A 10 Giga VPN Accelerator Board for Trust Channel Security System
This paper proposes a VPN Accelerator Board
(VPN-AB), a virtual private network (VPN) protocol designed for
trust channel security system (TCSS). TCSS supports safety
communication channel between security nodes in internet. It
furnishes authentication, confidentiality, integrity, and access control
to security node to transmit data packets with IPsec protocol. TCSS
consists of internet key exchange block, security association block,
and IPsec engine block. The internet key exchange block negotiates
crypto algorithm and key used in IPsec engine block. Security
Association blocks setting-up and manages security association
information. IPsec engine block treats IPsec packets and consists of
networking functions for communication. The IPsec engine block
should be embodied by H/W and in-line mode transaction for high
speed IPsec processing. Our VPN-AB is implemented with high speed
security processor that supports many cryptographic algorithms and
in-line mode. We evaluate a small TCSS communication environment,
and measure a performance of VPN-AB in the environment. The
experiment results show that VPN-AB gets a performance throughput
of maximum 15.645Gbps when we set the IPsec protocol with
3DES-HMAC-MD5 tunnel mode.
[1] Neil Gammage, "Security Application Note," Motorola Canada, 2001.
[2] "Nitrox-II Security Processor CN25xx Family Hardware Manual
Rev0.1," Cavium, 2003.
[3] "CN-EB2200 Schematic Rev AX01," Cavium, 2003.
[4] "CN-EB2500 Schematic Rev AX01," Cavium, 2003.
[5] "System Packet Interface Level 4(SPI-4) Phase 2:OC-192 System
Interface for Physical and Link Layer Devices," 2001.
[6] "IPsec Security Policy Requirements," IETE Internet.
[7] "Nitrox-II Software Architecture Manual," Cavium 2004.
[8] Eric Rescorla, "SSL and TLS Designing and Building Secure System,"
Addison-Wesley, 2001.
[9] Uyless Black, "Internet Security Protocols Protecting IP Traffic,"
Prentice Hall PTR, 2000.
[10] Naganand Doraswamy, Dan Harkins, "IPsec : The New Security Standard
for the Internet, Intranets, and Virtual Private Networks," Prentice Hall
PTR, 1999.
[11] Elizabeth Kaufman, Andrew Newman, "Implementing IPsec : Making
Security work on VPNs, Intranets, and Extranets," John wiley & Sons,
1999.
[1] Neil Gammage, "Security Application Note," Motorola Canada, 2001.
[2] "Nitrox-II Security Processor CN25xx Family Hardware Manual
Rev0.1," Cavium, 2003.
[3] "CN-EB2200 Schematic Rev AX01," Cavium, 2003.
[4] "CN-EB2500 Schematic Rev AX01," Cavium, 2003.
[5] "System Packet Interface Level 4(SPI-4) Phase 2:OC-192 System
Interface for Physical and Link Layer Devices," 2001.
[6] "IPsec Security Policy Requirements," IETE Internet.
[7] "Nitrox-II Software Architecture Manual," Cavium 2004.
[8] Eric Rescorla, "SSL and TLS Designing and Building Secure System,"
Addison-Wesley, 2001.
[9] Uyless Black, "Internet Security Protocols Protecting IP Traffic,"
Prentice Hall PTR, 2000.
[10] Naganand Doraswamy, Dan Harkins, "IPsec : The New Security Standard
for the Internet, Intranets, and Virtual Private Networks," Prentice Hall
PTR, 1999.
[11] Elizabeth Kaufman, Andrew Newman, "Implementing IPsec : Making
Security work on VPNs, Intranets, and Extranets," John wiley & Sons,
1999.
@article{"International Journal of Electrical, Electronic and Communication Sciences:55275", author = "Ki Hyun Kim and Jang-Hee Yoo and Kyo Il Chung", title = "A 10 Giga VPN Accelerator Board for Trust Channel Security System", abstract = "This paper proposes a VPN Accelerator Board
(VPN-AB), a virtual private network (VPN) protocol designed for
trust channel security system (TCSS). TCSS supports safety
communication channel between security nodes in internet. It
furnishes authentication, confidentiality, integrity, and access control
to security node to transmit data packets with IPsec protocol. TCSS
consists of internet key exchange block, security association block,
and IPsec engine block. The internet key exchange block negotiates
crypto algorithm and key used in IPsec engine block. Security
Association blocks setting-up and manages security association
information. IPsec engine block treats IPsec packets and consists of
networking functions for communication. The IPsec engine block
should be embodied by H/W and in-line mode transaction for high
speed IPsec processing. Our VPN-AB is implemented with high speed
security processor that supports many cryptographic algorithms and
in-line mode. We evaluate a small TCSS communication environment,
and measure a performance of VPN-AB in the environment. The
experiment results show that VPN-AB gets a performance throughput
of maximum 15.645Gbps when we set the IPsec protocol with
3DES-HMAC-MD5 tunnel mode.", keywords = "TCSS(Trust Channel Security System), VPN(VirtualPrivate Network), IPsec, SSL, Security Processor, Securitycommunication.", volume = "1", number = "10", pages = "1464-4", }