隨著有線、無線通訊的發展，網路安全成為一個很重要的議題。網際網路安全性協定（IPsec）即為保護資料在網際網路流通時的私密性而發展出的一套協定，亦即將網路上的身分確認，資料完整性與資料私密性的基本安全要素，直接放到IP網路本身，從根本來解決網際網路的安全問題。另外，隨著網路速度的成長，以軟體來實現已經不足以應付網路上大量的傳輸資料。因此，本論文提出可擴充性的架構，以應付不斷成長的網路速度。
針對IPsec的應用，我們提出三個可擴充性架構，並對每個架構做效能評估。其中包含了兩個Bus-Based架構，及一個Non-Bus-Based架構。此架構可以平行處理多個網路封包，根據效能評估結果，本架構可擴充至10個密碼學演算法（其中包含5個AES及5個HMAC）。對於需要超過10個密碼演算法的高速網路，本架構的擴充方式，即將整個IPsec Processor複製一套，以符合高速網路的需求。
根據效能評估結果，我們做了一個實驗：包含2個AES及2個HMAC。在此例子中，總面積為266K Gates；系統最高的效能為1.1Gbps，此效能為處理1,400-byte的網路封包、使用AES-CBC Mode演算法、以及128-bit的金鑰（Key）所得到的實驗結果。另外，系統最低的平均效能為356Mbps，此效能是使用AES-CBC Mode、256-bit的金鑰，以及HMAC-SHA-1 Mode、使用256-bit金鑰所得之實驗結果。

With the rapid growth of applications in Internet and wireless communication, the security for transmitting information on public network has become a fundamental issue. The Internet Protocol Security (IPsec) standard is developed by the Internet Engineering Task Force (IETF) to provide the security services at the IP layer. IPsec implemented by software is not sufficient to handle the enormous traffic generated by modern network applications.
In this thesis, we propose three scalable architectures for IPsec which support the Encapsulating Security Payload (ESP) protocol in tunnel mode. Besides, an evaluation method is provided for the proposed architectures, including the AMBA-based and non-bus-based interconnection methods. The IPsec processor is implemented with core-based design methodology. The cryptographic algorithms supported in our design are AES-ECB, AES-CBC, HMAC-MD5 and HMAC-SHA-1. The proposed architecture is available for processing more than one packet in parallel using only one copy of protocol processing hardware with 10 crypto-engines (5 AES and 5 HMAC engines). If more than 10 crypto-engines are required for high-speed network, another copy of IPsec processor must be implemented. The proposed architecture is platform based and scalable, which provides tradeoff between performance and cost for a wide range of network applications.
Broadcom BCM5841 is a scalable architecture for IPsec. The design details of BCM5841 are not revealed in their white paper. We apply our design to the architecture of BCM5841 and compare the cost and performance with that of the proposed architecture. The performance is the same for the two architectures, but the area of the proposed architecture is less than that of BCM5841. The usage of crypto-engines is flexible in the proposed architecture with AMBA-based interconnection method. Moreover, the utilization of crypto-engines in the proposed architecture is better when the IP traffic requires the entire security service of either encryption or authentication, but not both.
Based on the analysis results, we give an example implemented with 2 AES and 2 HMAC engines. The total gate count is about 266 K gates. The maximum system throughput is 1.1 Gbps for 1,400-byte IP packets, with ESP processing using the AES-CBC mode and 128-bit key. For the worst case, the average system throughput is 356 Mbps, where the IP packets are processed using the AES-CBC mode with 256-bit key and HMAC-SHA-1 mode with 256-bit key.

[1] Broadcom Inc., “BCM5841”, http://www.broadcom.com, 2002.
[2] M. R. Kastelino, “IPsec forwarding application level benchmark”, 2003.
[3] Inc. ARM Components, AMBA Specification Rev2.0, May 1999.
[4] Inc. Artisan Components, UMC 0.18um L180 Process 1.8-Volt Sage-XTM Standard Cell
Library Databook, 2003.
[5] A. D. Keromytis, “Implementing IPsec”, in Global Telecommunications Conference
(GLOBECOM), 1997, pp. 1948–1952.
[6] M. Han, J. Kim, and S. Sohn, “Network processor architecture for ipsec”, in The 6th International
Conference, 2004, pp. 485–487.
[7] C.-S. Ha, J.-H. Lee, D.-S. Leem, M.-S. Park, and B.-T. Choi, “ASIC design of ipsec hardware
accelerator for network security”, in Proc. 4th IEEE Asia-Pacific Conf. Advanced System
Integrated Circuits (AP-ASIC), Aug. 2004, pp. 168–171.
[8] M. McLoone and J. V. McCanny, “A single-chip IPSEC cryptographic processor”, in Proc.
IEEE Workshop on Singal Processing Systems (SIPS), San Diego, Oct. 2002, pp. 133–138.
[9] C.-P. Su, C.-L. Horng, C.-T. Huang, and C.-W. Wu, “A configurable AES processor for
enhanced security”, in Proc. Asia and South Pacific Design Automation Conf. (ASP-DAC),
Shanghai, Jan. 2005, pp. 361–366.
[10] M.-Y. Wang, C.-P. Su, C.-T. Huang, and C.-W. Wu, “An HMAC processor with integrated
SHA-1 and MD5 algorithms”, in Proc. Asia and South Pacific Design Automation Conf.
(ASP-DAC), Yokohama, Jan. 2004, pp. 456–458.
[11] A. Nikologiannis G. Kornaros, I. Papaefstathiou and N. Zervos, “A fully-programmable
memory management system optimizing queue handling at multi gigabit rates”, in Proc.
IEEE/ACM Design Automation Conf. (DAC), 2003, pp. 54–59.
[12] S. Kent and R. Atkinson, Security Architecture for the Internet Protocol, IETF Network
Working Group, 1998, RFC 2401.
[13] S. Kent and R. Atkinson, IP Authentication Header, IETF Network Working Group, 1998,
RFC 2402.
[14] S. Kent and R. Atkinson, IP Encapsulating Security Payload (ESP), IETF NetworkWorking
Group, 1998, RFC 2406.
[15] C. Madson and N. Doraswamy, “The ESP DES-CBC cipher algorithm with explicit IV”,
1998, RFC 2405.
[16] S. Frankel, R. Glenn, and S. Kelly, The AES-CBC Cipher Algorithm and Its Use with IPsec,
IETF Network Working Group, 2003, RFC 3602.
[17] C. Madson and R. Glenn, “The use of HMAC-MD5-96 within ESP and AH”, RFC 2403, the
Internet Society, Nov. 1998.
[18] C. Madson and R. Glenn, “The use of HMAC-SHA-1-96 within ESP and AH”, RFC 2404,
the Internet Society, Nov. 1998.
[19] J. Reynolds and J. Postel, “Assigned numbers”, 1994, RFC 1700.
[20] C.-P. Su, Design and Test of an Advanced Cryptographic Processor, PhD dissertation, Dept.
Electrical Engineering, National Tsing Hua University, Hsinchu, Taiwan, June 2004.
[21] ARM Components, Inc., Multi-Layer AHB, 2001.
[22] R. Braden and D. Borman, “Computing the internet checksum”, 1988, RFC 1071.
[23] C.-L. Horng, “An AES cipher chip design using on-the-fly key scheduler”, Master Thesis,
Dept. Electrical Engineering, National Tsing Hua University, Hsinchu, Taiwan, June 2004.