A 10 Gbps in-line network security processor based on configurable hetero-multi-cores
详细信息    查看全文
  • 作者:Yun Niu ; Li-ji Wu ; Yang Liu ; Xiang-min Zhang…
  • 关键词:10 Gbps Ethernet ; Network security processor (NSP) ; Internet Protocol Security (IPSec) ; Crossbar ; TN918
  • 刊名:Frontiers of Information Technology & Electronic Engineering
  • 出版年:2013
  • 出版时间:August 2013
  • 年:2013
  • 卷:14
  • 期:8
  • 页码:642-651
  • 全文大小:648 KB
  • 参考文献:Chen, Z.H., 2011. Research on Pattern Matching Algorithm in 40Gbps Application Awareness System. MS Thesis, PLA Information Engineering University, Zhengzhou, China (in Chinese).CrossRef
    Cho, Y.H., Mangione-Smith, W.H., 2005. Fast Reconfiguring Deep Packet for 1+ Gigabit Network. Proc. 13th Annual IEEE Symp. on Field Programmable Custom Computing Machine, p.215-24. [doi:10.1109/FCCM.2005.34]
    Fang, Y.T., Huang, T.C., Wang, P.C., 2008. Ternary CAM Compaction for IP Address Lookup. 22nd Int. Conf. on Advanced Information Networking and Applications, p.1462-467. [doi:10.1109/WAINA.2008.168]
    Ferrante, A., Piuri, V., 2007. High-Level Architecture of an IPSec-Dedicated System on Chip. 3rd EuroNGI Conf. on Next Generation Internet Networks, p.159-66. [doi:10.1109/NGI.2007.371211]
    Ferrante, A., Piuri, V., Owen, J., 2005. IPSec Hardware Resource Requirements Evaluation. Next Generation Internet Networks, p.240-46. [doi:10.1109/NGI.2005.1431672]
    Ferrante, A., Satish, C., Piuri, V., 2007. IPSec Database Query Acceleration. 4th Int. Conf. on E-Business and Telecommunications, p.188-00.
    Gupta, P., McKeown, N., 1999. Designing and implementing a fast crossbar scheduler. IEEE Micro, 19(1):20-8. [doi:10.1109/40.748793]CrossRef
    Ha, C.S., Lee, J.H., Leem, D.S., 2004. ASIC Design of IPSec Hardware Accelerator for Network Security. IEEE Asia-Pacific Conf. on Advanced System Integrated Circuits, p.168-71.
    Hifn, 2008. Flow Through Security Processor. Available from http://?www.?acaltechnology.?com/?_?files/?legacy_?news/?HifnPB-9150-5.?pdf IEEE Std 802.3-2012 url. IEEE Standard for Ethernet. IEEE Computer Society, NY, USA.
    Jain, R., 1992. A comparison of hashing schemes for address lookup in computer networks. IEEE Trans. Commun., 40(10):1570-573. [doi:10.1109/26.168785]CrossRef
    Khan, E., El-Kharashi, M.W., Rafiq, A.N.M.E., Gebali, F., Abd-El-Barr, M., 2003. Network Processors for Communication Security: a Review. IEEE Pacific Rim Conf. on Communications Computers and Signal Processing, p.173-76.
    Liu, A.X., Meiners, C.R., Torng, E., 2010. TCAM razor: a systematic approach towards minimizing packet classifiers in TCAMs. IEEE/ACM Trans. Network., 18(2):490-00. [doi:10.1109/TNET.2009.2030188]CrossRef
    Liu, Y., Wu, L.J., Niu, Y., Zhang, X.M., Gao, Z.Q., 2012. A High-Speed SHA-1 IP Core for 10 Gbps Ethernet Security Processor. 8th Int. Conf. on Computational Intelligence and Security, p.237-41. [doi:10.1109/CIS.2012.60]
    McKeown, N., 1999. iSLIP scheduling algorithm for input-queued switches. IEEE/ACM Trans. Network., 7(2):188-01. [doi:10.1109/90.769767]CrossRef
    Nishida, Y., Kawai, K., Koike, K., 2010. A 2Gbs Network Processor with a 24mW IPsec Offload for Residential Gateways. IEEE Int. Solid-State Circuits Conf., p.280-81. [doi:10.1109/ISSCC.2010.5433917]
    Pape, J.D., 2006. Implementation of an On-Chip Interconnect Using the i-SLIP Scheduling Algorithm. MS Thesis, the University of Texas, Austin, USA.
    Potlapally, N.R., Ravi, S., Raghunalhan, A., Lee, R.B., Jha, N.K., 2006. Impact of Configurability and Extensibility on IPSec Protocol Execution on Embedded Processors. 19th Int. Conf. on VLSI Design, p.299-04. [doi:10.1109/VLSID.2006.102]
    RFC2401:1998. Security Architecture for the Internet Protocol. Internet Engineering Task Force (IETF), Washington D.C., USA.
    Wang, C.H., Lo, C.Y., Lee, M.S., Yeh, J.C., Huang, C.T., Wu, C.W., Huang, S.Y., 2006. A Network Security Processor Design Based on an Integrated SOC Design and Test Platform. Proc. 43rd Annual Design Automation Conf., p.490-95. [doi:10.1145/1146909.1147039]CrossRef
    Wang, H.X., Bai, G.Q., Chen, H.Y., 2008. Zodiac: System Architecture Implementation for a High-Performance Network Security Processor. IEEE 19th Int. Conf. on Application-Specific Systems, Architectures and Processors, p.91-6. [doi:10.1109/ASAP.2008.4580160]
    Wang, H.X., Bai, G.Q., Chen, H.Y., 2010. Design and implementation of a high performance network security processor. Int. J. Electron., 97(3):309-25. [doi:10.1080/00207210903289383]CrossRef
    Wang, L., Niu, Y., Wu, L.J., Zhang, X.M., 2010. Design of an IPSec IP-Core for 10 Gigabit Ethernet Security Processor. Proc. 10th IEEE Int. Conf. on Solid-State and Integrated Circuit Technology, p.539-41. [doi:10.1109/ICSICT.2010.5667343]
    Wu, L.J., Ji, Y.J., Zhang, X.M., Li, X.Y., Yang, Y.S., 2009. Power analysis resistant AES crypto engine design for a network security co-processor. J. Tsinghua Univ. (Sci. Tech.), 49(S2):2097-102 (in Chinese).
  • 作者单位:Yun Niu (1) (2)
    Li-ji Wu (1) (2)
    Yang Liu (1) (2)
    Xiang-min Zhang (1) (2)
    Hong-yi Chen (1) (2)

