Kernel level AES Acceleration using GPUs

Transcription

1 Kernel level AES Acceleration using GPUs TABLE OF CONTENTS 1 PROBLEM DEFINITION 1 2 MOTIVATIONS OBJECTIVE APPROACH RELATED WORK ACCELERATION OF CRYPTOGRAPHIC FUNCTIONS USING GRAPHICS HARDWARE GPU ACCELERATED CRYPTOGRAPHY AS AN OS SERVICE PERFORMANCE EVALUATION OF PARALLEL AES IMPLEMENTATIONS OVER CUDA CONCLUSION REFERENCES Problem Definition Often times encryption is not the main focus of an application, rather it is something that the application provides as part of its service, an example of this is OpenSSL [2]. Performing AES Encryption is a computationally expensive operation [1], the process of encrypting and decrypting data can take up a large percentage of the CPU's time which may affect the whole system s performance. Increasing the bit count of our keys/encryption may even slow down performance more to a non sustainable level, although this is vital nowadays since with the new hardware accelerators available, cracking of current means of encryption even using brute force became feasible in some cases. 2 Motivations It is certainly beneficial to have better security mainly for data transmission and encryption (since we can use AES 192 or AES 256 instead of AES 128 at the accelerated solution). Such acceleration will also provide us better performing web servers (Enhancing SSL speed) which will affect almost every secured Internet website that has such encryption. Virtual Private Networks (Accelerating IPsec VPNs), Storage Area Networks (Encryption of data transmission) and Pay TV (Securing pay TV through tamper resistant service) are all examples of high level benefits from the accelerated encryption that will be achieved by GPUs, as such hardware accelerators can be used as a separate unit to increase the overall performance of the application allowing more space for future features that can provide better functionalities and security to the users.

2 3 Objective The objective of this research is first to alleviate the amount of work done by the CPU by offloading AES encryption to GPUs, since the process of encrypting and decrypting data can take up a large percentage of the CPU's time. Second, is to provide an Implementation for the accelerated algorithm on GPUs at the kernel level layer in order to avoid overheads from user space and provide abstraction to the services using this acceleration. 4 Approach The main approaches that this research will head for is first mainly to leverage the usage of modern GPU frameworks in providing an accelerated algorithm using the full capabilities of modern GPUs. The choice between frameworks such as the Nvidia CUDA framework [6] or the OpenCL framework to be used in the implementation of the practical part of this research is also a choice yet to be considered however it s undecided up to this moment. Secondly to optimize memory transfers between GPU memory layers and CPU ram to minimize overheads, the key point here will be to exploit the new capabilities and features of modern GPU programming frameworks that can help in such optimizations. Thirdly auto- tune the accelerated parameters based on GPU model and architecture, having a small auto- tuning unit that does multiple sample runs over the algorithm and the present hardware trying to find the best performing sample in order to optimize the parallelism parameters. Fourthly and finally is to integrate the GPU as a driver abstracted in the OCF (OpenBSD Cryptographic Framework) [7] providing an accelerated version of the AES algorithm in it (and other algorithms in future work). 5 Related Works 5.1 Acceleration of Cryptographic Functions using Graphics Hardware In this paper they investigate GPU acceleration of symmetric- key and asymmetric- key functions using an example of AES algorithm that it can be accelerated using modern GPUs and outperform CPUs. The aim of this investigation is to decided to what extent can the GPU act as an efficient hardware accelerator for cryptographic functions. Figure shows the heavily parallel architecture of an Nvidia GPU, the figure clarifies the main computing units within the GPU, the streaming multiprocessor (SM), which executed the CUDA, parallelized code.

