Multi Core SSL/TLS Security Processor Architecture Prototype Design with automated Preferential Algorithm in FPGA

TL;DR

This paper presents a high-speed, FPGA-based network security processor architecture for SSL/TLS protocols that dynamically selects encryption algorithms based on user-defined resource and performance constraints.

Contribution

It introduces a novel preferential algorithm for selecting cipher suites based on an Efficient System Index, optimizing resource use and throughput in FPGA implementations.

Findings

Achieved high throughput in SSL/TLS processing on FPGA.

Demonstrated dynamic cipher suite selection based on user constraints.

Implemented partial reconfiguration for efficient resource management.

Abstract

In this paper a pipelined architecture of a high speed network security processor (NSP) for SSL,TLS protocol is implemented on a system on chip (SOC) where hardware information of all encryption, hashing and key exchange algorithms are stored in flash memory in terms of bit files, in contrary to related works where all are actually implemented in hardware. The NSP finds applications in e-commerce, virtual private network (VPN) and in other fields that require data confidentiality. The motivation of the present work is to dynamically execute applications with stipulated throughput within budgeted hardware resource and power. A preferential algorithm choosing an appropriate cipher suite is proposed, which is based on Efficient System Index (ESI) budget comprising of power, throughput and resource given by the user. The bit files of the chosen security algorithms are downloaded from the flash memory to the partial region of field programmable gate array (FPGA). The proposed SOC controls data communication between an application running in a system through a PCI and the Ethernet interface of a network. Partial configuration feature is used in ISE14.4 suite with ZYNQ 7z020-clg484 FPGA platform. The performances