Anand Raghunathan
|
|
- Ada King
- 5 years ago
- Views:
Transcription
1 ECE 695R: SYSTEM-ON-CHIP DESIGN Module 2: HW/SW Partitioning Lecture 2.26: Example: Hardware Architecture Anand Raghunathan ECE 695R: System-on-Chip Design, Fall 2014 Fall 2014, ME 1052, T Th 12:00PM-1:15PM 2014 Anand Raghunathan 1
2 HW Architecture Scratchpad & memory & I/O Extensible up core Custom Instruction Unit INTR I/F Debug I/F 32bit Inst. RAM Inst. ROM Data RAM Data ROM I/O 32bit 16bit or 32bit Interrupt Control Coprocessor Control Debug Control Control Unit Instruction Queue Program Control System Registers Program Registers Operation Unit Multiplier ALU Coprocessor I/F Local Registers Coeff-table Hard-Wired- Logic Execution Unit Cache (I,D) Scratchpad (ROM RAM) Extensible RISC core Symmetric Hash Public-key DES/3DES AES RC4 SHA1 MD5 RSA ECC SHA256 DH AES-OMAC DSA/DSS custom instructions accelerate a wide range of cryptographic algorithms Configurable: Easy to add/remove algorithm support Scratchpad provides secure on-chip storage for code and data.
3 Performance (Stand-alone) Cryptographic Algorithm Processing speed (Mbps) Speedup over SW on RISC CPU 3DES Mbps X AES Mbps X Area: Base processor: ~40Kgates Co-processor: ~ Kgates MD5 491 Mbps 134X SHA Mbps 330X RSA (2048) 311 ms 13.2X Power (NEC 130nm technology): 0.19 mw/mhz () vs mw/mhz (ARM926) (1) speeds are based on measured data from prototype (4KB I-cache, 4KB D-cache) at 100MHz clock frequency (2) Speeds do not include the overhead of communication with the host CPU. In-system data rates will be lower due to these overheads
4 Application-visible performance Full-system measurement with complete SW stack and applications ttcp TCP IP IPSEC MV Linux Round trip time ttcp ping Redhat Linux Native IPSec LAN
5 Performance (application-visible) Processing Rate (Mbps) Application-visible data rates Measured in-system at the level of the crypto library API on the host CPU Includes all I/O, communication, and software overheads DES-ECB 3DES-ECB AES-ECB DES-CBC 3DES-CBC AES-CBC DES-OFB 3DES-OFB Algorithm In-system speeds 5-10X slower than stand-alone speeds! DES-CFB 3DES-CFB SHA1 MD5 Cryptographic Algorithm 3DES 10.8X AES 3.1X MD5 4.8X SHA1 5.5X Speedup (vs. ARM946@200MHz) (1) Data measured on chip (@100MHz, ARM@200MHz) (2) Based on 4KB data blocks
6 Bottleneck: Crypto-offloading SW Architecture Crypto-offloading SW architecture fills the gap from applications on the host processor to Hardware abstraction Mutual exclusion Synchronization & data transfer Workload & resource management User OS Application Crypto. MT - CGX stub stub HW IPC MT - Crypto. CGX server server System call MSE driver Linux OS OS ARM Application Crypto. CGX stub stub Interrupt, Shared mem. Crypto. Library CGX Backend Comm. Driver Crypto-offloading SW architecture SW HW Application Crypto. server Driver Driver Crypto. server Application Semaphore + context switch System call (device I/O) Interrupt (ARM to ) Interrupt ( to ARM) System call return (device I/O) Sequence of events involved in crypto-offloading Semaphore + context switch
7 Efficient Crypto-offloading SW Architecture Re-partitioning of functions between user-space and kernel-space Eliminate 2 context switches per round-trip Asynchronous crypto-offloading Eliminate synchronization overhead (semaphore / mutex) User App1 App2 User-level stub User-level stub OS Async API KMCO Thread App3 Driver Crypto server Crypto Library SW Kernel-level stub Comm.driver HW ARM HW
