Real-Time FFT Computation Using GPGPU for OFDM-Based Systems

In optical and wireless communications systems, the goal is to reach 10 Gbps or above data rates. In order to support such extremely high data rates, the physical layer generally uses orthogonal frequency division multiplexing (OFDM) modulation. Unlike serial transmission of symbols, the OFDM modulation transmits data with many parallel sub-carriers, which help to provide high bandwidth. Field programmable gate arrays (FPGAs) and digital signal processors (DSPs) are usually employed to process OFDM blocks in real time. However, FPGAs and DSPs are not cost effective, and they are difficult to adapt to new standards. One of the most computationally intensive functions in OFDM systems is the fast Fourier transform (FFT) computation process. This paper aims to accelerate the FFT process to achieve high communication throughput in real time. Two parallel approaches are implemented for two different NVIDIA graphics processing unit (GPU) architectures. To obtain the best performance values, several optimizations are implemented. Our general purpose graphics processing unit (GPGPU)-based FFT computation achieves up to 24 Gbps throughput in real time.     

一种在线网络安全处理器SoC的IPSec加速器

对高速在线网络安全处理器中IPSec协议处理部分进行设计,完成了传输模式和隧道模式下网络数据包的认证头(AH)和安全封装载荷(ESP)处理。对IPSec加速器的可配置性和功能进行了 FPGA验证,并在一款单通道10 Gb/s在线网络安全处理器中实现了AH协议传输模式IPSec加速器的ASIC验证。测试结果表明,在200 MHz时钟频率下,单个AH协议模块在传输模式下的数据吞吐率达到1.5 Gb/s,通过并行的方式可以满足不同性能的网络安全需求。     

Configuration and Extension of Embedded Processors to Optimize IPSec Protocol Execution

Security protocols, such as IPSec and SSL, are being increasingly deployed in the context of networked embedded systems. The resource-constrained nature of embedded systems and, in particular, the modest capabilities of embedded processors make it challenging to achieve satisfactory performance while executing security protocols. A promising approach for improving performance in embedded systems is to use application-specific instruction set processors that are designed based on configurable and extensible processors. In this paper, we perform a comprehensive performance analysis of the IPSec protocol on a state-of-the-art configurable and extensible embedded processor (Xtensa from Tensilica Inc.). We present performance profiles of a lightweight embedded IPSec implementation running on the Xtensa processor, and examine in detail the various factors that contribute to the processing latencies, including cryptographic and protocol processing. In order to improve the efficiency of IPSec processing on embedded devices, we then study the impact of customizing an embedded processor by synergistically 1) configuring architectural parameters, such as instruction and data cache sizes, processor-memory interface width, write buffers, etc., and 2) extending the base instruction set of the processor using custom instructions for both cryptographic and protocol processing. Our experimental results demonstrate that upto 3.2times speedup in IPSec processing is possible over a popular embedded IPSec software implementation     

Design and Performance Analysis of a Unified, Reconfigurable HMAC-Hash Unit

Hash functions are important security primitives used for authentication and data integrity. Among the most popular hash functions are MD5, SHA-1, and RIPEMD-160, which are all based on the function MD4. This similarity can be exploited for designing a unified engine to perform all three hash functions. Hash message authentication code (HMAC) is a shared-key security algorithm that uses these hash functions alternatively for IPSec authentication. Since some other security applications, such as digital signature, also use these three hash functions, it is prudent to design a unified, reconfigurable engine that can perform any one of them alone or with HMAC. In this work, we design an HMAC-hash unit that can be reconfigured to perform one of six standard security algorithms; namely, MD5, SHA-1, RIPEMD-160, HMAC-MD5, HMAC-SHA-1, and HMAC-RIPEMD-160. This paper applied pipelining and parallelism to the design of the HMAC-hash unit to improve throughput, especially for large message sizes. We achieved higher throughput than engines that integrated three hash functions or more and comparable throughput to those integrated only two hash functions.     

在Linux下基于IPSec的VPN技术

虚拟专用网(VPN)技术是在开放的网络上实现专用信息传输的安全技术,IPSec(IP安全协议)是实现VPN的技术的有效手段。本文分析了IPSec协议框架,并在此基础上,讨论了在Linux操作系统上设计和实现VPN技术的工作原理,着重介绍了隧道模式下IPSec的安全VPN技术。     

基于SafeXcel芯片的IPV6安全模块的设计

讨论将高速密码芯片应用到IPV6安全模块研制中的一种应用方案。方案以SafeXcel系列安全芯片作为加／解密算法模块的内核。给出这种用于增强IPV6路由器安全性的安全模块的结构设计方案和实现方法,该安全模块可以实现对IPV6数据包的实时IPSec保护,大大改进高性能网络中对数据流进行实时加／解密的性能。     

一种基于IPSec协议的安全网卡的研究与设计

随着网络数据开放性,共享性的不断扩大,人们越来越重视网络传输的安全问题,针对这一问题,本文首先对IPSec协议族进行了研究,介绍了IPSec安全机制及应用,分析了认证头协议、封装安全载荷协议的结构及其关键技术。在此基础上提出了一种基于IPSec协议的安全网卡的设计模型,并阐述了此安全网卡的工作原理。     

IPSEC与SSL的安全性研究

IPSEC与SSL在为互联网提供安全的通信方面均起到了重要的作用,同样这两种技术也是各有长处.本文对这两种技术进行了比较,分析了这两种协议的安全性能.     

SSL VPN网络安全技术的应用研究

企业通过Internet允许员工、客户以及合作伙伴访问企业内部的资源已成为一种趋势,但需要提供一种安全接入机制来保障网络安全。文中分析了SSLVPN网络安全技术的基本原理及其实际应用,通过与IPSecVPN的比较,SSLVPN技术有着显著优点,同时也有其缺陷。指出SSLVPN技术由于拥有全方位的优势,取代传统的组网技术成为主流已为时不远。     

一种可重构体系结构用于高速实现DES、3DES和AES

可重构密码芯片提高了密码芯片的安全性和灵活性,具有良好的应用前景.然而目前的可重构密码芯片吞吐率均大大低于专用芯片,因此,如何提高处理速度是可重构密码芯片设计的关键问题.本文分析了常用对称密码算法DES、3DES和AES的可重构性,利用流水线、并行处理和可重构技术,提出了一种可重构体系结构.基于该体系结构实现的DES、3DES和AES吞吐率在110MHz工作频率下分别可达到7Gbps、2.3Gbps和1.4Gbps.与其他同类设计相比,本文设计在处理速度上有较大优势,可以很好地应用到可重构密码芯片设计中.     

IPSec协议分析

IPSec作为一种IP层安全协议簇,随着4G网络及计算机网络IPv6的发展,其受到了人们的广泛关注。文中介绍了IPSec的安全架构、认证和加密的实施过程,尤其是对AH和ESP协议进行了分析,并对IPSec实际部署中穿越NAT的问题提出了可行的解决方案。     

A high-performance CMOS 32-bit parallel CRC engine

Design highlights for a 32-bit parallel cyclic redundancy check (CRC) generator engine are presented. In a 0.8-μm three-layer-metal CMOS process, the engine could handle about 5 Gbps data throughput. A compact layout is achieved by predecoding eight groups of four bits followed by performing a binary tree reduction on nets that are sorted by fanout. There are six gate delays plus a single-phase clock edge-triggered register     

基于嵌入式网络安全技术的研究

一种有效嵌入式因特网安全架构的设计需要综合考虑到嵌入式因特网服务面对的安全威胁。在嵌入式网络复杂多变的应用环境下,根据所面临的各种嵌入式网络安全问题,提出相应的安全解决方案。文中针对嵌入式因特网的安全现状,提出了安全需求分析,对嵌入式网络安全的基本原理、安全协议的实现层次、相关的密码协议进行了阐述,并针对嵌入式网络设备的安全设计提出了相关解决方案。     

