Skip to main content
Springer Nature Link
Log in

Hardware-Accelerated Cryptography for Software-Defined Networks with P4

  • Conference paper
  • First Online:
Innovative Security Solutions for Information Technology and Communications (SecITC 2020)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12596))

Abstract

The paper presents a hardware-accelerated cryptographic solution for Field Programmable Gate Array (FPGA) based network cards that provide throughput up to 200 Gpbs. Our solution employs a Software-Defined Network (SDN) concept based on the high-level Programming Protocol-independent Packet Processors (P4) language that offers flexibility for network-oriented data processing. In order to accelerate cryptographic operations, we implement main cryptographic functions by VHSIC Hardware Description Language (VHDL) directly in FPGA, i.e., a symmetric cipher (AES-GCM-256), a digital signature scheme (EdDSA) and a hash function (SHA-3). Our solution then uses these widely-used cryptographic primitives as basic external P4 functions which can be applied in various customized security use cases. Thus, our solution allows engineers to avoid hardware development (VHDL) and offers rapid prototyping by using the high-level language (P4). Moreover, we test these cryptographic components on the UltraScale+ FPGA card and we present their hardware consumption and performance results.

This work is supported by Ministry of the Interior of the Czech Republic under grant VI20192022126.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    https://www.xilinx.com/products/intellectual-property/1-pcz517.html.

  2. 2.

    https://p4.org.

  3. 3.

    https://p4.org.

  4. 4.

    https://github.com/p4lang/p4c.

  5. 5.

    Component available from: https://github.com/dsaves/SHA-512.

References

  1. Benáček, P.: P4-to-VHDL: How we built the fastest p4 FPGA device in the world. In: 6th Prague Embedded Systems Workshop, p. 43 (2018)

    Google Scholar 

  2. Bernstein, D.J.: Curve25519: new Diffie-Hellman speed records. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 207–228. Springer, Heidelberg (2006). https://doi.org/10.1007/11745853_14

    Chapter  Google Scholar 

  3. Bernstein, D.J., Duif, N., Lange, T., Schwabe, P., Yang, B.Y.: High-speed high-security signatures. J. Cryptograph. Eng. 2(2), 77–89 (2012). https://doi.org/10.1007/s13389-012-0027-1

    Article  MATH  Google Scholar 

  4. Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: On the Indifferentiability of the sponge construction. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 181–197. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78967-3_11

    Chapter  Google Scholar 

  5. Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: The keccak SHA-3 submission. Submission to NIST (Round 3), vol. 6, no. 7, p. 16 (2011)

    Google Scholar 

  6. Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Keccak. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 313–314. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38348-9_19

    Chapter  Google Scholar 

  7. Bos, J., et al.: Crystals-kyber: a CCA-secure module-lattice-based KEM. In: 2018 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 353–367. IEEE (2018)

    Google Scholar 

  8. Bosshart, P., Daly, D., Gibb, G.: P4: programming protocol- independent packet processors. ACM SIGCOMM Comput. Commun. Rev. 3(44), 87–95 (2014)

    Article  Google Scholar 

  9. Cao, Z., Su, H., Yang, Q., Shen, J., Wen, M., Zhang, C.: P4 to FPGA-a fast approach for generating efficient network processors. IEEE Access 8, 23440–23456 (2020)

    Article  Google Scholar 

  10. Ducas, L., et al.: Crystals-dilithium: a lattice-based digital signature scheme. IACR Trans. Cryptograph. Hardware Embedded Syst. 2018, 238–268 (2018)

    Article  Google Scholar 

  11. D’Anvers, J.-P., Karmakar, A., Sinha Roy, S., Vercauteren, F.: Saber: module-LWR based key exchange, CPA-secure encryption and CCA-secure KEM. In: Joux, A., Nitaj, A., Rachidi, T. (eds.) AFRICACRYPT 2018. LNCS, vol. 10831, pp. 282–305. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-89339-6_16

    Chapter  Google Scholar 

  12. Hauser, F., Schmidt, M., Häberle, M., Menth, M.: P4-MACsec: dynamic topology monitoring and data layer protection with MACsec in p4-based SDN. IEEE Access 8, 58845–58858 (2020)

    Article  Google Scholar 

  13. Islam, M.M., Hossain, M.S., Hasan, M.K., Shahjalal, M., Jang, Y.M.: FPGA implementation of high-speed area-efficient processor for elliptic curve point multiplication over prime field. IEEE Access 7, 178811–178826 (2019)

    Article  Google Scholar 

  14. Koppermann, P., De Santis, F., Heyszl, J., Sigl, G.: X25519 hardware implementation for low-latency applications. In: 2016 Euromicro Conference on Digital System Design (DSD), pp. 99–106. IEEE (2016)

    Google Scholar 

  15. Martinasek, Z., Hajny, J., Smekal, D., Malina, L., Matousek, D., Kekely, M., Mentens, N.: 200 GBPS hardware accelerated encryption system for fpga network cards. In: Proceedings of the 2018 Workshop on Attacks and Solutions in Hardware Security, pp. 11–17 (2018)

    Google Scholar 

  16. Mehrabi, M.A., Doche, C.: Low-cost, low-power FPGA implementation of ed25519 and curve25519 point multiplication. Information 10(9), 285 (2019)

