Publication Details

200 Gbps Hardware Accelerated Encryption System for FPGA Network Cards

MARTINÁSEK Zdeněk, HAJNÝ Jan, SMÉKAL David, MALINA Lukáš, MATOUŠEK Denis and KEKELY Michal et al. 200 Gbps Hardware Accelerated Encryption System for FPGA Network Cards. In: Proceedings of the ACM Conference on Computer and Communications Security. Association for Computing Machinery, 2018, pp. 11-17. ISBN 978-1-4503-5996-2. Available from: https://dl.acm.org/doi/10.1145/3266444.3266446
Czech title
200 Gbps hardware accelerated encryption system pro síťové karty FPGA
Type
conference paper
Language
english
Authors
Martinásek Zdeněk, doc. Ing., Ph.D. (FEEC BUT)
Hajný Jan, Doc. Ing., Ph.D. (UTKO FEEC BUT)
Smékal David, Ing. (FEEC BUT)
Malina Lukáš, Ing., Ph.D. (UTKO FEEC BUT)
Matoušek Denis, Ing. (DCSY FIT BUT)
and others
URL
Keywords

Authentication, Computer hardware, Computer hardware description languages, Data privacy, Field programmable gate arrays (FPGA), Hardware, Hardware security, Internet protocols, Interoperability, Network architecture, Network protocols, Network security

Abstract

We present the architecture and implementation of our encryption system designed for 200 Gbps FPGA (Field Programmable Gate Array) network cards utilizing the IPsec (IP security) protocol. To our knowledge, our hardware encryption system is the first that is able to encrypt network traffic at the full link speed of 200 Gbps using a proven algorithm in a secure mode of operation, on a network device that is already available on the market. Our implementation is based on the AES (Advanced Encryption Standard) encryption algorithm and the GCM (Galois Counter Mode) mode of operation, therefore it provides both encryption and authentication of transferred data. The design is modular and the AES can be easily substituted or extended by other ciphers. We present the full description of the architecture of our scheme, the VHDL (VHSIC Hardware Description Language) simulation results and the results of the practical implementation on the NFB-200G2QL network cards based on the Xilinx Virtex UltraScale+ chip. We also present the integration of the encryption core with the IPsec subsystem so that the resulting implementation is interoperable with other systems.

Published
2018
Pages
11-17
Proceedings
Proceedings of the ACM Conference on Computer and Communications Security
Conference
2nd Workshop on Attacks and Solutions in Hardware Security, Toronto, CA
ISBN
978-1-4503-5996-2
Publisher
Association for Computing Machinery
DOI
10.1145/3266444.3266446
UT WoS
000511312100002
EID Scopus
2-s2.0-85056746052
BibTeX 
@INPROCEEDINGS{FITPUB12244,
   author = "Zden\v{e}k Martin\'{a}sek and Jan Hajn\'{y} and David Sm\'{e}kal and Luk\'{a}\v{s} Malina and Denis Matou\v{s}ek and Michal Kekely and et al.",
   title = "200 Gbps Hardware Accelerated Encryption System for FPGA Network Cards",
   pages = "11--17",
   booktitle = "Proceedings of the ACM Conference on Computer and Communications Security",
   year = 2018,
   publisher = "Association for Computing Machinery",
   ISBN = "978-1-4503-5996-2",
   doi = "10.1145/3266444.3266446",
   language = "english",
   url = "https://www.fit.vut.cz/research/publication/12244"
}
Back to top