INTRODUCTIONSecurity ProtocolsIPsecSSLsecurity processors AND the network securitySystem-On-Chip2. For High level, network processors include cryptographicCryptographic Capabilities of Network Processors, December 2004 1 Abstract: A collection of cryptographic applications such as secure IP (IPSEC) and virtual private networks (VPNs) have been widely deployed in both routers and end systems. This trend will further emphasize the importance of cryptographic applications among all types of communications. Security related applications are all computationally intensive applications that can consume as much as 95 percent of an application server's processing capacity. As the demands for deployment of secure communication grow, cryptographic processing is becoming a bottleneck to the system performance. On the other hand, the emerging Network Processors (NPs), which are application specific programmable processors, are becoming fundamental building blocks of next generation networking equipments. They are being targeted not just for packet processing applications, but secure packet processing. To meet the increasing demands for secure communication, the network processors have to perform cryptographic functions at full speed to achieve comparable performance of security processing. This paper describes the existing approaches for implementing security using NPs: using security accelerator, security processors in look-aside, flow-through architectures and the network processors with integrated crypto blocks. Furthermore, this article discusses IPSEC & SSL protocols which are used for security in the internet today and the needs these protocols put on the network processors depending on where they are used .We also study the various levels in the network where the network processors are used and their performance requirements depending on the level of security and speed required . Index terms- Cryptographic algorithms, Network Processors I. INTRODUCTION With an exponential increase in internet and greater dependability on the computer networks, the requirement of secure communication is emphasized in such a way that data confidentiality and data integrity can be achieved over every packet placed on the network. As data rates and processing requirement increases rapidly, specialized Network Processors (NPs) have come up alternative to the general-purpose processor and Application specific Integrated Circuits (ASICs). A NP is a programmable microprocessor optimized for processing network data packets. Specifically, it is designed to handle the tasks commonly associated with the upper layers of the seven-layer OSI networking model. Data rates for NPs range from 1.2Gbps to 40Gbps. Cryptographic Capabilities of Network Processors (December 2004) Uma Koppula, Ganeshprasad Maddipati, Tarun C. Nallabelli Jayakar and Usman Akhtar Therefore, NPs are designed and optimized to perform network applications efficiently. Choosing a NP over an ASIC In previous networking systems, vendors used microprocessors to perform routing functions in low-end devices because of their low cost, general availability, and ease of programming. Microprocessors don't have enough performance for high-bandwidth devices so custom ASICs were used. The ASICs provide ultimate control over the design; on the other hand, they have long design cycles, long debug cycles, and high development costs. ASIC development will generally be the critical path for these systems. New ASIC designs take 9 to 18 months and cost millions of dollars. As a result, ASIC development is the crucial point in the system development. [18]. NPs replace fixed-function ASICs with a programmable design, providing additional advantages and matching the performance of ASICs in demanding networking applications. A programmable device shortens the design cycle and is more easily modified to support new or evolving standards. Programmability not only accelerates time to market, it can even enable an NP-based router to be field-upgraded with a new protocol which is not possible with an ASIC. The varying needs of networking customers can be properly met by a NP only through programmability. A flexible, programmable device can more easily support whatever algorithms, protocols, or services a customer might want to implement. A highly programmable NP will serve the broadest possible market. On the other hand, a well-designed NP with appropriate use of fixed-function blocks is likely to be more efficient for mainstream applications. NPs offer various levels of programmability, as seen in the figure below at one end of the spectrum is the entirely fixed-function logic of a "net ASIC" and at the other is the fully programmable “NPU”. As programmable processor elements are added, the design moves to the right. A fully programmable NPU with few, if any, “fixed-function blocks”, is rightly placed to the far right. [18]Cryptographic Capabilities of Network Processors, December 2004 2 Fig.1 Programmability Spectrum [18] Intel's IXP architecture is a good example of a fully programmable design, using packet-engine software to do almost all the work. Security through NP Security is an essential network aspect, security processing for networks is normally implemented using general-purpose processor with software but, it becomes inefficient when processing requirements increase. With NPs proving to be an efficient networking device, security was desired through a NP. And the designers came up with three approaches for enhancing security processing in NPs look-aside, flow-through and integrated security block technique, these are discussed in detail in this report. The cryptographic functions like encryption, decryption and authentication are used to implement security in the network. These cryptographic functions when implemented consume more than allowable percentage of the application server’s processing capability. This is due to the amount of computations that are required. The security of cryptographic based systems depends on both the strength of the cryptographic algorithms chosen, the strength of the keys used with those algorithms and the engineering of the protocol used by the system to ensure that there are no non-cryptographic ways to bypass the security of the overall system. The two most popular protocols which are implemented for security purpose are IPsec and SSL. II. SECURITY PROTOCOLS A. IPsec B. SSL IPSEC: The IPsec
View Full Document
Unlocking...