High-performance FPGA architecture for data streams processing on example of IPsec gateway

Authors

  • Mateusz Korona Warsaw University of Technology
  • Krzysztof Skowron Warsaw University of Technology
  • Mateusz Trzepiński Warsaw University of Technology
  • Mariusz Rawski Warsaw University of Technology

Abstract

In modern digital world, there is a strong demand for efficient data streams processing methods. One of application areas is cybersecurity — IPsec is a suite of protocol that adds security to communications at the IP level. This paper presents principles of high-performance FPGA architecture for data streams processing on example of IPsec gateway implementation. Efficiency of the proposed solution allows to use it in networks with data rates of several Gbit/s.

References

OpenWRT project webpage, IPsec performance, accessed 26.03.18, https://wiki.openwrt.org/doc/howto/vpn.IPsec.performance

strongSwan project webpage, accessed 26.03.18, https://www.strongswan.org/

Klassert Steffen, Parallelizing IPsec, https://www.strongswan.org/docs/Steffen Klassert Parallelizing IPsec.pdf, 2010

Intel Corporation, Fast Multi-buffer IPsec Implementations on Intel Architecture Processors, 2012

Cisco Systems, Inc., Cisco IPsec and SSL VPN Solutions Portfolio, 2008

Juniper Networks, Security Products Comparison Chart, 2015

Helion Technology Limited, IPsec ESP IP Core for FPGA – Product Brief, accessed 26.03.18, http://www.heliontech.com/ipsec.htm

Sangjin Han, Keon Jang, Kyoung Soo Park, Sue Moon, PacketShader: a GPU-accelerated Software Router, http://shader.kaist.edu/packetshader, 2010

Mateusz Korona, Implementation of IPsec protocol suite using fieldprogrammable devices, bachelor thesis, 2015

ARM, AMBA 4 AXI4-Stream Protocol Specification, 2010

Frankel S., Glenn R., Kelly S., RFC-3602, The AES-CBC Cipher Algorithm and Its Use with IPsec, 2003

Housley R., RFC-3686, Using Advanced Encryption Standard (AES) Counter Mode With IPsec Encapsulating Security Payload (ESP), 2004

Krawczyk H., Bellare M., Canetti R., RFC-2104, HMAC: Keyed-Hashing for Message Authentication, 1997

Eastlake D. 3rd, Jones P., RFC-3174, US Secure Hash Algorithm 1 (SHA1), 2001

Eun-Hee Lee, Seok-Man Kim, Chungbuk National University, Design of High Speed SHA-1 Architecture Using Unfolded Pipeline for Biomedical Applications, accessed 26.03.18, http://www.iiis.org/CDs2009/CD2009SCI/SCI2009/PapersPdf/S231IM.pdf

ETSI, EN 302 307 v. 1.1.2, Digital Video Broadcasting (DVB); Secondgeneration framing structure, channel coding and modulation systems for Broadcasting, Interactive Services, News Gathering and other broadband satellite applications, 2006

Downloads

Published

2018-07-20

Issue

Section

Telecommunications