Parallel architecture support for network security protocols

OData support
Dr. Holczer Tamás
Department of Networked Systems and Services

Nowadays the internet grows day-by-day, and the service providers have to serve an ever increasing traffic. Although often the single user has the need for using security protocols, for example when communicating with banks or government authorities, the service providers also prefer the usage of secure connections more and more. However, satisfying the needs of the provider is a much harder task, since they have to ensure security protocols on thousands of relatively long-life data streams. So the base problem is that how are we able to secure simultaneously resource-intensive algorithms on a high amount of network connections. The idea of processing the data streams in parallel comes from here.

In my thesis I examine two, commonly used cryptographic algorithms, namely Advanced Encryption Standard and Secure Hash Algorithm. I chose these algorithms, because currently the most commonly used cryptographic algorithms are based on these. First I got familiar with these algorithms, I got to know their inner structure, their characteristics and existing implementations. I made performance measurements on a traditional CPU, which serves as a reference for the other parts of the thesis.

After that, I examined the possibility of parallel execution of these algorithms on GPU, where I used existing and new implementations. GPUs are originally designed for visualization, but nowadays they also can be programmed with a general purpose, and because of their highly parallel structure, it is important to examine how well they perform when they execute security algorithms. I measured the performance of two, high-end GPUs, compared the results to the traditional CPU, and determined the potential strengths and weaknesses of the architecture. Moreover, I implemented a server-client application pair, which are able to combine the advantages of both architectures and provide a secured communication similar to a real-life application.

The third examined architecture was a special hardware, a so-called packet processor. This device was specifically designed for processing a large amount of data streams, i.e. it complies to our base problem really well. By taking into consideration the hardware attributes, I implemented the earlier mentioned cryptographic algorithms on this architecture and compared the results to the CPU measurements. I concluded the results, determined the advantages and disadvantages of the different architectures from the point of view of the cryptographic primitives, and made recommendations based on these results for the real-life applications.


Please sign in to download the files of this thesis.