Detail publikace

200 Gbps Hardware Accelerated Encryption System for FPGA Network Cards

Originální název

200 Gbps Hardware Accelerated Encryption System for FPGA Network Cards

Anglický název

200 Gbps Hardware Accelerated Encryption System for FPGA Network Cards

Jazyk

en

Originální abstrakt

We present the architecture and implementation of our encryption system designed for 200 Gbps FPGA (Field Programmable Gate Array) network cards utilizing the IPsec (IP security) protocol. To our knowledge, our hardware encryption system is the first that is able to encrypt network traffic at the full link speed of 200 Gbps using a proven algorithm in a secure mode of operation, on a network device that is already available on the market. Our implementation is based on the AES (Advanced Encryption Standard) encryption algorithm and the GCM (Galois Counter Mode) mode of operation, therefore it provides both encryption and authentication of transferred data. The design is modular and the AES can be easily substituted or extended by other ciphers. We present the full description of the architecture of our scheme, the VHDL (VHSIC Hardware Description Language) simulation results and the results of the practical implementation on the NFB-200G2QL network cards based on the Xilinx Virtex UltraScale+ chip. We also present the integration of the encryption core with the IPsec subsystem so that the resulting implementation is interoperable with other systems.

Anglický abstrakt

We present the architecture and implementation of our encryption system designed for 200 Gbps FPGA (Field Programmable Gate Array) network cards utilizing the IPsec (IP security) protocol. To our knowledge, our hardware encryption system is the first that is able to encrypt network traffic at the full link speed of 200 Gbps using a proven algorithm in a secure mode of operation, on a network device that is already available on the market. Our implementation is based on the AES (Advanced Encryption Standard) encryption algorithm and the GCM (Galois Counter Mode) mode of operation, therefore it provides both encryption and authentication of transferred data. The design is modular and the AES can be easily substituted or extended by other ciphers. We present the full description of the architecture of our scheme, the VHDL (VHSIC Hardware Description Language) simulation results and the results of the practical implementation on the NFB-200G2QL network cards based on the Xilinx Virtex UltraScale+ chip. We also present the integration of the encryption core with the IPsec subsystem so that the resulting implementation is interoperable with other systems.

BibTex


@inproceedings{BUT149410,
  author="Zdeněk {Martinásek} and Jan {Hajný} and David {Smékal} and Lukáš {Malina} and Denis {Matoušek} and Michal {Kekely} and Nele {Mentens}",
  title="200 Gbps Hardware Accelerated Encryption System for FPGA Network Cards",
  annote="We present the architecture and implementation of our encryption system designed for 200 Gbps FPGA (Field Programmable Gate Array) network cards utilizing the IPsec (IP security) protocol. To our knowledge, our hardware encryption system is the first that is able to encrypt network traffic at the full link speed of 200 Gbps using a proven algorithm in a secure mode of operation, on a network device that is already available on the market. Our implementation is based on the AES (Advanced Encryption Standard) encryption algorithm and the GCM (Galois Counter Mode) mode of operation, therefore it provides both encryption and authentication of transferred data. The design is modular and the AES can be easily substituted or extended by other ciphers. We present the full description of the architecture of our scheme, the VHDL (VHSIC Hardware Description Language) simulation results and the results of the practical implementation on the NFB-200G2QL network cards based on the Xilinx Virtex UltraScale+ chip. We also present the integration of the encryption core with the IPsec subsystem so that the resulting implementation is interoperable with other systems.",
  address="ACM",
  booktitle="The Second Workshop on Attacks and Solutions in Hardware Security (ASHES’18)",
  chapter="149410",
  doi="10.1145/3266444.3266446",
  howpublished="online",
  institution="ACM",
  year="2018",
  month="october",
  pages="11--17",
  publisher="ACM",
  type="conference paper"
}