Architectural support for fast symmetric-key cryptography
ASPLOS IX Proceedings of the ninth international conference on Architectural support for programming languages and operating systems
System design methodologies for a wireless security processing platform
Proceedings of the 39th annual Design Automation Conference
Cryptography and Network Security: Principles and Practice
Cryptography and Network Security: Principles and Practice
A Study of the Relative Costs of Network Security Protocols
Proceedings of the FREENIX Track: 2002 USENIX Annual Technical Conference
Performance impact of data compression on virtual private network transactions
LCN '00 Proceedings of the 25th Annual IEEE Conference on Local Computer Networks
Securing Mobile Appliances: New Challenges for the System Designer
DATE '03 Proceedings of the conference on Design, Automation and Test in Europe - Volume 1
XScale Hardware Acceleration on Cryptographic Algorithms for IPSec Applications
ITCC '05 Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume I - Volume 01
Impact of Configurability and Extensibility on IPSec Protocol Execution on Embedded Processors
VLSID '06 Proceedings of the 19th International Conference on VLSI Design held jointly with 5th International Conference on Embedded Systems Design
Transaction-based authentication and key agreement protocol for inter-domain VoIP
Journal of Network and Computer Applications
| Hi-index | 0.00 |
Cryptographic accelerators and security processors are often used in embedded systems in order to enable enhanced security without significantly impacting performance or power consumption. However, realizing the performance promised by them requires the design of efficient software architectures for crypto offloading (offloading cryptographic operations from a host processor). In this paper, we describe an efficient software architecture for IPSec crypto offloading on a state-of-the-art mobile application processor system-on-chip (SoC) that includes a programmable security processor. We consider both user-space and kernel-space implementations of IPSec, compare their performance, and identify factors that limit the efficiency of crypto offloading. We describe two optimizations, called protocol-level crypto offloading and adaptive crypto offloading, which further improve the performance of IPSec by (i) offloading higher granularity computations to reduce the crypto offloading overheads, and (ii) using crypto offloading judiciously based on the trade-off between the savings in processing cycles vs. the overhead of communication with the security processor. We measure the performance of our implementation of IPSec crypto offloading using a commercial network protocol stack on the mobile application processor SoC, under a wide range of workloads. Our results indicate that efficient crypto offloading can result in application-level improvements of up to 10.6X in data rate and up to 5X in latency, enabling IPSec to be used for emerging high-bandwidth and interactive mobile applications.