Article

A QoS-enabled packet scheduling algorithm for IPSec multi-accelerator based systems

Authors:
Alberto Ferrante

University of Milan, Milano, Italy

University of Milan, Milano, Italy
View Profile

,
Vincenzo Piuri

University of Milan, Milano, Italy

University of Milan, Milano, Italy
View Profile

,
Fabien Castanier

ST Microelectronics, Milano, Italy

ST Microelectronics, Milano, Italy
View Profile

CF '05: Proceedings of the 2nd conference on Computing frontiersMay 2005Pages 221–229https://doi.org/10.1145/1062261.1062298

Published:04 May 2005Publication History

CF '05: Proceedings of the 2nd conference on Computing frontiers

Pages 221–229

ABSTRACT

IPSec is a suite of protocols that adds security to communications at the IP level. Protocols within the IPSec suite make extensive use of cryptographic algorithms. Since these algorithms are computationally very intensive, some hardware acceleration is needed to support high throughput. In this paper we discuss a scheduling algorithm for distributing IPSec packet processing over the CPU with a software implementation of the cryptographic algorithms considered and multiple cryptographic accelerators. This algorithm also provides support for quality of service. High-level simulations and the related results are provided to show the properties of the algorithm. Some architectural improvements suitable to better exploit this scheduling algorithm are also presented

References

S. Kent and R. Atkinson, "Security Architecture For the Internet Protocol -- RFC2401," IETF RFC, 1998. {Online}. Available: http://www.ietf.org/rfc.html]] Google ScholarDigital Library
IP Authentication Header -- RFC2402," IETF RFC, 1998. {Online}. Available: http://www.ietf.org/rfc.html]]Google Scholar
IP Encapsulating Security Payload (ESP) -- RFC2406," IETF RFC, 1998. {Online}. Available: http://www.ietf.org/rfc.html]]Google Scholar
D. Harkins and D. Carrell, "The Internet Key Exchange (IKE) -- RFC2409," IETF RFC, 1998. {Online}. Available: http://www.ietf.org/rfc.html]] Google ScholarDigital Library
A. Shacham, R. Monsour, R. Pereira, and M. Thomas, "IP Payload Compression Protocol (IPComp) -- RFC2393," IETF RFC, 1998. {Online}. Available: http://www.ietf.org/rfc.html]] Google ScholarDigital Library
J. Feghhi and J. Feghhi, Secure Networking with Windows 2000 and Trust Services. Addison Wesley, 2001.]] Google ScholarDigital Library
R. Yuan and W. T. Strayer, Virtual Private Networks. Addison Wesley, 2001.]] Google ScholarDigital Library
S. Miltchev, S. Ioannidis, and A. D. Keromytis, "A Study Of the Relative Costs of Network Security Protocols." Monterey, CA: USENIX Annual Technical Program, June 2002.]] Google ScholarDigital Library
S. Ariga, K. Nagahashi, M. Minami, H. Esaki, and J. Murai, "Performance Evaluation Of Data Transmission Using IPSec Over IPv6 Networks," in INET, Yokohama, Japan, July 2000.]]Google Scholar
Alberto Ferrante, Vincenzo Piuri, and Jeff Owen, "IPSec Hardware Resource Requirements Evaluation," in NGI 2005, IEEE, Ed. Rome, Italy: EuroNGI, 18 Apr. 2005.]]Google Scholar
F.T. Hady, T. Bock, M. Cabot, J. Chu, J. Meinecke, K. Oliver, and W. Talarek, "Platform Level Support For High Throughput Edge Applications: the Twin Cities Prototype," IEEE Network, vol. 17, no. 4, pp. 22--27, July 2003.]] Google ScholarDigital Library
John Freeman, "An Industry Analyst's Perspective on Network Processors," in Network Processor Design, P. Crowley, M. A. Franklin, H. Hadimioglu, and P. Z. Onufryk, Eds. Morgan Kaufmann, 2003, vol. 1, ch. 9, pp. 191--218.]]Google Scholar
Sean Convery, Internetworking Technologies Handbook. Cisco Press, 19 Apr. 2004, no. ISBN158705115X, ch. 49, pp. 49--1 -- 49--32.]]Google Scholar
S. Blake, D. Black, M. Carlson, E. Davies, Z. Wang, and W. Weiss, "An Architecture for Differentiated Services -- RFC2475," IETF RFC, Dec. 1998. {Online}. Available: http://www.ietf.org/rfc.html]] Google ScholarDigital Library
S. Deering and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification -- RFC2460," IETF RFC, Dec. 1998. {Online}. Available: http://www.ietf.org/rfc.html]] Google ScholarDigital Library
Fabien Castanier, Alberto Ferrante, and Vincenzo Piuri, "A Packet Scheduling Algorithm for IPSec Multi-Accelerator Based Systems," in ASAP 2004, IEEE Computer Society Press, Ed., Galveston (TX), USA, Sept. 2004, pp. 387--397.]] Google ScholarDigital Library
J. Carpenter, S. Funk, P. Holman, A. Srinivasan, J. Anderson, and S. Baruah, "A Categorization of Real-Time Multiprocessor Scheduling Problems and Algorithms," in Hanbook of Scheduling: Algorithms, Models, and Performance Analysis, Joseph Y. Leung, Ed. CRC Press, 2004, ch. 31.]]Google Scholar
R. Rajaraman and S. Muthukrishnan, "An Adversarial Model for Distributed Dynamic Load Balancing," in the 10th Annual ACM Symposium on Parallel Algorithms and Architectures, June 1998, pp. 47--54.]] Google ScholarDigital Library
(2002) PCI comparison, 32 vs. 64-bit and 33MHz vs. 66MHz. {Online}. Available: http://www.buildorbuy.org/pdf/64bitpci.pdf]]Google Scholar
S. Frankel, R. Glenn, and S. Kelly, "The AES-CBC Cipher Algorithm and Its Use with IPsec - RFC 3602," IETF RFC, Sept. 2003.]] Google ScholarDigital Library
T. Dierks and C. Allen, "The TLS Protocol Version 1.0 -- RFC 2246," IETF RFC, Jan. 1999. {Online}. Available: http://www.ietf.org/rfc.html]] Google ScholarDigital Library
"SystemC Official Website." {Online}. Available: http:/www.systemc.org/]]Google Scholar
(2000) The Internet Traffic Archive. {Online}. Available: http://ita.ee.lbl.gov/]]Google Scholar
TCPDUMP Public Repository. {Online}. Available: http://www.tcpdump.org/]]Google Scholar
Srihari Makineni and Ravi Iyer, "Architectural Characterization of TCP/IP Packet Processing on the Pentium M Microprocessor," in Tenth International Symposium on High-Performance Computer Architecture, Feb. 2004, pp. 152--162.]] Google ScholarDigital Library

