Hardware/Software Adaptive Cryptographic Acceleration for Big Data Processing
Along with the explosive growth of network data, security is becoming increasingly important for web transactions. The SSL/TLS protocol has been widely adopted as one of the effective solutions for sensitive access. Although OpenSSL could provide a freely available implementation of the SSL/TLS prot...
Main Authors: | , , , , |
---|---|
Format: | Article |
Language: | English |
Published: |
Hindawi-Wiley
2018-01-01
|
Series: | Security and Communication Networks |
Online Access: | http://dx.doi.org/10.1155/2018/7631342 |
id |
doaj-851b6d52682c4c19a8c24ff883f9185f |
---|---|
record_format |
Article |
spelling |
doaj-851b6d52682c4c19a8c24ff883f9185f2020-11-25T00:48:18ZengHindawi-WileySecurity and Communication Networks1939-01141939-01222018-01-01201810.1155/2018/76313427631342Hardware/Software Adaptive Cryptographic Acceleration for Big Data ProcessingChunhua Xiao0Lei Zhang1Yuhua Xie2Weichen Liu3Duo Liu4Department of Computer Science, Chongqing University, Chongqing 400044, ChinaDepartment of Computer Science, Chongqing University, Chongqing 400044, ChinaDepartment of Computer Science, Chongqing University, Chongqing 400044, ChinaDepartment of Computer Science, Chongqing University, Chongqing 400044, ChinaDepartment of Computer Science, Chongqing University, Chongqing 400044, ChinaAlong with the explosive growth of network data, security is becoming increasingly important for web transactions. The SSL/TLS protocol has been widely adopted as one of the effective solutions for sensitive access. Although OpenSSL could provide a freely available implementation of the SSL/TLS protocol, the crypto functions, such as symmetric key ciphers, are extremely compute-intensive operations. These expensive computations through software implementations may not be able to compete with the increasing need for speed and secure connection. Although there are lots of excellent works with the objective of SSL/TLS hardware acceleration, they focus on the dedicated hardware design of accelerators. Hardly of them presented how to utilize them efficiently. Actually, for some application scenarios, the performance improvement may not be comparable with AES-NI, due to the induced invocation cost for hardware engines. Therefore, we proposed the research to take full advantages of both accelerators and CPUs for security HTTP accesses in big data. We not only proposed optimal strategies such as data aggregation to advance the contribution with hardware crypto engines, but also presented an Adaptive Crypto System based on Accelerators (ACSA) with software and hardware codesign. ACSA is able to adopt crypto mode adaptively and dynamically according to the request character and system load. Through the establishment of 40 Gbps networking on TAISHAN Web Server, we evaluated the system performance in real applications with a high workload. For the encryption algorithm 3DES, which is not supported in AES-NI, we could get about 12 times acceleration with accelerators. For typical encryption AES supported by instruction acceleration, we could get 52.39% bandwidth improvement compared with only hardware encryption and 20.07% improvement compared with AES-NI. Furthermore, the user could adjust the trade-off between CPU occupation and encryption performance through MM strategy, to free CPUs according to the working requirements.http://dx.doi.org/10.1155/2018/7631342 |
collection |
DOAJ |
language |
English |
format |
Article |
sources |
DOAJ |
author |
Chunhua Xiao Lei Zhang Yuhua Xie Weichen Liu Duo Liu |
spellingShingle |
Chunhua Xiao Lei Zhang Yuhua Xie Weichen Liu Duo Liu Hardware/Software Adaptive Cryptographic Acceleration for Big Data Processing Security and Communication Networks |
author_facet |
Chunhua Xiao Lei Zhang Yuhua Xie Weichen Liu Duo Liu |
author_sort |
Chunhua Xiao |
title |
Hardware/Software Adaptive Cryptographic Acceleration for Big Data Processing |
title_short |
Hardware/Software Adaptive Cryptographic Acceleration for Big Data Processing |
title_full |
Hardware/Software Adaptive Cryptographic Acceleration for Big Data Processing |
title_fullStr |
Hardware/Software Adaptive Cryptographic Acceleration for Big Data Processing |
title_full_unstemmed |
Hardware/Software Adaptive Cryptographic Acceleration for Big Data Processing |
title_sort |
hardware/software adaptive cryptographic acceleration for big data processing |
publisher |
Hindawi-Wiley |
series |
Security and Communication Networks |
issn |
1939-0114 1939-0122 |
publishDate |
2018-01-01 |
description |
Along with the explosive growth of network data, security is becoming increasingly important for web transactions. The SSL/TLS protocol has been widely adopted as one of the effective solutions for sensitive access. Although OpenSSL could provide a freely available implementation of the SSL/TLS protocol, the crypto functions, such as symmetric key ciphers, are extremely compute-intensive operations. These expensive computations through software implementations may not be able to compete with the increasing need for speed and secure connection. Although there are lots of excellent works with the objective of SSL/TLS hardware acceleration, they focus on the dedicated hardware design of accelerators. Hardly of them presented how to utilize them efficiently. Actually, for some application scenarios, the performance improvement may not be comparable with AES-NI, due to the induced invocation cost for hardware engines. Therefore, we proposed the research to take full advantages of both accelerators and CPUs for security HTTP accesses in big data. We not only proposed optimal strategies such as data aggregation to advance the contribution with hardware crypto engines, but also presented an Adaptive Crypto System based on Accelerators (ACSA) with software and hardware codesign. ACSA is able to adopt crypto mode adaptively and dynamically according to the request character and system load. Through the establishment of 40 Gbps networking on TAISHAN Web Server, we evaluated the system performance in real applications with a high workload. For the encryption algorithm 3DES, which is not supported in AES-NI, we could get about 12 times acceleration with accelerators. For typical encryption AES supported by instruction acceleration, we could get 52.39% bandwidth improvement compared with only hardware encryption and 20.07% improvement compared with AES-NI. Furthermore, the user could adjust the trade-off between CPU occupation and encryption performance through MM strategy, to free CPUs according to the working requirements. |
url |
http://dx.doi.org/10.1155/2018/7631342 |
work_keys_str_mv |
AT chunhuaxiao hardwaresoftwareadaptivecryptographicaccelerationforbigdataprocessing AT leizhang hardwaresoftwareadaptivecryptographicaccelerationforbigdataprocessing AT yuhuaxie hardwaresoftwareadaptivecryptographicaccelerationforbigdataprocessing AT weichenliu hardwaresoftwareadaptivecryptographicaccelerationforbigdataprocessing AT duoliu hardwaresoftwareadaptivecryptographicaccelerationforbigdataprocessing |
_version_ |
1725256754774671360 |