEcore 1000 1U rack unit which has dual redundant power supplies. These modules do not rely on existing routing servers for any processing which makes it highly scalable. 

Ultra-low-latency

Encryption and Decryption are measured in nanoseconds
(one-billionth of a second)

Easy to Use

Designed to be Plug-and-Play

Follow a few simple steps and Quantum resistant security is active

Scalability

Thousands of Secure Connections per subscription

100% self-contained hardware encryption can be stacked to increase throughput – SAME LOW LATENCY

Save Energy

Save Costs

Each SAFEblade 1100 saves up to 90% energy costs compared to comparable software-only solutions for encryption and security services

Additional
SAFEblade 1100 Features

Quantum Resistant

New security algorithms can be deployed via secure remote updates to Sitehop's hardware. AES-256 is virtually impenetrable using brute-force methods. While a 56-bit DES key can be cracked in less than a day, AES 256 would take trillions of years to break using current computing technology. Quantum Resistant Cryptology Assuming all goes well to overcome the issues in Quantum computing and the rate of progress continues exponentially it will still be over a hundred years before a quantum computer could be built that would be capable of cracking AES 256 in less than a year.

100Gbps

The Sitehop SAFEblade 1100 is a high-performance FPGA card intended for 100 Gigabit Ethernet Low-Latency Encrypted tunnels via its dual QSFP28 slots. It uses cutting-edge FPGA technology to add real-time line-rate performance to your application and offloads the data path for speed, latency and security with zero CPU load. Thousands of secure IPSec data path connections are measured in nanoseconds, regardless of packet size.

Secure Certificates

A private key certificate, also known as a digital certificate or identity certificate, is a type of certificate that contains information about an individual or organization and their private key. The certificate is typically issued by a trusted third party, known as a certificate authority (CA), and is used to verify the identity of the individual or organization and to establish secure connections. A private key certificate contains the following information: •The identity of the individual or organization •The public key of the individual or organization •The digital signature of the certificate authority (CA) to verify the authenticity of the certificate •An expiration date, after which the certificate is no longer considered valid The private key is used to encrypt data, and the certificate is used to verify the authenticity of the private key and the identity of the owner. When a client wants to establish a secure connection with a server, it requests the server's certificate, and the client's software can verify the authenticity of the certificate and the server's identity by checking the digital signature of the certificate authority (CA). The client then uses the server's public key to establish a secure connection. It’s worth noting that private key certificates are different from public key certificates, which are used for encryption, but don't contain private keys.

Small Packet Size Performance

Sub 1us latency for small packet performance.

Sitehop’s proprietary algorithm Small packet size can negatively impact the performance of encryption because it increases the overhead of the encryption process. When the packet size is small, the ratio of overhead (e.g. header information, padding, etc.) to data payload increases, which can decrease the overall efficiency of the encryption process. Additionally, small packet sizes can also increase the likelihood of packet fragmentation, which can further decrease performance.

Rest API

Easily integrate the features of the NMS into your system.

There are multiple ways to use Sitehop’s NMS: Cloud deployment, local deployment or by using our custom RestAPI. The Rest API comes complete with full documentation for further ease of use.

100% Encryption Offload

Enable your existing hardware to focus on what it does best by offloading encryption.

Many devices slow down when encryption is enabled. Sitehop’s encryption solution sits at the edge of your network as a “bump-in-the-line” that enables 100% encryption offload – and it does it at 10% power usage.

High Security

Most (if not all) hacks are software based. The Sitehop SAFEblade 1100 user data is never in software, it passes through a series of custom designed hardware devices on a single chip. Communication to-and-from the hardware is strictly controlled. The hacker attack profile is extremely small, and that the throughput time of the device (latency) is as short as possible. Sitehop SAFEblade 1100 encryption keys are held by the user/company, not third-party companies. Protected programmable hardware is used to increase security over alternative software solutions, by reducing the attack surface and making them much harder for cyber criminals to compromise. The SAFEblade 1100 is designed so that the Encapsulated Security Payload (ESP - the user data) never leaves the hardware so it is never in software. The SAFEblade 1100 utilizes high grade cryptography (AES-256-GCM) to keep the ESP data secure. CRYPTOGRAPHY Sitehop uses AES-256-GCM encryption, implemented completely in the FPGA chip. AES-GCM is carried out with the key-length of 256-bit is suitable to perform at high speed of electronic applications in term of security. Advanced Encryption Standard with Galois Counter Mode (AES-GCM) is introduced by United States of America National Institute for Standard and Technology (NIST). AES-256 is 340 billion-billion-billion-billion times harder to brute force than AES-128. To put this into perspective, the universe is 14 billion years old. It is therefore SAFE100 to say that even at its lower bit sizes, AES is highly resistant to brute force attacks from conventional computers. One of the company’s unique selling points is that all the encryption and VPN functions are performed 100% in the FPGA chip. This is significant because this approach greatly reduces the attack plane for intrusion. Software gets hacked by finding exploits. The hardware is designed for a very specific task.

