200 Gbps Hardware Accelerated Encryption System for FPGA Network Cards
15 Jan 2018-pp 11-17
TL;DR: This paper presents the architecture and implementation of a hardware encryption system that is the first that is able to encrypt network traffic at the full link speed of 200 Gbps using a proven algorithm in a secure mode of operation, on a network device that is already available on the market.
Abstract: We present the architecture and implementation of our encryption system designed for 200 Gbps FPGA (Field Programmable Gate Array) network cards utilizing the IPsec (IP security) protocol. To our knowledge, our hardware encryption system is the first that is able to encrypt network traffic at the full link speed of 200 Gbps using a proven algorithm in a secure mode of operation, on a network device that is already available on the market. Our implementation is based on the AES (Advanced Encryption Standard) encryption algorithm and the GCM (Galois Counter Mode) mode of operation, therefore it provides both encryption and authentication of transferred data. The design is modular and the AES can be easily substituted or extended by other ciphers. We present the full description of the architecture of our scheme, the VHDL (VHSIC Hardware Description Language) simulation results and the results of the practical implementation on the NFB-200G2QL network cards based on the Xilinx Virtex UltraScale+ chip. We also present the integration of the encryption core with the IPsec subsystem so that the resulting implementation is interoperable with other systems.
Citations
More filters
01 Aug 2020
TL;DR: Xoodoo-NC is a reducedround, reduced-state version of Xoodoo, inheriting Xoodoo’s desired avalanche properties and low logical depth, resulting in an ultra-low-latency non-cryptographic hash function derived from the cryptographic permutation Xoodoo.
Abstract: This paper proposes novel Bloom filter algorithms and FPGA architectures for high-speed searching applications. A Bloom filter is a memory structure that is used to test whether input search data are present in a table of stored data. Bloom filters are extensively used in network security solutions that apply traffic flow monitoring or deep packet inspection. Improving the speed of Bloom filters can therefore have a significant impact on the speed of many network applications. The most important components determining the speed of Bloom filters are hash functions. While hash functions in Bloom filters do not require strong cryptographic properties, they do need a minimized computational delay. We take on the challenge of developing ultra-high-speed Bloom filters on FPGAs by proposing a new noncryptographic hash function, called Xoodoo-NC, derived from the cryptographic permutation Xoodoo. Xoodoo-NC is a reducedround, reduced-state version of Xoodoo, inheriting Xoodoo’s desired avalanche properties and low logical depth, resulting in an ultra-low-latency non-cryptographic hash function. We evaluate the performance of Bloom filter architectures based on Xoodoo-NC on a Xilinx UltraScale+FPGA and we compare the performance and resource occupation to existing Bloom filter implementations. We additionally compare our results to memories that use the built-in CAM cores in Xilinx UltraScale+ FPGAs. Our proposed algorithmic and architectural advances lead to Bloom filters that, to the best of our knowledge, outperform all other FPGA-based solutions.
9 citations
Cites background from "200 Gbps Hardware Accelerated Encry..."
...An example of a network encryption implementation that adheres to the strong operating frequency and parallel processing requirements of Terabit FPGA platforms is given in [28]....
[...]
TL;DR: Experimental evaluations indicate that incorporating accelerator-awareness in VNF-PC strategies can help operators to achieve additional cost-savings from the efficient allocation of hardware-accelerator resources.
7 citations
Cites background from "200 Gbps Hardware Accelerated Encry..."
...IPSec, SSH AES en/decryption, SHA hash [8], [9], [10], [11] CPU usage reduction of 50% and 94% at packet size of 578B and 9000B, respectively [8]....
[...]
...A large number of VNFs involve CPU-intensive tasks like de-duplication, cryptography, compression, etc [8], [9], [10], [11], [12], [13], [14]....
[...]
01 Aug 2021
TL;DR: Approximate Count-Min Sketch (ACM) as discussed by the authors is a variant of the count-min sketch algorithm that uses less memory and has a higher throughput compared to other FPGA-based sketch implementations.
Abstract: Network traffic measurement keeps track of the amount of traffic sent by each flow in the network. It is a core functionality in applications such as traffic engineering and network intrusion detection. In high-speed networks, it is impossible to keep an exact count of the flow traffic, due to limitations with respect to memory and computational speed. Therefore, probabilistic data structures, such as sketches, are used. This paper proposes Approximate Count-Min sketch or ACM sketch, a novel variant of the Count-Min sketch algorithm that uses less memory and has a higher throughput compared to other FPGA-based sketch implementations. A-CM sketch relies on optimizations at two levels: (1) it uses approximate counters and the newly proposed Hardware-oriented Simple Active Counter algorithm to efficiently implement these counters; (2) it uses a distribution of the embedded memory, optimized towards maximum operating frequency. To the best of our knowledge, A-CM sketch outperforms all other FPGA-based sketch implementations.