Multicore Flow Processor with Wire‐Speed Flow Admission Control

We propose a flow admission control (FAC) for setting up a wire‐speed connection for new flows based on their negotiated bandwidth. It also terminates a flow that does not have a packet transmitted within a certain period determined by the users. The FAC can be used to provide a reliable transmission of user datagram and transmission control protocol applications. If the period of flows can be set to a short time period, we can monitor active flows that carry a packet over networks during the flow period. Such powerful flow management can also be applied to security systems to detect a denial‐of‐service attack. We implement a network processor called a flow management network processor (FMNP), which is the second generation of the device that supports FAC. It has forty reduced instruction set computer core processors optimized for packet processing. It is fabricated in 65‐nm CMOS technology and has a 40‐Gbps process performance. We prove that a flow router equipped with an FMNP is better than legacy systems in terms of throughput and packet loss.     

基于国家标准的SSL VPN安全网关研究与实现

SSL VPN安全网关为传输层和应用层协议提供安全隧道,利用安全隧道技术,在传输层实现互联网网络信息的安全保护,能够利用公共网络为用户建立虚拟的专用网络,提供比专网更加安全的通信信道。SSL VPN安全网关以国家密码管理局审批的密码卡为基础密码器件,为其提供密钥运算、密钥保护、密钥备份恢复等功能;操作系统采用裁剪的Linux系统,同时,严格遵循国家密码管理政策和相关设计规范,实现了基于传输层的SSL VPN安全网关,为各种应用提供了身份认证和安全传输的需求。在政府、金融、运营商、能源、交通等领域具有广泛的用途,有明显的社会效益和经济效益。文章对此展开了分析。     

VPN技术IPSec和SSL的对比研究

介绍了VPN技术的概念、原理和分类,并详细阐述了IPSec VPN与SSL VPN在互联网安全通信方面起到的重要的作用,比较了这两种技术在工作原理,连接模式,接入方式的不同和安全性方面的优缺点。     

LTE传输安全组网技术及规划要点

在LTE网络中,eNodeB回传采用IP分组承载传送网。IP网络除了简单灵活、扁平化、完全开放等特点外,还使承载的业务面临各种信息安全问题。通过详细分析802.1x、IPSec、SSL和PKI等传输安全关键技术,提出了不同层次的传输安全保护组网建议,以解决eNodeB与EPC核心网之间的通信安全问题。     

Efficient pipelined flow classification for intelligent data processing in IoT

The packet classification is a fundamental process in provisioning security and quality of service for many intelligent network-embedded systems running in the Internet of Things (IoT). In recent years, researchers have tried to develop hardware-based solutions for the classification of Internet packets. Due to higher throughput and shorter delays, these solutions are considered as a major key to improving the quality of services. Most of these efforts have attempted to implement a software algorithm on the FPGA to reduce the processing time and enhance the throughput. The proposed architectures, however, cannot reach a compromise among power consumption, memory usage, and throughput rate. In view of this, the architecture proposed in this paper contains a pipeline-based micro-core that is used in network processors to classify packets. To this end, three architectures have been implemented using the proposed micro-core. The first architecture performs parallel classification based on header fields. The second one classifies packets in a serial manner. The last architecture is the pipeline-based classifier, which can increase performance by nine times. The proposed architectures have been implemented on an FPGA chip. The results are indicative of a reduction in memory usage as well as an increase in speedup and throughput. The architecture has a power consumption of is 1.294w, and its throughput with a frequency of 233 ?MHz exceeds 147 Gbps.     

一种高性能硬件加密引擎阵列架构

该文提出一种高性能硬件加密引擎阵列架构,为大数据应用提供了先进的安全解决方案。该模块架构包括一个高速接口、一个中央管理和监视模块(CMMM)、一组多通道驱动加密引擎阵列,其中CMMM将任务分配给加密引擎,经由专用算法处理后再将数据传回主机。由于接口吞吐量和加密引擎阵列规模会限制模块性能,针对PCIe高速接口,采用MMC/eMMC总线连接构建阵列,发现更多加密引擎集成到系统后,模块性能将会得到提升。为验证该架构,使用55 nm制程工艺完成了一个PCIe Gen2×4接口的ASIC加密卡,测试结果显示其平均吞吐量高达419.23 MB。