Index Terms

A QoS-enabled packet scheduling algorithm for IPSec multi-accelerator based systems
1. Computer systems organization
  1. Embedded and cyber-physical systems
  2. Real-time systems

Recommendations

A Packet Scheduling Algorithm for IPSec Multi-Accelerator Based Systems
ASAP '04: Proceedings of the Application-Specific Systems, Architectures and Processors, 15th IEEE International Conference

IPSec is a suite of protocols that adds security to communications at the IP level. Protocols within the IPSec suite make extensive use of cryptographic algorithms. Since these algorithms are computationally very intensive, some hardware acceleration is ...
Read More
Efficient Hardware Accelerator for IPSec Based on Partial Reconfiguration on Xilinx FPGAs
RECONFIG '11: Proceedings of the 2011 International Conference on Reconfigurable Computing and FPGAs

In this paper we present a practical low-end embedded system solution for Internet Protocol Security (IPSec) implemented on the smallest Xilinx Field Programmable Gate Array (FPGA) device in the Virtex 4 family. The proposed solution supports the three ...
Read More
Towards high-performance IPsec on cavium OCTEON platform
INTRUST'10: Proceedings of the Second international conference on Trusted Systems

Providing secure, reliable communications is a big challenge to guarantee confidentiality, integrity, and anti-replay protection, especially between endpoints in current Internet. As one of the popular secure communication protocol, IPsec usually limits ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CF '05: Proceedings of the 2nd conference on Computing frontiers
May 2005
467 pages
ISBN:1595930191
DOI:10.1145/1062261
General Chair:
Nader Bagherzadeh,
Program Chairs:
Mateo Valero,
Alex Ramirez
Copyright © 2005 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 4 May 2005
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
IPSec
QoS
cryptographic accelerators
quality of service
scheduling
Qualifiers
- Article
Conference

Acceptance Rates
Overall Acceptance Rate240of680submissions,35%
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 6
  Total Citations
  View Citations
- 506
  Total Downloads
- Downloads (Last 12 months)2
- Downloads (Last 6 weeks)0
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

A QoS-enabled packet scheduling algorithm for IPSec multi-accelerator based systems

CF '05: Proceedings of the 2nd conference on Computing frontiers

ABSTRACT

References

Cited By

Index Terms

Recommendations

A Packet Scheduling Algorithm for IPSec Multi-Accelerator Based Systems

Efficient Hardware Accelerator for IPSec Based on Partial Reconfiguration on Xilinx FPGAs

Towards high-performance IPsec on cavium OCTEON platform