8 Impact of Efficient Crypto-offloading SW Architecture Benefit of asynchronous offload vs. synchronous offload (IPSec, ESP-3DES-SHA1) Data Rate (KBps) Data Rate w/ MSE - User-mode IPSec Data Rate - No MSE - User-mode IPSec Data Rate w/ MSE - Kernel-mode IPSec Speedup - User-mode IPSec Speedup - Kernelmode IPSec Speedup (Crypto-offloaded vs. Software crypto-based) Packet Size (bytes)
9 Limits of Acceleration: SSL (Secure Sockets Layer) Protocol Authentication, Key exchange Application data SSL Handshake SSL Change Cipher SSL Record Protocol TCP IP Privacy, Integrity SSL Alert Fragment Compressed Fragment Encrypted data MAC trailer Padding Compression Message Integrity Padding Encryption SSL record SSL header SSL Record Assembly
10 2014 Anand Raghunathan main SSL_read des_ed3_cbc_encrypt des_decrypt3 des_encrypt3 BN_mod_exp_mont BN_mod_mul_montgomery exchange_data SSL_connect initialize_ctx block_host_order block_data_order SHA1_Update MD5_Update des_encrypt2 SSL function call graph Secure Embedded System Design
11 Breakdown of Total Time Maximum vs. Actual Speedup for SSL 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% Other Encrypt (3DES) Hash (SHA1) Packet size (B) True cost of programmability/flexibility is small! Maximum speedup possible is 5.3X (Amdahl s law) achieves 4.5X
12 Performance: Application Level has been evaluated in the context of SSL, IPSec, and DRM applications running on NEC s mobile platforms Applications OpenSSL: 4.5X data rate Secure Browsing, e-commerce SSL IPSec: 10.6X data rate, 5X latency VPN, Secure VoIP DRM agent: 2.5X data rate Media Players, Games IPSec S/MIME DRM Trusted OS Trusted Boot User data protection Secure Storage Theft prevention IMEI Core Functions Cryptographic processing Key Management Secure Boot Memory Protection Trusted Platform Module
13 Summary Inefficient SW can easily mask blazingly fast HW! Efficient SW architecture critical for good performance Stand-alone vs. in-system performance Acceleration options that seem very different may have negligible difference at the system level ECE 695R: System-on-Chip Design, Fall
Comparing TCP performance of tunneled and non-tunneled traffic using OpenVPN. Berry Hoekstra Damir Musulin OS3 Supervisor: Jan Just Keijser Nikhef
Comparing TCP performance of tunneled and non-tunneled traffic using OpenVPN Berry Hoekstra Damir Musulin OS3 Supervisor: Jan Just Keijser Nikhef Outline Introduction Approach Research Results Conclusion
More informationParallelizing IPsec: switching SMP to On is not even half the way
Parallelizing IPsec: switching SMP to On is not even half the way Steffen Klassert secunet Security Networks AG Dresden June 11 2010 Table of contents Some basics about IPsec About the IPsec performance
More informationPerformance Implications of Security Protocols
Performance Implications of Security Protocols Varsha Mainkar Technical Staff Member Network Design & Performance Analysis Advanced Technologies, Joint Work with Paul Reeser 5th INFORMS Telecom Conference
More informationTransport Level Security
2 Transport Level Security : Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 28 October 2013 css322y13s2l12, Steve/Courses/2013/s2/css322/lectures/transport.tex,
More informationCIS 21 Final Study Guide. Final covers ch. 1-20, except for 17. Need to know:
CIS 21 Final Study Guide Final covers ch. 1-20, except for 17. Need to know: I. Amdahl's Law II. Moore s Law III. Processes and Threading A. What is a process? B. What is a thread? C. Modes (kernel mode,
More informationINTERNET PROTOCOL SECURITY (IPSEC) GUIDE.
