A Secure Connection Management Solution for IPSEC on FPGA

Authors

  • Phan Văn Kỷ
  • La Hữu Phúc

DOI:

https://doi.org/10.54654/isj.v1i13.142

Keywords:

IPSec, IKE, FPGA, ESP, Encapsulating Security Payload

Tóm tắt

Abstract— IPSec (Internet Protocol Security) is a secure protocol aiming to protect data traffic via the Internet. There is a separate set of algorithms and security parameters in each secure connection in the IPSec deployment model. In order to ensure stable connections in high-bandwidth environments, managing multiple secure connections simultaneously on IPSec devices holds a significant role. Due to the complexity of the management process, this is commonly done by software on the operating system. This solution is restricted due to data exchange between field-programmable gate array (FPGA) and microprocessor. In this article, a solution was proposed to organize and manage a confidential connection after using Internet Key Exchange (IKE) to exchange keys for IPSec directly using hardware description language on FPGA, aiming to meet high-speed requirements with many connections.

Downloads

Download data is not yet available.

References

Altera Corp (2016), “Triple-Speed Ethernet MegaCore Function User Guide – Altera". [17-3-2021]. url: https://www.altera.com/literature/-ug/ug_ethernet.pdf.

RFC 4303, “IP Encapsulating Security Payload (ESP)”.10/2005.

RFC 7296, “Internet Key Exchange Protocol Version 2 (IKEv2)”. 10/2014.

FIPS PUB 198-1, “The Keyed-Hash Message Authentication Code (HMAC)”. 07/2008.

RFC 4634 “US Secure Hash Algorithms (SHA and HMAC-SHA)”.7/2006.

H.E.Michail, A.P.Kakarountas, E.Fotopoulou, C. E.Goutis, “High-Speed and Low-Power Implementation of Hash Message Authentication Code through Partially Unrolled Techniques”, Proceedings of the 5th WSEAS Int. Conf. on multimedia, internet and video technologies, Corfu, Greece, 17-19/8/2005, pp. 130-135.

Mateusz Korona, Krzysztof Skowron, Mateusz Trzepinski, Mariusz Rawski, “High-performance FPGA Architecture for Data Streams Processing on Example of IPsec Gateway”, Intl journal of electronics and telecommunications, 2018, Vol. 64, No. 3, pp. 351-356.

Muzaffar Rao, Joseph Coleman and Thomas Newe “An FPGA based reconfigurable IPSec ESP core suitable for IoT applications” Conference: 2016 10th International Conference on Sensing Technology, 11-13/11/2016.

Helion Technology Limited, IPsec ESP IP Core for FPGA – Product Brief, http://www.heliontech.com/ipsec.htm. (Truy cập 17/3/2021).

Sangjin Han, Keon Jang, Kyoung Soo Park, Sue Moon, PacketShader, “A GPU-accelerated Software Router”, http://shader.kaist.edu/packetshader, 2010 (Truy cập 17/3/2021).

Ky Phan Van, Thang Tran Van, Phuc La Huu, “A solution for packet security 1 Gbps on layer 2 with technology FPGA”, Journal of Science and Technology on Information security, ISSN 2615-9570, Vol. 08, No.02, 2018, pp. 19-24.

Downloads

Abstract views: 131 / PDF downloads: 90

Published

2022-01-12 — Updated on 2022-01-12

How to Cite

Kỷ, P. V., & Phúc, L. H. (2022). A Secure Connection Management Solution for IPSEC on FPGA. Journal of Science and Technology on Information Security, 1(13), 3-11. https://doi.org/10.54654/isj.v1i13.142

Issue

Section

Papers