Building an IKEv2 Key Exchange Solution Using NIOS II on FPGA
DOI:
https://doi.org/10.54654/isj.v1i13.138Keywords:
IPSec, IKE, FPGA, Nios IITóm tắt
Tóm tắt—Giao thức Internet Key Exchange (IKE) là một giao thức thực hiện quá trình trao đổi khóa và thỏa thuận trong chế độ bảo mật IPSec. Để thực thi giao thức bảo mật IPSec tốc độ cao thì thường kết hợp giữa phần mềm và phần cứng trên vi mạch Field Programmable Gate Array (FPGA) [7], [8]. Trong đó, các thao tác mật mã, đóng gói và bóc tách gói tin được thực hiện bằng FPGA để đảm bảo thực hiện hệ thống IPSec tốc độ cao; giao thức trao đổi khóa IKE được thực hiện bằng phần mềm sử dụng hệ điều hành Linux nhúng. Trong bài báo này, nhóm tác giả giới thiệu giải pháp thực hiện giải thuật trao đổi khóa IKE sử dụng Nios II trên FPGA. Với cách tiếp cận này, nhóm tác giả đã tự tổ chức, xây dựng chương trình trên bộ vi xử lý, nhờ đó kiểm soát được toàn bộ dòng dữ liệu.
Abstract—IKE (Internet Key Exchange) is a protocol that performs key exchange and agreement process in IPSec security mode. To implement high speed IPSec security protocol, it is often combined software and hardware on Field Programmable Gate Array (FPGA) [7], [8]. Therein, encryption, packet encapsulation and extraction operations will be performed by FPGA to ensure high speed IPSec system implementation; the IKE protocol is implemented by software using an embed Linux operating system. In this paper, the authors introduce the solution of implementing IKE key exchange algorithm using Nios II on FPGA. With this approach, the authors have organized and built the program on the microprocessor by themselves, therefore the entire data stream is controlled.
Downloads
References
Altera Corp, “DE4 User manual”, 2016, URL: ftp://ftp.altera.com/up/pub/Altera_Material/Boards/DE4/DE4_User_Manual.pdf (Truy cập ngày 17/8/2021).
Altera Corp, “Triple-Speed Ethernet MegaCore Function User Guide – Altera", 2016, URL: https://www.altera.com/literature/ug/ug_ethernet.pdf Truy cập ngày 17/8/2021).
“IEEE 802.1X-rev-2010, IEEE Standard for Local and metropolitan area networks Port – Base Network Access Control”, 2010, URL: https://standards.ieee.org/getieee802/download/802.1X-2010.pdf (Truy cập ngày 17/8/2021).
“RFC 3748: Extensible Authentication Protocol”, 2004, URL: https://datatracker-.ietf.org/doc/
html/rfc3748 (Truy cập ngày 17/8/2021).
“RFC 4303: IP Encapsulating Security Payload (ESP)”, 2005, URL: https://datatracker-.ietf.org/doc/html/rfc4303 (Truy cập ngày 17/8/2021).
“RFC 7296: Internet Key Exchange Protocol Version 2 (IKEv2)”, 2014, URL: https://data-tracker.ietf.org/doc/html/rfc7296 (Truy cập ngày 17/8/2021).
Jing Lu, John W. Lockwood, “IPSec implementation on Xilinx Virtex-II pro FPGA and its application”, IPDPS 2005.
Zdenek Martinasek, Jan Hajny, M David Smekal, and others, “200 Gbps Hardware Accelerated Encryption System for FPGA Network Cards”, ASHES '18: Proceedings of the 2018 Workshop on Attacks and Solutions in Hardware Security, 10/2018.
The OpenSource IPsec-based VPN Solution, URL: https://strongswan.org (Truy cập ngày 17/8/2021).
“RFC 8229: TCP Encapsulation of IKE and IPsec Packets”, 2017, URL: https://data-tracker.ietf.org/doc/html/rfc8229 (Truy cập ngày 17/8/2021).
Downloads
Published
How to Cite
Issue
Section
License
Proposed Policy for Journals That Offer Open Access
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
Proposed Policy for Journals That Offer Delayed Open Access
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication, with the work [SPECIFY PERIOD OF TIME] after publication simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).