IPSec Implementation on Xilinx Virtex-II Pro FPGA and Its Application

Authors:
Jing Lu;John Lockwood
Affiliations:
Washington University, St. Louis, MO;Washington University, St. Louis, MO
Venue:
IPDPS '05 Proceedings of the 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS'05) - Workshop 3 - Volume 04
Year:
2005

Citing 4
Cited 5

Field programmable port extender (FPX) for distributed routing and queuing

FPGA '00 Proceedings of the 2000 ACM/SIGDA eighth international symposium on Field programmable gate arrays
Dynamic hardware plugins: exploiting reconfigurable hardware for high-performance programmable routers

Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on programmable networks
Implementation of a Content-Scanning Module for an Internet Firewall

FCCM '03 Proceedings of the 11th Annual IEEE Symposium on Field-Programmable Custom Computing Machines
Deep Packet Inspection using Parallel Bloom Filters

IEEE Micro

Interactive presentation: Implementation of AES/Rijndael on a dynamically reconfigurable architecture

Proceedings of the conference on Design, automation and test in Europe
A Gbps IPSec SSL Security Processor Design and Implementation in an FPGA Prototyping Platform

Journal of Signal Processing Systems
Reconfigurable memory based AES co-processor

IPDPS'06 Proceedings of the 20th international conference on Parallel and distributed processing
Rescheduling for optimized SHA-1 calculation

SAMOS'06 Proceedings of the 6th international conference on Embedded Computer Systems: architectures, Modeling, and Simulation
Design and implementation of an FPGA-Based 1.452-gbps non-pipelined AES architecture

ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part III

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we propose an IPSec implementation on Xilinx Virtex-II Pro FPGA1. We move the key management and negotiation into software function calls that run on the PowerPC processor core. On the data path, reconfigurable hardware logic implements time-critical functions for AES encryption and HMAC authentication. In our approach, the fast hardware processing is quasi-independent of the software processing. In traditional hardware systems, it is often the case that fast hardware modules wait for slow softwares to feed input data and retrieve output data. This causes the hardware component to stay in idle and suffer low utilization. Our contribution in this paper is to separate the IPSec data path from the control path, where the hardware has a full control of data processing and invokes the control software only when necessary. We illustrate the use of the IPSec implementation on a reconfigurable network device to secure the control and configuration channel.