INTERNET PROTOCOL SECURITY (IPSEC) GUIDE www.insidesecure.com INTRODUCING IPSEC NETWORK LAYER PACKET SECURITY With the explosive growth of the Internet, more and more enterprises are looking towards building
More informationIPSec. Overview. Overview. Levente Buttyán
IPSec - brief overview - security associations (SAs) - Authentication Header (AH) protocol - Encapsulated Security Payload () protocol - combining SAs (examples) Overview Overview IPSec is an Internet
More informationM2351 Security Architecture. TrustZone Technology for Armv8-M Architecture
Architecture TrustZone Technology for Armv8-M Architecture Outline NuMicro Architecture TrustZone for Armv8-M Processor Core, Interrupt Handling, Memory Partitioning, State Transitions. TrustZone Implementation
More informationVirtual Private Networks (VPN)
CYBR 230 Jeff Shafer University of the Pacific Virtual Private Networks (VPN) 2 Schedule This Week Mon September 4 Labor Day No class! Wed September 6 VPN Project 1 Work Fri September 8 IPv6? Project 1
More informationBCA III Network security and Cryptography Examination-2016 Model Paper 1
Time: 3hrs BCA III Network security and Cryptography Examination-2016 Model Paper 1 M.M:50 The question paper contains 40 multiple choice questions with four choices and student will have to pick the correct
More informationIntroduction to information Security
First lecture Introduction to information Security Why Computer and information Security Cryptography Secret key algorithms: DES/AES Public key algorithms: RSA One-way hash functions & message digests:
More informationComparison of SSL/TLS libraries based on Algorithms/languages supported, Platform, Protocols and Performance. By Akshay Thorat
Comparison of SSL/TLS libraries based on Algorithms/languages supported, Platform, Protocols and Performance By Akshay Thorat Table of Contents TLS - Why is it needed? Introduction- SSL/TLS evolution Libraries
More informationSurvey of Commercially available chips and IP cores implementing cryptographic algorithms
Survey of Commercially available chips and IP cores implementing cryptographic algorithms Prepared by - Micheal Dugan, Prajakta Gogte, Prerna Arora Prepared for - ECE 646, Prof. Kris Gaj December 19, 2005
More informationIPSec. Slides by Vitaly Shmatikov UT Austin. slide 1
IPSec Slides by Vitaly Shmatikov UT Austin slide 1 TCP/IP Example slide 2 IP Security Issues Eavesdropping Modification of packets in transit Identity spoofing (forged source IP addresses) Denial of service
More informationThe IPsec protocols. Overview
The IPsec protocols -- components and services -- modes of operation -- Security Associations -- Authenticated Header (AH) -- Encapsulated Security Payload () (c) Levente Buttyán (buttyan@crysys.hu) Overview
More informationSecurity IP-Cores. AES Encryption & decryption RSA Public Key Crypto System H-MAC SHA1 Authentication & Hashing. l e a d i n g t h e w a y
AES Encryption & decryption RSA Public Key Crypto System H-MAC SHA1 Authentication & Hashing l e a d i n g t h e w a y l e a d i n g t h e w a y Secure your sensitive content, guarantee its integrity and
More informationPacketShader: A GPU-Accelerated Software Router
PacketShader: A GPU-Accelerated Software Router Sangjin Han In collaboration with: Keon Jang, KyoungSoo Park, Sue Moon Advanced Networking Lab, CS, KAIST Networked and Distributed Computing Systems Lab,
More informationAcronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector
Acronyms 3DES AES AH ANSI CBC CESG CFB CMAC CRT DoS DEA DES DoS DSA DSS ECB ECC ECDSA ESP FIPS IAB IETF IP IPsec ISO ITU ITU-T Triple DES Advanced Encryption Standard Authentication Header American National
More informationProtocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE i, IEEE 802.1X P2.
P2 Protocols, Technologies and Standards Secure network protocols for the OSI stack P2.1 WLAN Security WPA, WPA2, IEEE 802.11i, IEEE 802.1X P2.2 IP Security IPsec transport mode (host-to-host), ESP and
More informationThe Linux Kernel Cryptographic API
Published on Linux Journal (http://www.linuxjournal.com) The Linux Kernel Cryptographic API By James Morris Created 2003-04-01 02:00 This article provides a brief overview of the new cryptographic API
More informationCS 356 Internet Security Protocols. Fall 2013
CS 356 Internet Security Protocols Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5
More informationKeyStone C66x Multicore SoC Overview. Dec, 2011
KeyStone C66x Multicore SoC Overview Dec, 011 Outline Multicore Challenge KeyStone Architecture Reminder About KeyStone Solution Challenge Before KeyStone Multicore performance degradation Lack of efficient
More informationI/O Handling. ECE 650 Systems Programming & Engineering Duke University, Spring Based on Operating Systems Concepts, Silberschatz Chapter 13
I/O Handling ECE 650 Systems Programming & Engineering Duke University, Spring 2018 Based on Operating Systems Concepts, Silberschatz Chapter 13 Input/Output (I/O) Typical application flow consists of
More informationComputer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 10r. Recitation assignment & concept review Paul Krzyzanowski Rutgers University Spring 2018 April 3, 2018 CS 419 2018 Paul Krzyzanowski 1 1. What is a necessary condition for perfect
More informationThe case for ubiquitous transport-level encryption
1/25 The case for ubiquitous transport-level encryption Andrea Bittau, Michael Hamburg, Mark Handley, David Mazières, and Dan Boneh Stanford and UCL November 18, 2010 Goals 2/25 What would it take to encrypt
More informationOPTIMIZED CRYPTOGRAPHY COMPONENTS FOR CONSTRAINED ENVIRONMENTS. RSA BSAFE Crypto Kernel. Solution Brief
OPTIMIZED CRYPTOGRAPHY COMPONENTS FOR CONSTRAINED ENVIRONMENTS RSA BSAFE Crypto Kernel Solution Brief Figure 1 RSA BSAFE Crypto-C Micro Edition RSA BSAFE Crypto Kernel FIPS 140-2 out-of-the-box ANSI-C
More informationProgressively Securing RIOT-OS!
