摘要
针对当前互联网中加密传输机制普遍存在协议相关性,无法同时满足多种私有协议跨互联网安全传输需求的问题,提出了一种基于可编程协议无关报文处理(Programming Protocol-Independent Packet Processors,P4)的加密与转发一体化技术与系统模型。首先,基于可编程数据平面,设计了一种数据包缓存方法,实现了不同网络协议数据包的解析和包头存储。其次,提出了基于国密算法的加密传输机制,并在数据平面中实现了加密与转发的一体化设计。最后,在可编程交换设备上实现该系统模型,同时将加解密操作卸载到专用加密卡上,进一步弥补了软交换的性能缺陷。实验证明,该系统实现了多协议的加密和转发,通过硬件加速,系统性能得到了显著优化。
To address the problem that the current encryption transmission mechanism in the Internet has the characteristics of protocol correlation and cannot meet the needs of secure transmission of multiple private protocols across the Internet at the same time,a Programming Protocol-Independent Packet Processors(P4)-based encryption and forwarding integration technology and system model is proposed.First,based on the programmable data plane,a packet buffering method is designed,which realizes the parsing and header storage of packets of different network protocols.Then,an en-crypted transmission mechanism based on the Chinese secret algorithm is proposed,and the integrat-ed design of encryption and forwarding is realized in the data plane.Finally,the system model is im-plemented on a programmable switching device,and the encryption and decryption operations are of-floaded to a dedicated encryption card,which further makes up for the performance defect of the softswitch.Experiments show that the system achieves multi-protocol encryption and forwarding,and the system performance is significantly optimized through hardware acceleration.
作者
刘泽英
胡宇翔
崔鹏帅
董永吉
王钰
LIU Zeying;HU Yuxiang;CUI Pengshuai;DONG Yongji;WANG Yu(Information Engineering University,Zhengzhou 450001,China)
出处
《信息工程大学学报》
2023年第6期734-740,共7页
Journal of Information Engineering University
基金
国家重点研发计划资助项目(2019YFB1802501)。
关键词
P4
可编程数据平面
加密传输
协议无关
P4
programmable data plane
encrypted transmission
protocol-independent
