IP security (IPsec) protocols are widely used to protect sensitive data over the Internet. For equipment linked by high-bandwidth optical fibers, the throughput requirement usually results in the adoption of high-performance network security processors. In this paper, we propose a parallel mesh-structured IPsec (MIPsec) processor, which executes the IPsec protocols for Internet security gateway applications. We have developed several area-efficient cryptographic IPs embedded in MIPsec to lower silicon cost. Thanks to structural regularity, the simple deterministic programming of MIPsec guarantees high utilization of the hardware. Also, both handshake and contention issues are solved in the scheme, such that performance can be scaled up. Specifically, the 6.23-million-gate MIPsec achieves 10-Gb/s wire speed for each routing direction. The proposed MIPsec is suitable for transport mode or other crypto mix as well.

• 出版日期2010-5
• 单位清华大学