6 citations
19 Nov 2020
TL;DR: In this paper, the authors present a hardware-accelerated cryptographic solution for Field Programmable Gate Array (FPGA) based network cards that provide throughput up to 200 Gpbs.
Abstract: The paper presents a hardware-accelerated cryptographic solution for Field Programmable Gate Array (FPGA) based network cards that provide throughput up to 200 Gpbs. Our solution employs a Software-Defined Network (SDN) concept based on the high-level Programming Protocol-independent Packet Processors (P4) language that offers flexibility for network-oriented data processing. In order to accelerate cryptographic operations, we implement main cryptographic functions by VHSIC Hardware Description Language (VHDL) directly in FPGA, i.e., a symmetric cipher (AES-GCM-256), a digital signature scheme (EdDSA) and a hash function (SHA-3). Our solution then uses these widely-used cryptographic primitives as basic external P4 functions which can be applied in various customized security use cases. Thus, our solution allows engineers to avoid hardware development (VHDL) and offers rapid prototyping by using the high-level language (P4). Moreover, we test these cryptographic components on the UltraScale+ FPGA card and we present their hardware consumption and performance results.
4 citations
TL;DR: In this article , a non-cryptographic hash function called Xoodoo-NC is proposed to improve the speed of Bloom filters. But, it does not require strong cryptographic properties and does not need a minimized computational delay.
3 citations
References
More filters
01 Aug 1995
TL;DR: This document describes an updated version of the Encapsulating Security Payload (ESP) protocol, which is designed to provide a mix of security services in IPv4 and IPv6.
Abstract: This document describes an updated version of the Encapsulating
Security Payload (ESP) protocol, which is designed to provide a mix of
security services in IPv4 and IPv6. ESP is used to provide
confidentiality, data origin authentication, connectionless integrity,
an anti-replay service (a form of partial sequence integrity), and
limited traffic flow confidentiality. This document obsoletes RFC 2406
(November 1998). [STANDARDS-TRACK]
1,422 citations
[...]
TL;DR: In this paper, a simple dictionary with worst case constant lookup time was presented, equaling the theoretical performance of the classic dynamic perfect hashing scheme of Dietzfelbinger et al.
Abstract: We present a simple dictionary with worst case constant lookup time, equaling the theoretical performance of the classic dynamic perfect hashing scheme of Dietzfelbinger et al. [SIAM J. Comput. 23 (4) (1994) 738-761]. The space usage is similar to that of binary search trees. Besides being conceptually much simpler than previous dynamic dictionaries with worst case constant lookup time, our data structure is interesting in that it does not use perfect hashing, but rather a variant of open addressing where keys can be moved back in their probe sequences. An implementation inspired by our algorithm, but using weaker hash functions, is found to be quite practical. It is competitive with the best known dictionaries having an average case (but no nontrivial worst case) guarantee on lookup time.
963 citations
01 Aug 1995
TL;DR: This document describes an updated version of the IP Authentication Header (AH), which is designed to provide authentication services in IPv4 and IPv6, and obsoletes RFC 2402 (November 1998).
Abstract: This document describes an updated version of the IP Authentication
Header (AH), which is designed to provide authentication services in
IPv4 and IPv6. This document obsoletes RFC 2402 (November 1998).
[STANDARDS-TRACK]
934 citations
"200 Gbps Hardware Accelerated Encry..." refers methods in this paper
...IPsec ensures data encryption, authentication and integrity of each IP packet in a communication session by utilizing the ESP (Encapsulating Security Payload) [8] and AH (Authentication Headers) [7] modes....
[...]
01 Jan 2005
431 citations
"200 Gbps Hardware Accelerated Encry..." refers methods in this paper
...The implementation of the AES and GCM components has been fully described in our past paper [12] including the verification using the test vectors [13], the results obtained confirmed the correctness of the implementation....
[...]
01 Nov 2007
TL;DR: In this paper, the Galois/Counter Mode (GCM) and GMAC are used for authenticated encryption with associated data and its specialization, GMAC, for generating a message authentication code (MAC) on data that is not encrypted.
Abstract: This Recommendation specifies the Galois/Counter Mode (GCM), an algorithm for authenticated encryption with associated data, and its specialization, GMAC, for generating a message authentication code (MAC) on data that is not encrypted. GCM and GMAC are modes of operation for an underlying approved symmetric key block cipher.
398 citations