1Tbps

World's first 1 Terabit per second encryption.

Sitehop is bringing to market the cybersecurity industry's first 1Tbps Enterprise VPN with extremely low power consumption, ultra-low-latency and defence grade security for datacentres and large company infrastructure. Sitehop SAFEblades can be synchronously linked to provide 1Tbps of secure data throughput whilst maintaining the sub 1us latency. Add real-time line-rate performance to your application. Offload the data path for speed, latency, and security, with zero CPU load. Thousands of secure IPSec data path connections are measured in nanoseconds, regardless of packet size.

4000 secure connections

Aggregation. IoT. Mass data connections.

Over 4000 secure concurrent connections with every subscription.

Multiple configurations, one device

Point to point, Site to Site PTMP, Site to Multi-Site Mesh, Multi-Site to Multi-Site

IPsec compatible

Communicate with other IPsec devices. Easy to phase into your network.

The SAFEblade 1100 communicates using the IPSec protocol. It communicates with any other IPsec device, which makes it easy to phase into your network. IPSec is made of 2 parts: 1.the configuration and 2.the data for the connection. The configuration is set up using IKE-V2 which is running in the software on the FPGA chip. But the software has message filters (implemented in firmware) so only allowed messages can pass in and out, which are FPGA enforced. The data is made up of ESP packets which are most of the packets running through the VPN. These ESP packets cannot get to the software and are only processed in the firmware. Since the data path is not running on software and the allowed messages in and out of software are highly limited there is very little for a hacker to attack. Most software hacks involve running some sort of exploit on the processor to allow malicious code to be run, this will not happen on the SAFEblade 1100 for the above reasons.

Hardware enforced security

Hardware Enforced Security.

Secure programmable Hardware useful to businesses because they can be dynamically reprogrammed with a data path that exactly matches a specific workload, like data analytics, image inference, encryption, or compression. Our optimized designs are also more power-efficient than running equivalent workloads on a CPU. HARDWARE-ENFORCED SECURITY The foundation of our product line is in the firmware that runs in the programmable hardware. The Sitehop's unique features are a result of implementation. • Every stage is designed from first principles • Sitehop testing is continuous, comprehensive, and cutting-edge Guarantees and fundamental assurances are rare in cybersecurity. The goal is to find the solution that offers the lowest risk of compromise compared to other solutions. hardware-based security reduces security risk to the lowest possible level and gives organizations a high degree of confidence that their components cannot perform any functions other than the ones they were designed to perform. Nothing can eliminate all cybersecurity risk; however, the addition of hardware security technology can turn previously vulnerable spots into the strongest points in a network and dramatically reduce an organization’s attack surface. Protected programmable hardware is used to increase security over alternatives, by reducing the attack surface and making them much harder for cyber criminals to compromise. The SAFEblade 1100 is designed so that the Encapsulated Security Payload (ESP - the user data) never leaves the chip and is never in software. The SAFEblade 1100 utilises high grade cryptography (AES-256-GCM) to keep the ESP data secure. • Programmable hardware is useful to businesses because it can be dynamically reprogrammed with a data path that exactly matches a specific workload, like data analytics, image inference, encryption, or compression. Optimized designs are also more power-efficient than running equivalent workloads on a CPU. •One of the most important things to understand about our programmable hardware is how it relates to the CPUs and GPUs that most people are used to working with. CPUs and GPUs are instruction-based architectures. They’re general purpose – which is what makes them easier to attack via software-based methods.
bottom of page