+ Progressively Securing RIOT-OS! USABILITY AND NECESSITY OF SSL / TLS Slide 1 / 33 We re going to talk about: 1. Why is security important? 2. What is SSL? 3. Where is SSL being used? 4. Features: What
More informationPretty Good Privacy (PGP
PGP - S/MIME - Internet Firewalls for Trusted System: Roles of Firewalls Firewall related terminology- Types of Firewalls - Firewall designs - SET for E-Commerce Transactions. Pretty Good Privacy (PGP
More informationAnand Raghunathan
ECE 695R: SYSTEM-ON-CHIP DESIGN Module 2: HW/SW Partitioning Lecture 2.15: ASIP: Approaches to Design Anand Raghunathan raghunathan@purdue.edu ECE 695R: System-on-Chip Design, Fall 2014 Fall 2014, ME 1052,
More informationApache Commons Crypto: Another wheel of Apache Commons. Dapeng Sun/ Xianda Ke
Apache Commons Crypto: Another wheel of Apache Commons Dapeng Sun/ Xianda Ke About us Dapeng Sun @Intel Apache Commons Committer Apache Sentry PMC Xianda Ke @Intel Apache Commons Crypto Apache Pig(Pig
More informationCryptography and Network Security
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown Chapter 15 Electronic Mail Security Despite the refusal of VADM Poindexter and LtCol North to appear,
More informationHow to abstract hardware acceleration device in cloud environment. Maciej Grochowski Intel DCG Ireland
How to abstract hardware acceleration device in cloud environment Maciej Grochowski Intel DCG Ireland Outline Introduction to Hardware Accelerators Intel QuickAssist Technology (Intel QAT) as example of
More informationHEAD HardwarE Accelerated Deduplication
HEAD HardwarE Accelerated Deduplication Final Report CS710 Computing Acceleration with FPGA December 9, 2016 Insu Jang Seikwon Kim Seonyoung Lee Executive Summary A-Z development of deduplication SW version
More informationAdvanced Computer Systems 2018 Final project
Advanced Computer Systems 2018 Final project Submitted by: Eyal Golombek Date: 19/3/18 Project Idea and Goal: The goal of the project was to create a secure authentication token that will allow users to
More informationCryptographic Hardware Support for the Linux Kernel
Cryptographic Hardware Support for the Linux Kernel James Morris Red Hat Inc. Oregon Networking Summit, July 2004 Current Status Simple crypto API in the 2.6 kernel, designed primarily for IPSec and then
More informationLecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005
Firewalls Lecture 33 Security April 15, 2005 Idea: separate local network from the Internet Trusted hosts and networks Intranet Firewall DMZ Router Demilitarized Zone: publicly accessible servers and networks
More informationAcronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector
Acronyms 3DES AES AH ANSI CBC CESG CFB CMAC CRT DoS DEA DES DoS DSA DSS ECB ECC ECDSA ESP FIPS IAB IETF IP IPsec ISO ITU ITU-T Triple DES Advanced Encryption Standard Authentication Header American National
More informationPOWER7+ TM IBM IBM Corporation
POWER7+ TM 2012 Corporation Outline POWER Processor History Design Overview Performance Benchmarks Key Features Scale-up / Scale-out The new accelerators Advanced energy management Summary * Statements
More informationThe Case For Crypto Protocol Awareness Inside The OS Kernel
The Case For Crypto Protocol Awareness Inside The OS Kernel Matthew Burnside Angelos D. Keromytis Department of Computer Science, Columbia University {mb,angelos}@cs.columbia.edu Abstract Separation of
More informationDanube University Krems. The University for Continuing Education. Security Issues in Resource-limited Sensor Networks. Thilo Sauter Albert Treytl
