High performance networks (gigabit and beyond) to support new usage models and services such as voice, video and data, present new challenges in the area of security. The need to protect data in transit for confidentiality and integrity is important, but supporting high speed cryptographic operations for all secured connections terminating at a server is expensive on high performance links. The storage required to maintain all of the security associations and cryptographic keys adds to the expense.
Secure connection setup overhead degrades user experience and creates Denial-of-Service (DoS) opportunities, especially where computationally expensive asymmetric cryptographic operations are employed (e.g. RSA or Diffie-Hellman).
Within an enterprise, end-to-end security prevents IT (Information Technology) monitoring devices and IDS/IPS (Intrusion Detection Systems/Intrusion Prevention Systems) from performing their respective functions, as the encrypted data is inaccessible to the monitoring devices.
Security protocols such as IPsec (Internet Protocol Security) and TLS (Transport Layer Security) provide authentication and privacy of communications over the network. Yet, at least partly due to the challenges presented above, support for and use of such security protocols has been less than pervasive. Thus the security solutions that will address these challenges, especially in future high performance networks, have not been fully explored.