2011 Seventh International Conference on Computational Intelligence and Security (2011)
Sanya, Hainan China
Dec. 3, 2011 to Dec. 4, 2011
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/CIS.2011.154
A configurable IPSec processor for a high performance in-line network security processor that integrates two embedded 32-bit CPU cores, and an IPSec protocol processor on a SoC is presented. The IPSec processor can implement the transport/tunnel mode AH and ESP protocol of the IPSec, and support AES-128/192/256, HMAC-SHA-1 algorithm. The number of AH, ESP, AES, HMAC-SHA-1 IP-cores in the design can be configured for different use such as 10 Gigabit Ethernet and Gigabit Ethernet, even for the next generation 40/100G Network. Low power is also considered in the design. In the IPSec processor, crossbar switch architecture for multi-core data transfer is adopted. With four parallel AH, ESP, AES, HMAC-SHA-1 IP-cores separately connected to an 8x8 crossbar switch in the IPSec processor, a throughput of 1.5Gbps at 200MHz is achieved and hardware verification is implemented by FPGA. By simulation, the IPSec protocol operation can achieve 10Gbps wire speed with 32 IPSec protocol IP-cores and cryptographic IP-cores configured in the IPSec processor.
IP security (IPSec), network security processor, Ethernet, cryptographic algorithm, crossbar switch
L. Wu, L. Wang, Y. Niu, J. Xu and X. Zhang, "A Configurable IPSec Processor for High Performance In-Line Security Network Processor," 2011 Seventh International Conference on Computational Intelligence and Security(CIS), Sanya, Hainan China, 2011, pp. 674-678.