{"id":1918,"date":"2010-09-30T12:58:31","date_gmt":"2010-09-30T12:58:31","guid":{"rendered":"http:\/\/www.coresecuritypatterns.com\/blogs\/?p=1918"},"modified":"2020-08-08T04:23:10","modified_gmt":"2020-08-08T04:23:10","slug":"hardware-assisted-security-cryptographic-acceleration-for-soa-and-java-ee-applications","status":"publish","type":"post","link":"https:\/\/websecuritypatterns.com\/blogs\/2010\/09\/30\/hardware-assisted-security-cryptographic-acceleration-for-soa-and-java-ee-applications\/","title":{"rendered":"Hardware Assisted Security: Cryptographic Acceleration for SOA and Java EE applications"},"content":{"rendered":"

I’ve spent the last few days attending Oracle OpenWorld conference at San Francisco..it is my second OOW experience, so it is not a surprise to see the conference was fully packed with people, hundreds of sessions and demos – I did have an opportunity to attend few and also present two sessions focused on Security topics featuring “Hardware Assisted Security Solution for SOA, XML Web Services and Java EE applications” – showcasing how “Hardware and Software Engineered together”.<\/p>\n

\"\"<\/a>During the conference, John Fowler – Oracle EVP, Systems announced the industry’s first 16 core processor introducing new SPARC T3 systems with integrated security and virtualization capabilities. Each SPARC T3 processor features 16 on-chip cryptographic accelerators that deliver cryptographic operations running in parallel at CPU speeds and offloading compute-intensive cryptographic functions from software – thus eliminating the need for additional special-purpose cryptographic accelerators such as PCIe cards or network appliances. The cryptographic operation offload and acceleration is accomplished using dedicated cryptographic accelerator drivers, called the Niagara Crypto Provider (NCP), Niagara 2 Crypto Provider (N2CP) and Niagara 2 Random Number Generator (N2RNG). In practice, the NCP and N2CP accelerators uses the Oracle Solaris Cryptographic Framework for enabling user-level applications to off-load cryptographic operations via PKCS#11 standard interfaces and take advantage of NCP and N2CP based on-chip cryptographic acceleration. The current UltraSPARC T3 processors provide acceleration support for public-key encryption mechanisms including RSA, DSA, DH and ECC algorithms,  symmetric key-based encryption amechanisms including DES, 3DES, AES and Kasumi algorthms and Message disgest\/hashing mechanisms MD5, SHA1, SHA-256 and SHA-512 algorithms. The Solaris Cryptographic Framework (SCF) library plays a vital role for providing applications access to NCP and N2CP accelerators through a set of cryptographic services for kernel-level and user-level consumers. Using PKCS#11 interfaces of Solaris Cryptographic Framework, SOA and Java EE Applications (ex. Oracle Fusion Middleware, WebLogic, Glassfish, JBoss, Websphere)  can take advantage of NCP and N2CP based cryptography acceleration (Refer figure).<\/p>\n

\"\"<\/a>

Hardware Assisted Cryptographic Acceleration using Solaris on UltraSPARC T3 Servers<\/p><\/div>\n

Cryptographic Acceleration for SOA and Java EE Security<\/h2>\n

Both SOA\/XML Web services and Java EE based applications can significantly gain on security performance by offloading and delegating their cryptographic operations to the on-chip cryptographic accelerators of Oracle SPARC Enterprise T-Series servers.<\/p>\n

Applied Security Mechanisms and Usage Scenarios<\/h3>\n

To enhance security performance, both the Oracle WebLogic server and Oracle WSM secured applications can offload select cryptographic operations to address the following security scenarios.<\/p>\n