    1. National Laboratory for Information Science and Technology, Tsinghua University, Beijing, 100084, China
    2. Institute of Microelectronics, Tsinghua University, Beijing, 100084, China
  • 刊物类别:Computer Science, general; Electrical Engineering; Computer Hardware; Computer Systems Organization
  • 刊物主题:Computer Science, general; Electrical Engineering; Computer Hardware; Computer Systems Organization and Communication Networks; Electronics and Microelectronics, Instrumentation; Communications Engine
  • 出版者:Zhejiang University Press
  • ISSN:2095-9230
文摘
This paper deals with an in-line network security processor (NSP) design that implements the Internet Protocol Security (IPSec) protocol processing for the 10 Gbps Ethernet. The 10 Gbps high speed data transfer, the IPSec processing including the crypto-operation, the database query, and IPSec header processing are integrated in the design. The in-line NSP is implemented using 65 nm CMOS technology and the layout area is 2.5 mm×3 mm with 360 million gates. A configurable crossbar data transfer skeleton implementing an iSLIP scheduling algorithm is proposed, which enables simultaneous data transfer between the heterogeneous multiple cores. There are, in addition, a high speed input/output data buffering mechanism and design of high performance hardware structures for modules, wherein the transfer efficiency and the resource utilization are maximized and the IPSec protocol processing achieves 10 Gbps line speed. A high speed and low power hardware look-up method is proposed, which effectively reduces the area and power dissipation. The post simulation results demonstrate that the design gives a peak throughput for the Authentication Header (AH) transport mode of 10.06 Gbps with the average test packet length of 512 bytes under the clock rate of 250 MHz, and power dissipation less than 1 W is obtained. An FPGA prototype is constructed to verify the function of the design. A test bench is being set up for performance and function verification. Key words 10 Gbps Ethernet Network security processor (NSP) Internet Protocol Security (IPSec) Crossbar

© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号

地址:北京市海淀区学院路29号 邮编:100083

电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700