Marvell Ups LiquidSecurity ECC Speed
Seven years after releasing LiquidSecurity, Marvell has unveiled a second-generation PCIe card that increases RSA throughput by 20% and ECC throughput tenfold.
Having encrypted important data, IT managers now have the same question as Roman poet Juvenal: “Quis custodiet ipsos custodes?” (Who guards the guards?) Put another way: how do we protect encryption keys? To meet this challenge, many an IT manager employs a hardware security module (HSM), a machine for controlling and storing cryptographic keys.
Shipping in volume since September, Marvell’s LiquidSecurity 2 (LS2) HSM likely employs a custom Octeon TX2 (CN9xxx) processor on a PCIe card. Compared with the first LiquidSecurity generation (LS1), introduced in 2015, the LS2 stores 10 times as many keys and executes elliptic-curve cryptography (ECC) 10 times faster. Other improvements are less pronounced. The LS2 is similarly faster than competing PCIe-card HSMs.
Most HSMs are standalone systems used only by organizations with stringent security requirements, such as banks and government agencies. These organizations define standards to which HSMs must adhere. Ordinary companies have normally kept their keys on site, relying on physical and network security to protect them.
As organizations have shifted workloads to the cloud, relying on shared infrastructure, they’ve needed to manage keys in the cloud. In response, cloud-service providers (CSPs) began deploying HSMs as a service, using HSMs capable of supporting multiple customers at once. Thales (then SafeNet) introduced such an HSM in 2013, and it later began offering HSMs as a service.
Marvell (then Cavium) shrank the HSM to a server add-in board—the original LiquidSecurity, based on an Octeon processor alongside the Nitrox III accelerator. Selling it at a much lower price than established suppliers, the company secured most of this new card-based-HSM opportunity, winning CSPs that we believe include Alibaba, Amazon, Google, and Oracle. Marvell withholds pricing, but we estimate LiquidSecurity cards sell for more than $20,000. Still only 18% of the overall $700 million HSM market, cloud HSMs from all vendors could grow to half the market in 2027, according to the company.