Danube University Krems. The University for Continuing Education. Security Issues in Resource-limited Sensor Networks Thilo Sauter Albert Treytl Wireless Sensor Network Vision High-level company functions
More informationThe Case For Crypto Protocol Awareness Inside The OS Kernel
The Case For Crypto Protocol Awareness Inside The OS Kernel Matthew Burnside Angelos D. Keromytis Department of Computer Science, Columbia University mb,angelos @cs.columbia.edu Abstract Separation of
More informationConfiguration of an IPSec VPN Server on RV130 and RV130W
Configuration of an IPSec VPN Server on RV130 and RV130W Objective IPSec VPN (Virtual Private Network) enables you to securely obtain remote access to corporate resources by establishing an encrypted tunnel
More informationInternet Security. - IPSec, SSL/TLS, SRTP - 29th. Oct Lee, Choongho
Internet Security - IPSec, SSL/TLS, SRTP - 29th. Oct. 2007 Lee, Choongho chlee@mmlab.snu.ac.kr Contents Introduction IPSec SSL / TLS SRTP Conclusion 2/27 Introduction (1/2) Security Goals Confidentiality
More informationOpen Source Internet Security
Open Source Internet Security Company / Product Overview October, 2016 http://www.wolfssl.com (425) 245-8247 ABOUT US Founded: 2004 Location: Bozeman, MT Seattle, WA Portland, OR Our Focus: Open Source
More informationCipher Suite Configuration Mode Commands
The Cipher Suite Configuration Mode is used to configure the building blocks for SSL cipher suites, including the encryption algorithm, hash function, and key exchange. Important The commands or keywords/variables
More informationHardware Acceleration of a Software-based VPN
Hardware Acceleration of a Software-based VPN Furkan Turan Ruan de Clercq, Pieter Maene, Oscar Reparaz Ingrid Verbauwhede KU Leuven - COSIC VPN Introduction VPN (Virtual Private Network) encrypts the communication
More informationTransport Layer Security
CEN585 Computer and Network Security Transport Layer Security Dr. Mostafa Dahshan Department of Computer Engineering College of Computer and Information Sciences King Saud University mdahshan@ksu.edu.sa
More informationSATELLAR and VPN. 2/2017 SATEL technical bulletin SATELLAR
2/2017 SATEL technical bulletin and VPN VPN i.e. Virtual Private Network is a method to create an authenticated and in case wanted secured method for communication. When enabled and configured, it is possible
More informationCS 856 Latency in Communication Systems
CS 856 Latency in Communication Systems Winter 2010 Latency Challenges CS 856, Winter 2010, Latency Challenges 1 Overview Sources of Latency low-level mechanisms services Application Requirements Latency
More informationCryptographic Execution Time for WTLS Handshakes on Palm OS Devices. Abstract
Cryptographic Execution Time for WTLS Handshakes on Palm OS Devices Neil Daswani Stanford University daswani@cs.stanford.edu Abstract This paper analyzes the cryptographic operation time that is required
More information8. Network Layer Contents
Contents 1 / 43 * Earlier Work * IETF IP sec Working Group * IP Security Protocol * Security Associations * Authentication Header * Encapsulation Security Payload * Internet Key Management Protocol * Modular
More informationDavid Wetherall, with some slides from Radia Perlman s security lectures.
David Wetherall, with some slides from Radia Perlman s security lectures. djw@cs.washington.edu Networks are shared: Want to secure communication between legitimate participants from others with (passive
More informationIntelop. *As new IP blocks become available, please contact the factory for the latest updated info.