3 Figure 5.1.1: Simplified block diagram of the GeForce architecture Using this architecture, the research provided statistics and results of the runtime of the accelerated AES code that shows that the GPU can be viewed as an example of a highly parallel processor for general- purpose computation. The main challenge they faced was to maintain a high occupancy level at the GPU because failing to do so results in a loss for the potential performance increase that would have been achieved using the non- occupied GPU cores. They have using the SIMD, single instruction multiple data, technique to increase the computational density of the architecture. They have achieved using their GPU implementation 2.5x and 6x increase in performance with and without data transfer respectively. 5.2 GPU Accelerated Cryptography as an OS Service This research mainly tackles the issue of the absence of method that allows operating system kernel service or user space application to make use of GPU accelerations in a practical manner. The paper investigates the integration of GPU accelerated functions with an established service virtualization layer, called the OCF- Linux framework [7], within the Linux kernel. OCF is a framework that provides a standard method for the integration of any cryptographic accelerator driver using its producer API. It receives calls from userspace or kernelspace applications and acts as a middleware layer between it and the accelerator. Figure 5.2.1: OCF framework Architecture Figure shows a high level overview of the OCF framework where the core component of the framework, the main Crypto layer, provides two APIs - the producer API for use by crypto- card device drivers and the consumer API for use by other kernel subsystems.

4 The authors have presented a new general- purpose mechanism for processing multiple asymmetric key requests on the GPU and found that the preprocessing of mixed key requests is crucial to maintain the performance. They have shown that the GPU can be effectively integrated into the OCF [7] successfully, though it was challenging in some point such as the driver consisting of the kernelspace OCF driver and the userspace daemon. They also showed that there might be an overhead when using the OCF accelerated encrypted function of 3.4% compared to calling it directly. However they have concluded that GPU accelerated cryptographic functions can be available in a uniform standard way to all operating system components in userspace and kernelspace without having excessive overhead. 5.3 Performance Evaluation of Parallel AES Implementations over CUDA In this research the authors mainly tries to evaluate multiple AES implementations over the GPU, this is mainly because a traditional AES GPU implementation doesn t necessarily provide optimal performance. They also investigate the possibility to enhance different parallelism mechanisms over AES implementations using CUDA framework to utilize GPU in both a basic method (applying a parallel thread into each AES data block) and enhanced mechanisms (optimizing the internal stage in each AES round for parallel AES). They focused only on the parallelism for comparable performance evaluation purpose as they say, since they applied AES encryption in ECB mode (CTR mode can be similarly encrypted without the dependency of the previous blocks, but not others.) where a 16- bytes AES block can be encrypted individually. Running parallel AES by applying each GPU core into each AES block resulting into a complete encrypted parallel block as shown in Figure Figure 5.3.1: AES Encryption Stage 1 and it s mapping to GPU Blocks

5 Their experiment showed that the performance of Parallel AES on CUDA- GPU offers the improvement over CPU by factor of 20, i.e., 38 to 39 milliseconds (GPU) vs. 779 milliseconds (CPU). Figure 5.3.2: Number of Threads versus Number of Blocks They have also shown that in the GPU implementation a fewer number of blocks and more number of threads resulted in best performance as shown in Figure 5.3.2, and this also applies for large data size due to the reduction of inner block communication. They also evaluated the possibility to utilize each AES stage optimization to utilize AES parallelism, and so the results showed the performance improvement over GPU, and especially, a traditional CPU. Conclusion GPUs can provide efficient and reliable hardware acceleration for heavy compute intensive functions that performs much faster on massively parallel architectures, decreasing the load on the CPU allowing it more room to do other functionalities. There is also a security aspect as the number of bits, the complexity, of the encryption can be pushed further with GPUs giving better security overall.

6 References [1] J. Daemen, V. Rijmen, AES Proposal: Rijndael, Ver 2, [2] Cray Inc., Cray XD1 System Overview, Ver 1.1, [3] Acceleration of Cryptographic Functions using Graphics Hardware, Harrison, O [4] GPU accelerated cryptography as an OS service, Harrison, O., & Waldron, J., Springer, Transactions on Computational Science XI, [5] Performance Evaluation of Parallel AES Implementations over CUDA GPU Framework, Chakchai Soin., Sarayut Poolsanguan, Int. Journal of Digital Content Technology and Its Applications, [6] CUDA Framework, cuda. [7] OCF Framework, linux.sourceforge.net/