A mesh-structured scalable IPsec processor

Mao Yin Wang, Cheng Wen Wu

Research output: Contribution to journalArticle

6 Citations (Scopus)

Abstract

IP security (IPsec) protocols are widely used to protect sensitive data over the Internet. For equipment linked by high-bandwidth optical fibers, the throughput requirement usually results in the adoption of high-performance network security processors. In this paper, we propose a parallel mesh-structured IPsec (MIPsec) processor, which executes the IPsec protocols for Internet security gateway applications. We have developed several area-efficient cryptographic IPs embedded in MIPsec to lower silicon cost. Thanks to structural regularity, the simple deterministic programming of MIPsec guarantees high utilization of the hardware. Also, both handshake and contention issues are solved in the scheme, such that performance can be scaled up. Specifically, the 6.23-million-gate MIPsec achieves 10-Gb/s wire speed for each routing direction. The proposed MIPsec is suitable for transport mode or other crypto mix as well.

Original languageEnglish
Article number5169966
Pages (from-to)725-731
Number of pages7
JournalIEEE Transactions on Very Large Scale Integration (VLSI) Systems
Volume18
Issue number5
DOIs
Publication statusPublished - 2010 May 1

Fingerprint

Internet
Network protocols
Gateways (computer networks)
Network security
Optical fibers
Throughput
Wire
Hardware
Bandwidth
Silicon
Costs

All Science Journal Classification (ASJC) codes

  • Software
  • Hardware and Architecture
  • Electrical and Electronic Engineering

Cite this

@article{be4607145e314e298d02fbd8e6907725,
title = "A mesh-structured scalable IPsec processor",
abstract = "IP security (IPsec) protocols are widely used to protect sensitive data over the Internet. For equipment linked by high-bandwidth optical fibers, the throughput requirement usually results in the adoption of high-performance network security processors. In this paper, we propose a parallel mesh-structured IPsec (MIPsec) processor, which executes the IPsec protocols for Internet security gateway applications. We have developed several area-efficient cryptographic IPs embedded in MIPsec to lower silicon cost. Thanks to structural regularity, the simple deterministic programming of MIPsec guarantees high utilization of the hardware. Also, both handshake and contention issues are solved in the scheme, such that performance can be scaled up. Specifically, the 6.23-million-gate MIPsec achieves 10-Gb/s wire speed for each routing direction. The proposed MIPsec is suitable for transport mode or other crypto mix as well.",
author = "Wang, {Mao Yin} and Wu, {Cheng Wen}",
year = "2010",
month = "5",
day = "1",
doi = "10.1109/TVLSI.2009.2016102",
language = "English",
volume = "18",
pages = "725--731",
journal = "IEEE Transactions on Very Large Scale Integration (VLSI) Systems",
issn = "1063-8210",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
number = "5",

}

A mesh-structured scalable IPsec processor. / Wang, Mao Yin; Wu, Cheng Wen.

In: IEEE Transactions on Very Large Scale Integration (VLSI) Systems, Vol. 18, No. 5, 5169966, 01.05.2010, p. 725-731.

Research output: Contribution to journalArticle

TY - JOUR

T1 - A mesh-structured scalable IPsec processor

AU - Wang, Mao Yin

AU - Wu, Cheng Wen

PY - 2010/5/1

Y1 - 2010/5/1

N2 - IP security (IPsec) protocols are widely used to protect sensitive data over the Internet. For equipment linked by high-bandwidth optical fibers, the throughput requirement usually results in the adoption of high-performance network security processors. In this paper, we propose a parallel mesh-structured IPsec (MIPsec) processor, which executes the IPsec protocols for Internet security gateway applications. We have developed several area-efficient cryptographic IPs embedded in MIPsec to lower silicon cost. Thanks to structural regularity, the simple deterministic programming of MIPsec guarantees high utilization of the hardware. Also, both handshake and contention issues are solved in the scheme, such that performance can be scaled up. Specifically, the 6.23-million-gate MIPsec achieves 10-Gb/s wire speed for each routing direction. The proposed MIPsec is suitable for transport mode or other crypto mix as well.

AB - IP security (IPsec) protocols are widely used to protect sensitive data over the Internet. For equipment linked by high-bandwidth optical fibers, the throughput requirement usually results in the adoption of high-performance network security processors. In this paper, we propose a parallel mesh-structured IPsec (MIPsec) processor, which executes the IPsec protocols for Internet security gateway applications. We have developed several area-efficient cryptographic IPs embedded in MIPsec to lower silicon cost. Thanks to structural regularity, the simple deterministic programming of MIPsec guarantees high utilization of the hardware. Also, both handshake and contention issues are solved in the scheme, such that performance can be scaled up. Specifically, the 6.23-million-gate MIPsec achieves 10-Gb/s wire speed for each routing direction. The proposed MIPsec is suitable for transport mode or other crypto mix as well.

UR - http://www.scopus.com/inward/record.url?scp=77951880182&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=77951880182&partnerID=8YFLogxK

U2 - 10.1109/TVLSI.2009.2016102

DO - 10.1109/TVLSI.2009.2016102

M3 - Article

AN - SCOPUS:77951880182

VL - 18

SP - 725

EP - 731

JO - IEEE Transactions on Very Large Scale Integration (VLSI) Systems

JF - IEEE Transactions on Very Large Scale Integration (VLSI) Systems

SN - 1063-8210

IS - 5

M1 - 5169966

ER -