200 Gbps Hardware Accelerated Encryption System for FPGA Network Cards

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26220%2F18%3APU128759" target="_blank" >RIV/00216305:26220/18:PU128759 - isvavai.cz</a>

Výsledek na webu

<a href="https://dl.acm.org/citation.cfm?id=3266446" target="_blank" >https://dl.acm.org/citation.cfm?id=3266446</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1145/3266444.3266446" target="_blank" >10.1145/3266444.3266446</a>

Jazyk výsledku

angličtina

Název v původním jazyce

200 Gbps Hardware Accelerated Encryption System for FPGA Network Cards

Popis výsledku v původním jazyce

We present the architecture and implementation of our encryption system designed for 200 Gbps FPGA (Field Programmable Gate Array) network cards utilizing the IPsec (IP security) protocol. To our knowledge, our hardware encryption system is the first that is able to encrypt network traffic at the full link speed of 200 Gbps using a proven algorithm in a secure mode of operation, on a network device that is already available on the market. Our implementation is based on the AES (Advanced Encryption Standard) encryption algorithm and the GCM (Galois Counter Mode) mode of operation, therefore it provides both encryption and authentication of transferred data. The design is modular and the AES can be easily substituted or extended by other ciphers. We present the full description of the architecture of our scheme, the VHDL (VHSIC Hardware Description Language) simulation results and the results of the practical implementation on the NFB-200G2QL network cards based on the Xilinx Virtex UltraScale+ chip. We also present the integration of the encryption core with the IPsec subsystem so that the resulting implementation is interoperable with other systems.

Název v anglickém jazyce

200 Gbps Hardware Accelerated Encryption System for FPGA Network Cards

Popis výsledku anglicky

We present the architecture and implementation of our encryption system designed for 200 Gbps FPGA (Field Programmable Gate Array) network cards utilizing the IPsec (IP security) protocol. To our knowledge, our hardware encryption system is the first that is able to encrypt network traffic at the full link speed of 200 Gbps using a proven algorithm in a secure mode of operation, on a network device that is already available on the market. Our implementation is based on the AES (Advanced Encryption Standard) encryption algorithm and the GCM (Galois Counter Mode) mode of operation, therefore it provides both encryption and authentication of transferred data. The design is modular and the AES can be easily substituted or extended by other ciphers. We present the full description of the architecture of our scheme, the VHDL (VHSIC Hardware Description Language) simulation results and the results of the practical implementation on the NFB-200G2QL network cards based on the Xilinx Virtex UltraScale+ chip. We also present the integration of the encryption core with the IPsec subsystem so that the resulting implementation is interoperable with other systems.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

20206 - Computer hardware and architecture

Projekt

<a href="/cs/project/VI20162018036" target="_blank" >VI20162018036: Kryptografické zabezpečení pro 100 GbE sítě</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)<br>S - Specificky vyzkum na vysokych skolach

Rok uplatnění

2018

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

The Second Workshop on Attacks and Solutions in Hardware Security (ASHES’18)

ISBN

978-1-4503-5996-2

ISSN

—

e-ISSN

—

Počet stran výsledku

7

Strana od-do

11-17

Název nakladatele

ACM

Místo vydání

Toronto, Canada

Místo konání akce

Toronto

Datum konání akce

19. 10. 2018

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

000511312100002