Use this URL to cite or link to this record in EThOS: http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.492519
Title: Architectural investigation into network security processing
Author: Moore, Patrick
Awarding Body: Queen's University Belfast
Current Institution: Queen's University Belfast
Date of Award: 2009
Availability of Full Text:
Full text unavailable from EThOS. Please contact the current institution’s library for further details.
Abstract:
In this thesis, innovative techniques for accelerating and scaling cryptographic architectures for the provision of network security are presented. The first of these is a novel ASIP based interface, which allows for generic hardware block cipher cores to be used within a 32-bit ASIP platform. An example system consisting of the Altera Nios-II and an AES block cipher is described and how the interface can be extended to support additional encryption modes of operation is discussed. A figure of merit that can be utilised to determine the efficiency of interfaces is proposed. Following on from this a thorough investigation into IKEv2 is presented, With specific focus on hardware/software partitioning of the system. This resulted in the proposal of two systems -- one suitable for use in an embedded context, the other suitable for server deployment -- each capable of processing 250 key exchanges per second. The scalability of the proposed IKEv2 systems is also investigated with respect to the number of processors and the rate at which key exchanges can be sustained. As a result, two scalable architectures are proposed -- pipelined and iterative -- both of which could utilise the embedded or server based implementation. A simulator was developed to determine the optimal configurations within these systems. The iterative architecture was found to be more efficient in terms of throughput and latency. Further to this, the effect of unreliable networks on the developed architectures is investigated with falloffs in performance being observed as the network degrades. The implications of being able to employ the high-speed IKEv2 architecture within a scalable overall IPsec system were investigated. In the course of this exploration, three novel architectures were developed to aid with the scalability: a multi-threaded block cipher' architecture, a system to allow for parallelisation of HMAC structures and finally a system to allow for efficient key distribution within the IPsec architecture.
Supervisor: Not available Sponsor: Not available
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID: uk.bl.ethos.492519  DOI: Not available
Share: