부산대학교 도서관

The Transport Layer Security (TLS) and Secure Socket Layer (SSL) are currently the predominant protocols to provide information security and data integrity between two communication endpoints. However, with dramatically increased network traffic, the cryptography algorithms used in SSL/TLS for encryption and decryption introduce substantial computation overhead due to the expensive CPU execution time. To accelerate the complex encryption computation, researchers have proposed novel architectures based hardware accelerators such as FPGAs, which can handle a massive amount of offloaded traffic with complex processing at very high throughput. In this paper, we study the real-world traffic workload and find that the performance of several crypto algorithms is heavily data-dependent: for small packets, software-based encryption and decryption solutions outperform hardware-based solutions, while hardwarebased solutions show higher processing speed for large packets. So there is no one-size-fits-all solution for packet processing. As a result, we propose a software-hardware co-design with quick assist technology. It combines both advantages of softwareand hardware-based approaches and be able to choose the optimal cryptography solution dynamically based on traffic status and system state. Our evaluation shows that our proposed architecture could achieve high throughput for encrypted traffic on a secured network compared to pure software or hardware solutions.