A FPGA based development platform as part of an EDK is available to target intelop provided IPs or other standard IPs. The platform with Virtex-4 FX12 Evaluation Kit provides a complete hardware environment
More informationKernel level AES Acceleration using GPUs
Kernel level AES Acceleration using GPUs TABLE OF CONTENTS 1 PROBLEM DEFINITION 1 2 MOTIVATIONS.................................................1 3 OBJECTIVE.....................................................2
More informationAdvanced Encryption Standard and Modes of Operation. Foundations of Cryptography - AES pp. 1 / 50
Advanced Encryption Standard and Modes of Operation Foundations of Cryptography - AES pp. 1 / 50 AES Advanced Encryption Standard (AES) is a symmetric cryptographic algorithm AES has been originally requested
More informationFast packet processing in the cloud. Dániel Géhberger Ericsson Research
Fast packet processing in the cloud Dániel Géhberger Ericsson Research Outline Motivation Service chains Hardware related topics, acceleration Virtualization basics Software performance and acceleration
More informationTLS 1.1 Security fixes and TLS extensions RFC4346
F5 Networks, Inc 2 SSL1 and SSL2 Created by Netscape and contained significant flaws SSL3 Created by Netscape to address SSL2 flaws TLS 1.0 Standardized SSL3 with almost no changes RFC2246 TLS 1.1 Security
More informationInterfacing a High Speed Crypto Accelerator to an Embedded CPU
Interfacing a High Speed Crypto Accelerator to an Embedded CPU Alireza Hodjat ahodjat @ee.ucla.edu Electrical Engineering Department University of California, Los Angeles Ingrid Verbauwhede ingrid @ee.ucla.edu
More informationIsoStack Highly Efficient Network Processing on Dedicated Cores
IsoStack Highly Efficient Network Processing on Dedicated Cores Leah Shalev Eran Borovik, Julian Satran, Muli Ben-Yehuda Outline Motivation IsoStack architecture Prototype TCP/IP over 10GE on a single
More informationIPsec (AH, ESP), IKE. Guevara Noubir CSG254: Network Security
IPsec (AH, ESP), IKE Guevara Noubir noubir@ccs.neu.edu Securing Networks Control/Management (configuration) Applications Layer telnet/ftp: ssh, http: https, mail: PGP (SSL/TLS) Transport Layer (TCP) (IPSec,
More informationGPGPU introduction and network applications. PacketShaders, SSLShader
GPGPU introduction and network applications PacketShaders, SSLShader Agenda GPGPU Introduction Computer graphics background GPGPUs past, present and future PacketShader A GPU-Accelerated Software Router
More informationAdvanced Computer Networks. End Host Optimization
Oriana Riva, Department of Computer Science ETH Zürich 263 3501 00 End Host Optimization Patrick Stuedi Spring Semester 2017 1 Today End-host optimizations: NUMA-aware networking Kernel-bypass Remote Direct
More informationAn Embedded Firewall Based on Network Processor
An Embedded Firewall Based on Network Processor Quan Huang, Shengke Qiu Research Institute of Information Technology (RIIT), Tsinghua University Beijing 100084, China {huangq03, qsk03}@mails.tsinghua.edu.cn
More informationProtocol Comparisons: OpenSSH, SSL/TLS (AT-TLS), IPSec
Protocol Comparisons: OpenSSH, SSL/TLS (AT-TLS), IPSec Author: Gwen Dente, IBM Gaithersburg, MD Acknowledgments: Alfred Christensen, IBM Erin Farr, IBM Christopher Meyer, IBM Linwood Overby, IBM Richard
More informationIntroduction to Virtio Crypto Device.
Introduction to Virtio Crypto Device arei.gonglei@huawei.com xin.zeng@intel.com Agenda Overview of virtio crypto device Virtio crypto device spec Introduction to software implementation WIP and future
More informationFIPS Non-Proprietary Security Policy. Level 1 Validation Version 1.2
Oracle Solaris Kernel Cryptographic Framework with SPARC T4 and T5 Software Version: 1.0 and 1.1; Hardware Version: SPARC T4 (527-1437-01) and T5 (7043165) FIPS 140-2 Non-Proprietary Security Policy Level
More informationEnd-to-End Java Security Performance Enhancements for Oracle SPARC Servers Performance engineering for a revenue product
End-to-End Java Security Performance Enhancements for Oracle SPARC Servers Performance engineering for a revenue product Luyang Wang, Pallab Bhattacharya, Yao-Min Chen, Shrinivas Joshi and James Cheng
More informationIBM z13 Performance of Cryptographic Operations (Cryptographic Hardware: CPACF, CEX5S)
IBM z13 Performance of Cryptographic Operations (Cryptographic Hardware: CPACF, CEX5S) 1 Copyright IBM Corporation 1994, 2015. IBM Corporation Marketing Communications, Server Group Route 100 Somers, NY
More informationMassively Parallel Hardware Security Platform
Massively Parallel Hardware Security Platform Dan Cvrček, Enigma Bridge, UK dan@enigmabridge.com Petr Švenda, CRoCS, Masaryk University, CZ svenda@fi.muni.cz Overview 1. Cryptography as a Service 2. Usage
More informationEfficient Memory Integrity Verification and Encryption for Secure Processors
