P4数据平面中的加密哈希

2019 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS) Pub Date : 2019-09-01 DOI:10.1109/ANCS.2019.8901886

D. Scholz, Andreas Oeldemann, Fabien Geyer, Sebastian Gallenmüller, Henning Stubbe, Thomas Wild, A. Herkersdorf, G. Carle

{"title":"P4数据平面中的加密哈希","authors":"D. Scholz, Andreas Oeldemann, Fabien Geyer, Sebastian Gallenmüller, Henning Stubbe, Thomas Wild, A. Herkersdorf, G. Carle","doi":"10.1109/ANCS.2019.8901886","DOIUrl":null,"url":null,"abstract":"P4 introduces a standardized, universal way for data plane programming. Secure and resilient communication typically involves the processing of payload data and specialized cryptographic hash functions. We observe that current P4 targets lack the support for both. Therefore, applications and protocols, which require message authentication codes or hashing structures that are resilient against attacks such as denial-of-service, cannot be implemented. To enable authentication and resilience, we make the case for extending P4 targets with cryptographic hash functions. We propose an extension of the P4 Portable Switch Architecture for cryptographic hashes and discuss our prototype implementations for three different P4 target platforms: CPU, NPU, and FPGA. To assess the practical applicability, we conduct a performance evaluation and analyze the resource consumption. Our prototype implementations show that cryptographic hashing can be integrated efficiently. We cannot identify a single hash function delivering satisfying performance on all investigated platforms. Therefore, we recommend a set of hash functions to optimize target-specific performance.","PeriodicalId":405320,"journal":{"name":"2019 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS)","volume":"14 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"33","resultStr":"{\"title\":\"Cryptographic Hashing in P4 Data Planes\",\"authors\":\"D. Scholz, Andreas Oeldemann, Fabien Geyer, Sebastian Gallenmüller, Henning Stubbe, Thomas Wild, A. Herkersdorf, G. Carle\",\"doi\":\"10.1109/ANCS.2019.8901886\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"P4 introduces a standardized, universal way for data plane programming. Secure and resilient communication typically involves the processing of payload data and specialized cryptographic hash functions. We observe that current P4 targets lack the support for both. Therefore, applications and protocols, which require message authentication codes or hashing structures that are resilient against attacks such as denial-of-service, cannot be implemented. To enable authentication and resilience, we make the case for extending P4 targets with cryptographic hash functions. We propose an extension of the P4 Portable Switch Architecture for cryptographic hashes and discuss our prototype implementations for three different P4 target platforms: CPU, NPU, and FPGA. To assess the practical applicability, we conduct a performance evaluation and analyze the resource consumption. Our prototype implementations show that cryptographic hashing can be integrated efficiently. We cannot identify a single hash function delivering satisfying performance on all investigated platforms. Therefore, we recommend a set of hash functions to optimize target-specific performance.\",\"PeriodicalId\":405320,\"journal\":{\"name\":\"2019 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS)\",\"volume\":\"14 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"33\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ANCS.2019.8901886\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ANCS.2019.8901886","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 33

摘要

P4为数据平面编程引入了一种标准化的通用方法。安全和弹性通信通常涉及有效负载数据的处理和专门的加密散列函数。我们观察到目前的P4靶标缺乏这两种支持。因此，应用程序和协议无法实现，这些应用程序和协议需要消息身份验证码或能够抵御诸如拒绝服务等攻击的散列结构。为了启用身份验证和弹性，我们使用加密散列函数扩展P4目标。我们提出了P4可移植交换机架构的扩展，用于加密哈希，并讨论了三种不同P4目标平台的原型实现:CPU、NPU和FPGA。为了评估其实用性，我们进行了性能评估和资源消耗分析。我们的原型实现表明，可以有效地集成加密哈希。我们无法确定一个单一的哈希函数在所有被调查的平台上都能提供令人满意的性能。因此，我们建议使用一组散列函数来优化特定于目标的性能。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Cryptographic Hashing in P4 Data Planes

P4 introduces a standardized, universal way for data plane programming. Secure and resilient communication typically involves the processing of payload data and specialized cryptographic hash functions. We observe that current P4 targets lack the support for both. Therefore, applications and protocols, which require message authentication codes or hashing structures that are resilient against attacks such as denial-of-service, cannot be implemented. To enable authentication and resilience, we make the case for extending P4 targets with cryptographic hash functions. We propose an extension of the P4 Portable Switch Architecture for cryptographic hashes and discuss our prototype implementations for three different P4 target platforms: CPU, NPU, and FPGA. To assess the practical applicability, we conduct a performance evaluation and analyze the resource consumption. Our prototype implementations show that cryptographic hashing can be integrated efficiently. We cannot identify a single hash function delivering satisfying performance on all investigated platforms. Therefore, we recommend a set of hash functions to optimize target-specific performance.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2019 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS)

自引率

0.00%

发文量