DOC PREVIEW
MASON ECE 646 - Cryptographic Capabilities of Network Processors

This preview shows page 1-2-23-24 out of 24 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 24 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 24 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 24 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 24 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 24 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

Cryptographic Capabilities of Network ProcessorsWhat is a Network Processor?Ways of incorporating securityDisadvantages of Look AsideFlow Through Security ArchitectureOn Chip SecurityIntel IXP2850What is SAN?Limitations of FC technologyIP IN SANSecurity Attacks in SANNetwork SecurityChip from HifnNetwork Processors in Wireless Applications.Intel® IXP422 Network ProcessorArchitecture:IXP422 in Wireless Access Point ApplicationConclusion:Cryptographic Capabilities of Network ProcessorsPresented by Aparna Kasturi, Sheryl Pinto and Swethana PagdalaWhat is a Network Processor? Any device that executes programs to handle packets in a data network It has architectural features and special circuitry for packet processing.  Due to the sensitivity of information being exchanged over networks, it is necessary for network processors to incorporate security measures over the data being transferred.Ways of incorporating security Look Aside ArchitectureDisadvantages of Look Aside Packets travel twice on the side band interface between the network processor and the security processor. This reduces the effective speed by half High-speed cryptographic co-processors are under-utilized because of the sideband control-path interface Placement of the security processor peripheral to the network processor forces considerable packet processing work onto the network system processorFlow Through Security Architecture The security processor is located in the data path inline with the Network Processor. Packet processing and decryption functions for inbound traffic are completed before the traffic reaches the network Processor  It requires the security processor to do many of the functions that the network processor is targeted for. Some of these tasks include reassembly of packets, protocol processing.On Chip SecurityThe main requirements for high speed secure content on the network require1. Multi gigabit throughput2. Millions of sessions and sessions set up per second3. Ability to look deeper into the network packet, to prevent attacks using a malicious URL. Flexibility to implement new algorithmsIntel IXP2850 Security processing can be executed as pipeline stages.  This enables encryption/decryption and hashing to occur as packets are transmitted or received for increased performance.  The IXP2850 can executes over 24 million DES encryptions per second Can provide 10Gb encrypted outputWhat is SAN? High-speed special-purpose network that runs on specific interfaces, such as Fibre Channel or a Internet Small Computer System Interface (iSCSI) Quick transfer of data between storage devices.  A dedicated storage network that carries only I/O traffic between servers and storage devices. General purpose network processor not required as SAN does not deal with application traffic. Fibre Channel technology is the standard protocol for SAN.  Enables a flexible networked environment. High speed server-to-server interconnectivity, Data transfer speeds of up to 200 MbpsLimitations of FC technology Lacks an internal security function. FC is difficult to extend beyond 10 or 100 kilometers. Needs special multiplexing techniques to extend beyond 100 Km.IP IN SAN Flexible, cost-effective, and high-performance storage networking for a broad range of application environments.  iSCSI, FCIP, and iFCP. Collectively, grouped under the family name of IP Storage Enables efficient and secure sharing of storage resources among multiple customers.Security Attacks in SAN Snooping: Mallory reads data Alice sent to Bob in private. Allows access to data. Spoofing: Mallory fools Alice into thinking that he is Bob. Allows access to or destruction of data . Denial of Service: Mallory crashes or floods Bob or Alice. Reduces availabilityNetwork Security Optimal support of IPsec in IP Storage devices requires a new generation of security processors.  These processor must provide self-contained solution for in-line acceleration of the full range of IPsec functions for multi gigabit IP Storage flows.Chip from Hifn Offers inbound and outbound policy processing, SA lookup, SA context handling, and packet formatting – all within a single chip.  DES/3DES-CBC, AES-CBC, AES-CTR, MD5, SHA-1 and AES-XCBC-MAC algorithms. FlowThrough Security Architecture Full-duplex Gigabit Ethernet encrypted throughput in iSCSI, FCIP and other IP-based storage networking systems.  <1.25W Power consumption Used in server host bus adapters (HBA), FCIP bridges, storage routers, and storage arrays.Source: www.hifn.com/productsNetwork Processors in Wireless Applications. The wireless access point provides the point of connection between wireless LAN’s and a wired network. wireless access points must be secure, manageable, scalable, and cost-effective. Intel processors in wireless applications: The Intel® IXP422 network processor is a versatile, single chip processor that integrates robust security features with the necessary interfaces, meeting the demands of wireless access points applications.Intel® IXP422 Network ProcessorArchitecture: Implements DES, 3DES and AES data encryption algorithms and SHA-1 and MD5 authentication algorithms typically used in 802.11i wireless applications. The high-performance architecture of the Intel IXP422 network processor can support bulk encryption/decryption rates of up to 70 Mbps for DES, 3DES and AES algorithms.IXP422 in Wireless Access Point ApplicationConclusion: The consistent architecture and broad range of features of IXP4XX product line simplify the task of choosing a processor to enable wireless applications. The Intel® IXP422 Network Processor is thus an ideal solution for deploying services such as security in addition to wireless access point applications.Chip name IPprocessingSpeedPower consumption Encryption Algorithms Hifn 8350 4Gbps IPSecprocessing <1.75W DES/ 3DES-CBC,AES-CBC, AES-CTR,MD5, SHA-1 andAES-XCBC-MACalgorithmsIntel IXP285010 Gbps < 2 W DES/ 3DES and SHA1Chip name IPprocessingSpeedPower consumption Encryption Algorithms Cavium 100 Mbps to 1Gbps< 1W DES, 3DES, AES, ARC4, SHA1, MD5RSA and DH Broadcom5823 1Gbps <1.3 W DES-CBC, 3DES-CBC AES-CBC,AES-CTR H-MAC SHA1, H-MAC


View Full Document

MASON ECE 646 - Cryptographic Capabilities of Network Processors

Documents in this Course
Load more
Download Cryptographic Capabilities of Network Processors
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Cryptographic Capabilities of Network Processors and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Cryptographic Capabilities of Network Processors 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?