Skip to main content
SpringerLink
Log in

IPsec-Protected Transport of HDTV over IP

  • Conference paper
  • First Online:
Field Programmable Logic and Application (FPL 2003)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2778))

Included in the following conference series:

Abstract

Bandwidth-intensive applications compete directly with the operating system’s network stack for CPU cycles. This is particularly true when the stack performs security protocols such as IPsec; the additional load of complex cryptographic transforms overwhelms modern CPUs when data rates exceed 100 Mbps. This paper describes a network-processing accelerator which overcomes these bottlenecks by offloading packet processing and cryptographic transforms to an intelligent interface card. The system achieves sustained 1 Gbps host-to-host bandwidth of encrypted IPsec traffic on commodity CPUs and networks. It appears to the application developer as a normal network interface, because the hardware acceleration is transparent to the user. The system is highly programmable and can support a variety of offload functions. A sample application is described, wherein production-quality HDTV is transported over IP at nearly 900 Mbps, fully secured using IPsec with AES encryption.

This work is supported by the DARPA Information Technology Office (ITO) as part of the Next Generation Internet program under Grants F30602-00-1-0541 and MDA972-99-C-0022, and by the National Science Foundation under grant 0230738.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Calvin, J.: Digital convergence. In: Proceedings of theWorkshop on New Visions ofr Large- Scale Networks: Research and Applications, Vienna, Virginia (2001)

    Google Scholar 

  2. IP Security Protocol (IPsec) Charter: Latest RFCs and Internet Drafts for IPsec (2003), http://ietf.org/html.charters/ipsec-charter.html

  3. FreeS/WAN: IPsec Performance Benchmarking (2002), http://www.freeswan.org/freeswan_trees/-freeswan-1.99/doc/performance.html

  4. Schott, B., Bellows, P., French, M., Parker, R.: Applications of adaptive computing systems for signal processing challenges. In: Proceedings of the Asia South Pacific Design Automation Conference, Kitakyushu, Japan (2003)

    Google Scholar 

  5. Bellows, P., Flidr, J., Lehman, T., Schott, B., Underwood, K.D.: GRIP: A reconfigurable architecture for host-based gigabit-rate packet processing. In: Proc. of the IEEE Symposium on Field-Programmable Custom Computing Machines, Napa Valley, CA (2002)

    Google Scholar 

  6. Chodowiec, P., Gaj, K., Bellows, P., Schott, B.: Experimental testing of the gigabit IPseccompliant implementations of Rijndael and Triple-DES using SLAAC-1V FPGA acceleratorboard. In: Proc. of the 4th Int’l Information Security Conf., Malaga, Spain (2001)

    Google Scholar 

  7. Grembowski, T., Lien, R., Gaj, K., Nguyen, N., Bellows, P., Flidr, J., Lehman, T., Schott, B.: Comparative analysis of the hardware implementations of hash functions SHA-1 and SHA-512. In: Proc. of the 5th Int’l Information Security Conf., Sao Paulo, Brazil (2002)

    Google Scholar 

  8. Hutchings, B.L., Franklin, R., Carver, D.: Assisting network intrusion detection with reconfigurable hardware. In: Proc. of the IEEE Symposium on Field-Programmable Custom Computing Machines, Napa Valley, CA (2002)

    Google Scholar 

  9. FreeS/Wan (2003), http://www.freeswan.org/

  10. Society of Motion Picture and Television Engineers: Bit-serial digital interface for highdefinition television systems. SMPTE-292M (1998)

    Google Scholar 

  11. Perkins, C.S., Gharai, L., Lehman, T., Mankin, A.: Experiments with delivery of HDTV over IP networks. In: Proc. of the 12th International Packet Video Workshop (2002)

    Google Scholar 

  12. Schulzrinne, H., Casner, S., Frederick, R., Jacobson, V.: RTP: A transport protocol for realtime applications RFC 1889 (1996)

    Google Scholar 

  13. DVS Digital Video Systems (2003), http://www.dvs.de/

  14. Mummert, T., Kosak, C., Steenkiste, P., Fisher, A.: Fine grain parallel communication on general purpose LANs. In: Proceedings of 1996 International Conference on Supercomputing (ICS 1996), Philadelphia, PA, USA, pp. 341–349 (1996)

    Google Scholar 

  15. Reinhardt, S.K., Larus, J.R., Wood, D.A.: Tempest and typhoon: User-level shared memory. In: International Conference on Computer Architecture, Chicago, Illinois, USA (1994)

    Google Scholar 

  16. Sumimoto, S., Tezuka, H., Hori, A., Harada, H., Takahashi, T., Ishikawa, Y.: The design and evaluation of high performance communication using a Gigabit Ethernet. In: International Conference on Supercomputing, Rhodes, Greece (1999)

    Google Scholar 

  17. Shivam, P., Wyckoff, P., Panda, D.: EMP: Zero-copy OS-bypass NIC-driven Gigabit Ethernet message passing. In: Proc. of the 2001 Conference on Supercomputing (2001)

    Google Scholar 

  18. Lockwood, J.W., Turner, J.S., Taylor, D.E.: Field programmable port extender (FPX) for distributed routing and queueing. In: Proc. of the ACM International Symposium on Field Programmable Gate Arrays, Napa Valley, CA, pp. 30–39 (1997)

    Google Scholar 

  19. McHenry, J.T., Dowd, P.W., Pellegrino, F.A., Carrozzi, T.M., Cocks, W.B.: An FPGA-based coprocessor for ATM irewalls. In: Proc. of the IEEE Symposium on FPGAs for Custom Computing Machines, Napa Valley, CA, pp. 30–39 (1997)

    Google Scholar 

  20. Underwood, K.D., Sass, R.R., Ligon, W.B.: Analysis of a prototype intelligent network interface. Concurrency and Computing: Practice and Experience (2002)

    Google Scholar 

  21. National Laboratory for Applied Network Research: Network performance measuring tool (2003), http://dast.nlanr.net/Projects/Iperf/

  22. Jarvinen, K., Tommiska, M., Skytta, J.: Fully pipelined memoryless 17.8 Gbps AES-128 encryptor. In: 11th ACM International Symposium on Field- Programmable Gate Arrays (FPGA 2003), Monterey, California (2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. USC Information Sciences Institute, 3811 N. Fairfax Dr. #200, VA, 22203, Arlington, USA

    Peter Bellows, Jaroslav Flidr, Ladan Gharai & Colin Perkins

  2. Dept. of Electrical and Computer Engineering, George Mason University, 4400 University Drive, VA, 22030, Fairfax, USA

    Pawel Chodowiec & Kris Gaj

Authors
  1. Peter Bellows
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jaroslav Flidr
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ladan Gharai
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Colin Perkins
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Pawel Chodowiec
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Kris Gaj
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Electrical and Electronic Engineering, Imperial College London, Exhibition Road, SW7 2BT, London, UK

    Peter Y. K. Cheung

  2. Department of Electrical & Electronic Engineering, Imperial College London, Exhibition Road, SW7 2BT, London, UK

    George A. Constantinides

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Bellows, P., Flidr, J., Gharai, L., Perkins, C., Chodowiec, P., Gaj, K. (2003). IPsec-Protected Transport of HDTV over IP. In: Y. K. Cheung, P., Constantinides, G.A. (eds) Field Programmable Logic and Application. FPL 2003. Lecture Notes in Computer Science, vol 2778. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-45234-8_84

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-45234-8_84

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-40822-2

  • Online ISBN: 978-3-540-45234-8

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation