Improving DES coprocessor throughput for short operations

Authors:
Mark Lindemann;Sean W. Smith
Affiliations:
IBM TJ Watson Research Center, Yorktown Heights, NY;Dept. of CS/Institute for Security and Technology Studies, Dartmouth College, Hanover, NH
Venue:
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Year:
2001

Citing 6
Cited 5

Transaction security system

IBM Systems Journal - Special issue on cryptology
Building a high-performance, programmable secure coprocessor

Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on computer network security
Performance Engineering of Software Systems

Performance Engineering of Software Systems
Practical server privacy with secure coprocessors

IBM Systems Journal - End-to-end security
Secure coprocessor integration with kerberos V5

SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Encryption Modes with Almost Free Message Integrity

Journal of Cryptology

High-speed I/O: the operating system as a signalling mechanism

NICELI '03 Proceedings of the ACM SIGCOMM workshop on Network-I/O convergence: experience, lessons, implications
Practical server privacy with secure coprocessors

IBM Systems Journal - End-to-end security
Security Enhancement in InfiniBand Architecture

IPDPS '05 Proceedings of the 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS'05) - Papers - Volume 01
TCP offload is a dumb idea whose time has come

HOTOS'03 Proceedings of the 9th conference on Hot Topics in Operating Systems - Volume 9
Copilot - a coprocessor-based kernel runtime integrity monitor

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13

Quantified Score

Hi-index	0.00

Visualization

Abstract

Over the last several years, our research team built a commercially-offered secure coprocessor that, besides other features, offers high-speed DES: over 20 megabytes/second. However, it obtains these speeds only on operations with large data lengths. For DES operations on short data (e.g., 8-80 bytes), our commercial offering was benchmarked at less than 2 kilobytes/second. The programmability of our device enabled us to investigate this issue, identify and address a series of bottlenecks that were not initially apparent, and ultimately bring our short-DES performance close to 3 megabytes/second. This paper reports the results of this real-world systems exercise in hardware cryptographic acceleration--and demonstrates the importance of, when designing specialty hardware, not overlooking the software aspects governing how a device can be used.