    Article  Google Scholar 

  17. Parrilla, L., Álvarez-Bermejo, J.A., Castillo, E., López-Ramos, J.A., Morales-Santos, D.P., García, A.: Elliptic curve cryptography hardware accelerator for high-performance secure servers. J. Supercomput. 75(3), 1107–1122 (2019). https://doi.org/10.1007/s11227-018-2317-6

    Article  Google Scholar 

  18. Roy, S.S., Basso, A.: High-speed instruction-set coprocessor for lattice-based key encapsulation mechanism: saber in hardware. IACR Cryptol. ePrint Arch. 2020, 434 (2020)

    Google Scholar 

  19. Salarifard, R., Bayat-Sarmadi, S.: An efficient low-latency point-multiplication over curve25519. IEEE Trans. Circuits Syst. I Regul. Pap. 66(10), 3854–3862 (2019)

    Article  Google Scholar 

  20. Salman, A., Rogawski, M., Kaps, J.P.: Efficient hardware accelerator for IPSec based on partial reconfiguration on Xilinx FPGAs. In: 2011 International Conference on Reconfigurable Computing and FPGAs, pp. 242–248. IEEE (2011)

    Google Scholar 

  21. Scholz, D., et al.: Cryptographic hashing in p4 data planes. In: 2019 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS), pp. 1–6. IEEE (2019)

    Google Scholar 

  22. Shen, C.A., Lee, D.Y., Ku, C.A., Lin, M.W., Lu, K.C., Tan, S.Y.: A programmable and FPGA-accelerated GTP offloading engine for mobile edge computing in 5G networks. In: IEEE INFOCOM 2019-IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp. 1021–1022. IEEE (2019)

    Google Scholar 

  23. Turan, F., Verbauwhede, I.: Compact and flexible FPGA implementation of Ed25519 and X25519. ACM Trans. Embedded Comput. Syst. (TECS) 18(3), 1–21 (2019)

    Article  Google Scholar 

  24. Wang, H., et al.: P4fpga: a rapid prototyping framework for p4. In: Proceedings of the Symposium on SDN Research, pp. 122–135 (2017)

    Google Scholar 

  25. Yazdinejad, A., Parizi, R.M., Bohlooli, A., Dehghantanha, A., Choo, K.K.R.: A high-performance framework for a network programmable packet processor using p4 and FPGA. J. Netw. Comput. Appl. 156, 102564 (2020)

    Article  Google Scholar 

  26. Yazdinejad, A., Parizi, R.M., Dehghantanha, A., Choo, K.K.R.: P4-to-blockchain: a secure blockchain-enabled packet parser for software defined networking. Comput. Secur. 88, 101629 (2020)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Brno University of Technology, Technicka 12, Brno, Czech Republic

    Lukas Malina, David Smekal, Sara Ricci, Jan Hajny & Peter Cíbik

  2. Netcope Technologies a.s., Sochorova 3226/40, Brno, Czech Republic

    Peter Cíbik & Jakub Hrabovsky

Authors
  1. Lukas Malina
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. David Smekal
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sara Ricci
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jan Hajny
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Peter Cíbik
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Jakub Hrabovsky
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Lukas Malina .

Editor information

Editors and Affiliations

  1. Advanced Technologies Institute, Bucharest, Romania

    Diana Maimut

  2. Advanced Technologies Institute, Bucharest, Romania

    Andrei-George Oprina

  3. Faculté des Sciences et Techniques, University of Limoges, Limoges, France

    Damien Sauveron

Appendices

A Input and Output signals in implemented cryptographic components

Fig. 4.
figure 4

Block diagram of SHA-3 component with Input/Output signals

Full size image
Table 4. Input and output signals in SHA-3 component
Full size table
Table 5. Input and output signals in EdDSA component
Full size table
Table 6. Input and output signals in AES-GCM-256 component
Full size table

B Comparison of Scalar Point Multiplication Implementations on FPGA

Table 7 and Fig. 5 show the comparison of the hardware implementations of scalar point multiplication on EC 25519. The results of implementation created within this work are compared with the hardware implementations in the related works [14, 16, 19, 23]. Regarding to the comparison of hardware sources, the work [14] takes the highest number of resources, i.e., 26 483 look-up tables and 21 107 flip-flops. On the other hand, the work [16] uses the smallest part of the FPGA platform with 3 472 look-up tables and 8 680 flip-flops. Our implementation trades of performance and hardware resources, with 17 427 look-up tables and 8 546 flip-flops.

Table 7. Comparison of scalar point multiplication on EC 25519 implementations
Full size table
Fig. 5.
figure 5

Comparison of scalar point multiplication on EC 25519 implementations

Full size image

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Malina, L., Smekal, D., Ricci, S., Hajny, J., Cíbik, P., Hrabovsky, J. (2021). Hardware-Accelerated Cryptography for Software-Defined Networks with P4. In: Maimut, D., Oprina, AG., Sauveron, D. (eds) Innovative Security Solutions for Information Technology and Communications. SecITC 2020. Lecture Notes in Computer Science(), vol 12596. Springer, Cham. https://doi.org/10.1007/978-3-030-69255-1_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-69255-1_18

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-69254-4

  • Online ISBN: 978-3-030-69255-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics