Abstract
Along with the explosive growth of network data, security is becoming increasingly important for web transactions. The SSL/TLS protocol has been widely adopted as one of the effective solutions for sensitive access. Although OpenSSL could provide a freely available implementation of the SSL/TLS protocol, the crypto functions, such as symmetric key ciphers, are extremely compute-intensive operations. These expensive computations through software implementations may not be able to compete with the increasing need for speed and secure connection. Although there are lots of excellent works with the objective of SSL/TLS hardware acceleration, they focus on the dedicated hardware design of accelerators. Hardly of them presented how to utilize them efficiently. Actually, for some application scenarios, the performance improvement may not be comparable with AES-NI, due to the induced invocation cost for hardware engines. Therefore, we proposed the research to take full advantages of both accelerators and CPUs for security HTTP accesses in big data. We not only proposed optimal strategies such as data aggregation to advance the contribution with hardware crypto engines, but also presented an Adaptive Crypto System based on Accelerators (ACSA) with software and hardware codesign. ACSA is able to adopt crypto mode adaptively and dynamically according to the request character and system load. Through the establishment of 40 Gbps networking on TAISHAN Web Server, we evaluated the system performance in real applications with a high workload. For the encryption algorithm 3DES, which is not supported in AES-NI, we could get about 12 times acceleration with accelerators. For typical encryption AES supported by instruction acceleration, we could get 52.39% bandwidth improvement compared with only hardware encryption and 20.07% improvement compared with AES-NI. Furthermore, the user could adjust the trade-off between CPU occupation and encryption performance through MM strategy, to free CPUs according to the working requirements.
Highlights
As we enter the big data era, network data demonstrates an explosive growth [1, 2]
The main contributions of this work are as follows: (i) To the best of our knowledge, this is the first Adaptive Crypto System based on Accelerators (ACSA) with software and hardware codesign, which is able to adopt crypto mode adaptively and dynamically according to the request character and system load
For typical encryption AES supported by instruction acceleration, we could get 52.39% bandwidth improvement compared with only hardware encryption, and 20.07% improvement compared with AES-NI
Summary
As we enter the big data era, network data demonstrates an explosive growth [1, 2]. More and more transactions, such as e-commerce and net-banking, require the transfer of sensitive information via the Internet, and the security is becoming more and more important for web applications [3, 4]. Others mount all processes for SSL/TLS ciphered communication into a single FPGA or ASIC, such as works in [14,15,16] These works showed a great performance improvement compared with software encryption with crypto lib. These studies concentrated on the implementation of the hardware itself and hardly referred to how to utilize crypto accelerators efficiently with least cost, not to talk about the design methodology for taking full advantages of both accelerators and CPUs. most hardware accelerations for SSL/TLS are specified for embedded systems [10,11,12,13], which could not satisfy the high volume and high concurrent accesses requirements in big data age.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