Efficient Memory Integrity Verification and Encryption for Secure Processors G. Edward Suh, Dwaine Clarke, Blaise Gassend, Marten van Dijk, Srinivas Devadas Massachusetts Institute of Technology New Security
More informationParallelism Marco Serafini
Parallelism Marco Serafini COMPSCI 590S Lecture 3 Announcements Reviews First paper posted on website Review due by this Wednesday 11 PM (hard deadline) Data Science Career Mixer (save the date!) November
More informationISA-L Performance Report Release Test Date: Sept 29 th 2017
Test Date: Sept 29 th 2017 Revision History Date Revision Comment Sept 29 th, 2017 1.0 Initial document for release 2 Contents Audience and Purpose... 4 Test setup:... 4 Intel Xeon Platinum 8180 Processor
More informationVirtualization, Xen and Denali
Virtualization, Xen and Denali Susmit Shannigrahi November 9, 2011 Susmit Shannigrahi () Virtualization, Xen and Denali November 9, 2011 1 / 70 Introduction Virtualization is the technology to allow two
More informationConnectivity. Ethernet
Connectivity Ethernet ENC624J600 Stand-Alone 10/100 Ethernet Controller Ethernet Family Roadmap Design Existing 10/100 Base-T Ethernet ENC624J600 24KB Buffer Encryption 44/64 pins NEW PIC32MX 32-bit w/
More informationScaling Acceleration Capacity from 5 to 50 Gbps and Beyond with Intel QuickAssist Technology
SOLUTION BRIEF Intel QuickAssist Technology Scaling Acceleration Capacity from 5 to 5 Gbps and Beyond with Intel QuickAssist Technology Equipment manufacturers can dial in the right capacity by choosing
More information6.9. Communicating to the Outside World: Cluster Networking
6.9 Communicating to the Outside World: Cluster Networking This online section describes the networking hardware and software used to connect the nodes of cluster together. As there are whole books and
More informationPOWER7+ Accelerated Encryption and Random Number Generation for Linux
POWER7+ Accelerated Encryption and Random Number Generation for Linux Kent Yoder IBM Linux Technology Center February 22, 2013 Contents 1 Introduction 2 2 Hardware Architecture
More informationBlock Cipher Operation
Block Cipher Operation Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: 6-1 Overview 1. Double DES, Triple
More informationPacket Tracer - Configure and Verify a Site-to-Site IPsec VPN Using CLI
Packet Tracer - Configure and Verify a Site-to-Site IPsec VPN Using CLI Topology Addressing Table R1 R2 R3 Device Interface IP Address Subnet Mask Default Gateway Switch Port G0/0 192.168.1.1 255.255.255.0
More informationSerial. Parallel. CIT 668: System Architecture 2/14/2011. Topics. Serial and Parallel Computation. Parallel Computing
CIT 668: System Architecture Parallel Computing Topics 1. What is Parallel Computing? 2. Why use Parallel Computing? 3. Types of Parallelism 4. Amdahl s Law 5. Flynn s Taxonomy of Parallel Computers 6.
More informationCRYPTOGRAPHY AND NETWROK SECURITY-QUESTION BANK
CRYPTOGRAPHY AND NETWROK SECURITY-QUESTION BANK UNIT-1 1. Answer the following: a. What is Non-repudiation b. Distinguish between stream and block ciphers c. List out the problems of one time pad d. Define
More informationCrypto Application. version 1.2
Crypto Application version 1.2 The Erlang/OTP SSL application includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). Copyright (c) 1998-2002 The OpenSSL
More informationIBM Network Processor, Development Environment and LHCb Software
IBM Network Processor, Development Environment and LHCb Software LHCb Readout Unit Internal Review July 24 th 2001 Niko Neufeld, CERN 1 Outline IBM NP4GS3 Architecture A Readout Unit based on the NP4GS3
More informationEnd Systems. End Systems
1. Introduction 2. Fundamentals and design principles 3. Network architecture and topology 4. Network control and signalling 5. Network components 5.1 links 5.2 switches and routers 6. End systems 7. End-to-end
More informationMartin Kruliš, v
Martin Kruliš 1 Optimizations in General Code And Compilation Memory Considerations Parallelism Profiling And Optimization Examples 2 Premature optimization is the root of all evil. -- D. Knuth Our goal
More informationPE310G4SPI9 Quad Port Fiber 10 Gigabit Ethernet PCI Express Server Adapter Intel 82599ES Based
PE310G4SPI9 Quad Port Fiber 10 Gigabit Ethernet PCI Express Server Adapter Intel 82599ES Based Product Description Silicom s 10 Gigabit Ethernet PCI Express server adapters are designed for Servers and
More informationStructured Streams: A New Transport Abstraction
Structured Streams: A New Transport Abstraction Bryan Ford Computer Science and Artificial Intelligence Laboratory Massachusetts Institute of Technology ACM SIGCOMM, August 30, 2007 http://pdos.csail.mit.edu/uia/sst/
More informationCase 1: VPN direction from Vigor2130 to Vigor2820
LAN to LAN IPSec VPN between Vigor2130 and Vigor2820 using Aggressive mode In this document we will introduce how to create a LAN to LAN IPSec VPN between Vigor2130 and a Vigor2820 using Aggressive mode.
