A Secure Connection Management Solution for IPSEC on FPGA
DOI:
https://doi.org/10.54654/isj.v1i13.142Keywords:
IPSec, IKE, FPGA, ESP, Encapsulating Security PayloadTóm tắt
Abstract— IPSec (Internet Protocol Security) is a secure protocol aiming to protect data traffic via the Internet. There is a separate set of algorithms and security parameters in each secure connection in the IPSec deployment model. In order to ensure stable connections in high-bandwidth environments, managing multiple secure connections simultaneously on IPSec devices holds a significant role. Due to the complexity of the management process, this is commonly done by software on the operating system. This solution is restricted due to data exchange between field-programmable gate array (FPGA) and microprocessor. In this article, a solution was proposed to organize and manage a confidential connection after using Internet Key Exchange (IKE) to exchange keys for IPSec directly using hardware description language on FPGA, aiming to meet high-speed requirements with many connections.
Downloads
References
Altera Corp (2016), “Triple-Speed Ethernet MegaCore Function User Guide – Altera". [17-3-2021]. url: https://www.altera.com/literature/-ug/ug_ethernet.pdf.
RFC 4303, “IP Encapsulating Security Payload (ESP)”.10/2005.
RFC 7296, “Internet Key Exchange Protocol Version 2 (IKEv2)”. 10/2014.
FIPS PUB 198-1, “The Keyed-Hash Message Authentication Code (HMAC)”. 07/2008.
RFC 4634 “US Secure Hash Algorithms (SHA and HMAC-SHA)”.7/2006.
H.E.Michail, A.P.Kakarountas, E.Fotopoulou, C. E.Goutis, “High-Speed and Low-Power Implementation of Hash Message Authentication Code through Partially Unrolled Techniques”, Proceedings of the 5th WSEAS Int. Conf. on multimedia, internet and video technologies, Corfu, Greece, 17-19/8/2005, pp. 130-135.
Mateusz Korona, Krzysztof Skowron, Mateusz Trzepinski, Mariusz Rawski, “High-performance FPGA Architecture for Data Streams Processing on Example of IPsec Gateway”, Intl journal of electronics and telecommunications, 2018, Vol. 64, No. 3, pp. 351-356.
Muzaffar Rao, Joseph Coleman and Thomas Newe “An FPGA based reconfigurable IPSec ESP core suitable for IoT applications” Conference: 2016 10th International Conference on Sensing Technology, 11-13/11/2016.
Helion Technology Limited, IPsec ESP IP Core for FPGA – Product Brief, http://www.heliontech.com/ipsec.htm. (Truy cập 17/3/2021).
Sangjin Han, Keon Jang, Kyoung Soo Park, Sue Moon, PacketShader, “A GPU-accelerated Software Router”, http://shader.kaist.edu/packetshader, 2010 (Truy cập 17/3/2021).
Ky Phan Van, Thang Tran Van, Phuc La Huu, “A solution for packet security 1 Gbps on layer 2 with technology FPGA”, Journal of Science and Technology on Information security, ISSN 2615-9570, Vol. 08, No.02, 2018, pp. 19-24.
Downloads
Published
How to Cite
Issue
Section
License
Proposed Policy for Journals That Offer Open Access
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
Proposed Policy for Journals That Offer Delayed Open Access
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication, with the work [SPECIFY PERIOD OF TIME] after publication simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).