200 Gbps Hardware Accelerated Encryption System for FPGA Network Cards

článek ve sborníku ve WoS nebo Scopus

angličtina

We present the architecture and implementation of our encryption system designed for 200 Gbps FPGA (Field Programmable Gate Array) network cards utilizing the IPsec (IP security) protocol. To our knowledge, our hardware encryption system is the first that is able to encrypt network traffic at the full link speed of 200 Gbps using a proven algorithm in a secure mode of operation, on a network device that is already available on the market. Our implementation is based on the AES (Advanced Encryption Standard) encryption algorithm and the GCM (Galois Counter Mode) mode of operation, therefore it provides both encryption and authentication of transferred data. The design is modular and the AES can be easily substituted or extended by other ciphers. We present the full description of the architecture of our scheme, the VHDL (VHSIC Hardware Description Language) simulation results and the results of the practical implementation on the NFB-200G2QL network cards based on the Xilinx Virtex UltraScale+ chip. We also present the integration of the encryption core with the IPsec subsystem so that the resulting implementation is interoperable with other systems.

High-speed encryption, authentication, cryptography, FPGA

MARTINÁSEK, Z.; HAJNÝ, J.; SMÉKAL, D.; MALINA, L.; MATOUŠEK, D.; KEKELY, M.; MENTENS, N.

19. 10. 2018

ACM

Toronto, Canada

978-1-4503-5996-2

The Second Workshop on Attacks and Solutions in Hardware Security (ASHES’18)

11

17

7

https://dl.acm.org/citation.cfm?id=3266446