More informationTopic & Scope. Content: The course gives
Topic & Scope Content: The course gives an overview of network processor cards (architectures and use) an introduction of how to program Intel IXP network processors some ideas of how to use network processors
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 11 Basic Cryptography Objectives Define cryptography Describe hashing List the basic symmetric cryptographic algorithms 2 Objectives
More informationSecure Key Management and Data Privacy on z/tpf
z/tpf EE V1.1 z/tpfdf V1.1 TPF Toolkit for WebSphere Studio V3 TPF Operations Server V1.2 IBM Software Group TPF Users Group Spring 2006 Secure Key Management and Data Privacy on z/tpf Name : Mark Gambino
More informationSymmetric Key Encryption. Symmetric Key Encryption. Advanced Encryption Standard ( AES ) DES DES DES 08/01/2015. DES and 3-DES.
Symmetric Key Encryption Symmetric Key Encryption and 3- Tom Chothia Computer Security: Lecture 2 Padding Block cipher modes Advanced Encryption Standard ( AES ) AES is a state-of-the-art block cipher.
More informationCS 152 Computer Architecture and Engineering
CS 152 Computer Architecture and Engineering Lecture 12 -- Virtual Memory 2014-2-27 John Lazzaro (not a prof - John is always OK) TA: Eric Love www-inst.eecs.berkeley.edu/~cs152/ Play: CS 152 L12: Virtual
More informationKernel Transport Layer Security
Kernel Transport Layer Security A TLS socket Dave Watson davejwatson@fb.com TLS implemented as a socket int tls_fd = socket(af_tls, SOCK_STREAM SOCK_DGRAM, 0); 2 Why TLS? Security for the web The S in
More informationCOSC4377. Chapter 8 roadmap
Lecture 28 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity 8.4 Securing e mail 8.5 Securing TCP connections: SSL 8.6 Network layer security: IPsec 8.7
More informationUNIT I [INTRODUCTION TO EMBEDDED COMPUTING AND ARM PROCESSORS] PART A
UNIT I [INTRODUCTION TO EMBEDDED COMPUTING AND ARM PROCESSORS] PART A 1. Distinguish between General purpose processors and Embedded processors. 2. List the characteristics of Embedded Systems. 3. What
More information2 nd Half. Memory management Disk management Network and Security Virtual machine
Final Review 1 2 nd Half Memory management Disk management Network and Security Virtual machine 2 Abstraction Virtual Memory (VM) 4GB (32bit) linear address space for each process Reality 1GB of actual
More informationAEGIS: Architecture for Tamper-Evident and Tamper-Resistant Processing
AEGIS: Architecture for Tamper-Evident and Tamper-Resistant Processing G. Edward Suh, Dwaine Clarke, Blaise Gassend, Marten van Dijk, Srinivas Devadas Massachusetts Institute of Technology L C S Cases
More informationNetworking at the Speed of Light
Networking at the Speed of Light Dror Goldenberg VP Software Architecture MaRS Workshop April 2017 Cloud The Software Defined Data Center Resource virtualization Efficient services VM, Containers uservices
More informationComputer Networking. What is network security? Chapter 7: Network security. Symmetric key cryptography. The language of cryptography
Chapter 7: Network security 15-441 Computer Networking Network Security: Cryptography, Authentication, Integrity Foundations: what is security? cryptography authentication message integrity key distribution
More information