Skip to main content
SpringerLink
Log in

Parallel Algorithm Core: A Novel IPSec Algorithm Engine for Both Exploiting Parallelism and Improving Scalability

  • Regular Paper
  • Published:
Journal of Computer Science and Technology Aims and scope Submit manuscript

Abstract

To deal with the challenges of both computation-complexity and algorithm-scalability posed to the design of an IPSec engine, we develop PAC (parallel algorithm core), called PAC, employed in an IPSec engine, which can meet requirements of both exploiting parallelism existing in IPSec packets and offering scalability in both the scales and types of cryptographic algorithms. With three kinds of parallelism and two kinds of transparency defined, a novel hierarchy of the specifically-designed parallel structure for PAC is presented, followed by corresponding mechanisms. With a simulation, the scalability of PAC is examined. For the purpose of performance evaluation, a Quasi Birth-and-Death (QBD) process is then established to model a simplified version of the proposed PAC. Performance evaluation of PAC in terms of two representative measures, throughput and mean packet waiting time, is numerically investigated. A comparison study is done on a simulation basis. Conclusions are finally drawn for providing a helpful guideline for both the design and implementation of our proposal.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Kent S, Atkinson R. Security architecture for the Internet protocol. RFC 2401, November 1998.

  2. Kent S, Atkinson R. Security architecture for the Internet protocol. RFC 4301, December, 2005.

  3. Madson C, Glenn R. The use of HMAC-MD5-96 within ESP and AH. RFC 2403, November 1998.

  4. Madson C, Glenn R. The use of HMAC-SHA-1-96 within ESP and AH. RFC 2404, November 1998.

  5. Madson C, Doraswamy N. The ESP DES-CBC cipher algorithm with explicit IV. RFC 2405, November 1998.

  6. Pereira R, Adams R. The ESP CBC-mode cipher algorithms. RFC 2451, November 1998.

  7. Franker S, Kelly S, Glenn R. The AES cipher algorithm and its use with IPSec. RFC 3602, September 2003.

  8. CISCO Systems Inc. Security target for Cisco IOS/IPSEC. May 2006, http://www.commoncriteriaportal.org/public/files/epfiles/IOSIPSec12.3.6a_ST_4.8.pdf.

  9. Miltchev S, Ioannidis S, Keromytis A D. A study of relative costs of network security protocols. In Proc. the USENIX Annual Technical Conference, Jun. 10–15, 2002, pp.41–48.

  10. Moon J, Yeom H Y. IP concatenation: The method for enhancement of IPSec performance. In Proc. the 6th IEEE International Conference on High Speed Networks and Multimedia Communications (HSNMC 2003), Portugal, July 23–25, 2003, pp.365–374.

  11. Onuki A, Takeuchi K, Inada T et al. A realization of theoretical maximum performance in IPSec on gigabit Ethernet. IEEJ Transactions on Electronics, Information and Systems, 2004, 124–C(8): 1533–1537.

    Article  Google Scholar 

  12. Dandalis A, Prasanna V K, Rolim J D P. An adaptive cryptographic engine for IPSec architectures. In Proc. IEEE Symposium on Field-Programmable Custom Computing Machines, USA, April 17–19, 2000, pp.132–141.

  13. Grembowski T, Lien R, Gaj K et al. Comparative analysis of the hardware implementations of hash functions sha-1 and sha-512. In Proc. the 5th Int. Information Security Conference, Brazil, September 3–October 2, 2002, pp.75–89.

  14. Kang Y K, Kim D W, Kwon T W et al. An efficient implementation of hash function processor for IPSEC. In Proc. 3rd IEEE Asia-Pacific Conf. ASIC, Taipei, Aug. 6–8, 2002, pp.93–96.

  15. Schaumont P R, Kuo H, Verbauwhede I M. Unlocking the design secrets of a 2.29 Gb/s Rijndael processor. In Proc. 39th ACM/IEEE Design Automation Conference (DAC 2002), USA, June 10–14, 2002, pp.634–639.

  16. Chang H C, Chen C C, Lin C F. XScale hardware acceleration on cryptographic algorithms for IPSec applications. In Proc. International Conference on Information Technology (ITCC 2005), USA, April 4–6, 2005, pp.592–597.

  17. Performance of hardware-accelerated IPSec VPN Systems. White Paper, SafeNet Corporation, 2005, http://www.safenet-inc.com/library/8/QuickSecSafeXcelPerf_US_WP.pdf.

  18. Swankoski E J, Brooks R, Narayanan V et al. A parallel architecture for secure FPGA symmetric encryption. In Proc. the 18th International Parallel and Distributed Processing Symposium (IPDPS 2004), USA, Reconfigurable Architectures Workshop, April 26–30, 2004, p.132.

  19. Castanier F, Ferrante A, Piuri V. A packet scheduling algorithm for IPSec multi-accelerator based systems. In Proc. the 15th IEEE International Conference on Application-Specific Systems, Architectures and Processors (ASAP 2004), USA, Sept. 27–29, 2004, pp.387–397.

  20. Niemann J G, Porrmann M, Ruckert U. A scalable parallel SoC architecture for network processors. In Proc. IEEE Computer Society Annual Symposium on VLSI 2005 (ISVLSI 2005): New Frontiers in VLSI Design, USA, May 11–12, 2005, pp.311–313.

  21. Ariga S, Nagahashi K, Minami M et al. Performance evaluation of data transmission using IPSec over IPv6 networks. In Proc. INET 2000, Yokohama, Japan, USA, July 18–21, 2000, pp.200–202.

  22. Caldera J, Niz D D, Nakagawa J. Performance analysis of IPSec and IKE for mobile IP on wireless environments. Information Networking Institute, Carnegie Mellon University, http://www.cs.cmu.edu/~dionisio/ipSec-wmip.doc.

  23. Elkeelany O, Matalgah M M, Sheikh K P et al. Performance analysis of IPSec protocol: Encryption and authentication. In Proc. IEEE International Conference on Communications (ICC 2002), New York, USA, April–May, 2002, pp.1164–1168.

  24. Mekkittikul A, McKeown N. Scheduling VOQ switches under non-uniform traffic. CSL Technical Report, CSL-TR-97-747, Stanford University, 1997.

  25. Kim O, Montgomery D. Behavioral and performance characteristics of IPsec/IKE in large-scale VPNs. In Proc. the IASTED International Conference on Communication Network and Information Security, USA, December 10–12, 2003, pp.231–236.

  26. IPSec virtual private networks: Conformance and performance testing. Whitepaper, IXIA Corporation, November 2003, pp.11–20.

  27. Ferrante A, Chandra S, Piuri V. A query unit for the IPSec databases. In Proc. SECRYPT 2007, Barcelona, Spain, Jul. 28–31, 2007, pp.133–139.

  28. Traces of Ethernet measurement at bellcore. Aug. 1989, ftp://ita.ee.lbl.gov/trace/BC-pAug89.TL.

  29. Neuts M F. Matrix-Geometric Solutions in Stochastic Models: An Algorithmic Approach. Dover Publications, 1995.

  30. Elhafsi E H, Molle M. Exact solution using matrix geometric techniques for a per-flow queueing node with threshold routing. In Proc. International Symposium on Performance Evaluation of Computer and Telecommunications Systems (SPECTS), Canada, July 31–August 2, 2006, http://www.cs.cmu.edu/~dionisio/ipsec-wmip.PDF.

Download references

Author information

Authors and Affiliations

  1. National Digital Switching System Engineering & Technological Research Center, Zhengzhou, 450002, China

    Dong-Nian Cheng, Yu-Xiang Hu & Cai-Xia Liu

Authors
  1. Dong-Nian Cheng
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yu-Xiang Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Cai-Xia Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dong-Nian Cheng.

Additional information

This work was supported by the National High Technology Development 863 Program of China (Grant No. 2005AA121210).

Electronic supplementary material

Below is the link to the electronic supplementary material.

(PDF 83.6 kb)

Rights and permissions

Reprints and permissions

About this article

Cite this article

Cheng, DN., Hu, YX. & Liu, CX. Parallel Algorithm Core: A Novel IPSec Algorithm Engine for Both Exploiting Parallelism and Improving Scalability. J. Comput. Sci. Technol. 23, 792–805 (2008). https://doi.org/10.1007/s11390-008-9166-3

Download citation

  • Received:

  • Revised:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11390-008-9166-3

Keywords

Search

Navigation