Hardware Acceleration of a Software-based VPN Furkan Turan Ruan de - - PowerPoint PPT Presentation

hardware acceleration
SMART_READER_LITE
LIVE PREVIEW

Hardware Acceleration of a Software-based VPN Furkan Turan Ruan de - - PowerPoint PPT Presentation

Nov 05, 2023 28 likes •220 views

Hardware Acceleration of a Software-based VPN Furkan Turan Ruan de Clercq, Pieter Maene, Oscar Reparaz Ingrid Verbauwhede KU Leuven - COSIC VPN Introduction VPN (Virtual Private Network) encrypts the communication between two parties. 2 VPN

slide-1
SLIDE 1

Hardware Acceleration

  • f a Software-based VPN

Furkan Turan Ruan de Clercq, Pieter Maene, Oscar Reparaz Ingrid Verbauwhede KU Leuven - COSIC

slide-2
SLIDE 2

VPN Introduction

2

VPN (Virtual Private Network) encrypts the communication between two parties.

slide-3
SLIDE 3

VPN Device Introduction

Goal: Start with a VPN application, Convert it into a 2 port VPN device, Accelerate it with a cryptographic coprocessor.

VPN Device

VPN Device

3

slide-4
SLIDE 4

Software-based VPN

How a software-based VPN application works: SigmaVPN: Light-weight, secure and modular software-based VPN

Application Application Virtual Network Interface VPN Application Physical Network Interface

4

slide-5
SLIDE 5

2 Port VPN Device with Hardware Accelerator

Private Comm Public Comm Sigma VPN Coprocessor Linux

The new Private Comm. module uses a Physical Network Interface. It is capable of even capturing broadcast messages.

5

slide-6
SLIDE 6

NaCl’s CryptoBox

KS ← ECDH(KSEC,A, KPUB,B) KS ← ECDH(KSEC,B, KPUB,A) KD ← HSalsa20(KS, N1) S ← Salsa20(KD, N2 || CTR) CT ← S ⊕ MSG MACA ← Poly1305(CT, S) KD ← HSalsa20(KS, N1) S ← Salsa20(KD, N2 || CTR) MACB ← Poly1305(CT, S) Compare(MACA, MACB) MSG ← S ⊕ CT Alice Bob CT, MACA, N1,2

7

slide-7
SLIDE 7

One-time Authenticator: Poly1305

Msg[0:127] Acc + x

mod 2130-5

R Acc Msg[128:256] + x

mod 2130-5

Msg[x:x+128] ... Acc + x

mod 2130-5

Acc Acc S +

mod 2128

MAC

128 130 128 131 128

An update operation for each 128-bit blocks of the message The operation implements a modular multiplication in radix (2130-5)

9

slide-8
SLIDE 8

Poly1305’s Implementation

Implemented using a school-book multiplication:

  • Big multiplication is divided into smaller blocks
  • Followed by propagation of the results

Each small block multiplication is handled in single-cycle multipliers of Zynq’s DSP48 Slices To boost the performance:

  • Parallel execution of smaller-block multiplications
  • Parallel propagating the results

x5 x5

10

slide-9
SLIDE 9

Poly1305’s Implementation

11

A datapath for each column to handle smaller block multiplications. Result of a column is propagated to the next. The multipliers set the critical path.

Block of Operand 1 Block Operand 2 X x5 +

slide-10
SLIDE 10

Hardware Implementation

  • Processing System runs Linux - SigmaVPN.
  • DMA transfers data between co-processor and RAM.

ZYNQ Processing System (PS) ARM Cores Programmable Logic (PL) DMA

CTRL Dest Add. Length

Cryptographic Coprocessor

AXI4 Lite AXI4 Full AXI4 Stream

12

slide-11
SLIDE 11

Coprocessor's Datapath

512 512 512 512 128

13

slide-12
SLIDE 12

Scheduling

  • Operation is divided into time slots
  • A time slot is the time to process a 512-bit message block
  • Each hardware module is active in each time slot

14

slide-13
SLIDE 13

Hardware Utilization

Single Instance of Processing Blocks

  • Resource Utilization: 53.67%
  • Max Clock Freq: 92.85 MHz
  • Process 512-bit block in a time slot

Duplicated Processing Blocks

  • Resource Utilization: 97.25%
  • Max Clock Freq: 81.25 MHz
  • Process 1024-bit block in a time slot

15

ZYBO Board comes with Zynq Z-7010 SoC;

  • The smallest Zynq device
  • Has limited resources
slide-14
SLIDE 14

Communication btw. HW & SW

Configuring DMA for transferring buffers requires:

  • Accessing physical addresses
  • Coherent memory accesses

Created a Linux kernel space module (Device File) Problem: Overhead of making context switches

  • Going do kernel space costs ~800 cycles.
  • Transferring the frame btw. User and Kernel space costs ~740 cycles.

16

slide-15
SLIDE 15

Improvements to Cryptographic Operations

  • Encrypted and decrypted many test vectors with

both SW-only and SW+HW implementations.

  • Compared results for accuracy and execution times.

2 4 6 8 10 12 14 16 18 16 32 64 128 256 512 1024

Improvement (Factor) Message Length (Bytes)

Encryption Decryption

Improvement in Encryption Min 4.9, Max 15.1 Improvement in Decryption Min 9.1, Max 16.2

17

slide-16
SLIDE 16

Improvements to VPN Bandwidth

Test Network Structure: Bandwidth tests using Iperf Network Bandwidth Measurement Tool

VPN Device VPN Device

18

slide-17
SLIDE 17

Improvements to VPN Bandwidth

TCP bandwidth increase

  • 2.9 times for 128-byte frames,
  • 4.36 times for 1024-byte frames.

UDP bandwidth increase

  • 2 times for 128-byte frames,
  • 5.36 times for 1024-byte frames.

10 20 30 40 50 60 70 80 90 100 TCP UDP

Bandwidth (Mbps) for Comm. with 1024-byte ETH Frames

No VPN VPN without Crypto VPN with SW Crypto VPN with HW+SW Crypto

19

slide-18
SLIDE 18

Functionality Test

  • The designed VPN device is still capable of

establishing a secure communication with

  • riginal SigmaVPN application.
  • A VPN device on a low-cost dev-board,

providing confidential communication between a whole home/business network and a remote server.

20

slide-19
SLIDE 19

Conclusion

  • A cryptographic hardware accelerator is offered for

NaCl's CryptoBox specifically for SigmaVPN.

  • Encrypting a 1024-byte message in 94% less time

compared to SW-only implementation.

  • Integrating our HW-SW codesign into SigmaVPN
  • ffers up to 6 times more communication bandwidth.
  • Xilinx Open HW Design Contest Finalist:

http://www.openhw.eu/2016-finalists.html

  • It’s available open source:

https://github.com/furkanturan/Hardware-Accelerated-SigmaVPN

21