Implementação e avaliação da cifra de fluxo Forro14 em hardware programável Tofino usando a linguagem P4
Resumo
O paradigma de redes definidas por software (SDN) habilitou diversas inovações em redes de computadores, principalmente na programabilidade do processamento de pacotes. Neste trabalho, investigou-se a viabilidade e os impactos em recursos computacionais do algoritmo de cifra de fluxo Forro14 em hardware de switch programável Tofino usando a linguagem P4. Para fins de comparação, foi analisado também o algoritmo ChaCha20 quanto a seu desempenho e impacto no mesmo switch. Constatou-se que o algoritmo Forro14 tem um desempenho melhor usando menos recursos que o ChaCha20 para comunicações de até 10 Gbps. Entretanto, quando são adotadas técnicas de paralelização, ChaCha20 tem um desempenho melhor para taxas maiores de dados, mas utilizando mais recursos de processamento do dispositivo que Forro14.Referências
Arciszewski, S. (2020). XChaCha: eXtended-nonce ChaCha and AEAD XChaCha20 Poly1305. Internet-Draft draft-irtf-cfrg-xchacha-03, Internet Engineering Task Force. Work in Progress.
Bernstein, D. J. et al. (2008). Chacha, a variant of salsa20. In Workshop record of SASC, volume 8, pages 3–5. Citeseer.
Bosshart, P., Daly, D., Gibb, G., Izzard, M., McKeown, N., Rexford, J., Schlesinger, C., Talayco, D., Vahdat, A., Varghese, G., et al. (2014). P4: Programming protocol-independent packet processors. ACM SIGCOMM Computer Communication Review, 44(3):87–95.
Chen, X. (2020). Implementing aes encryption on programmable switches via scrambled lookup tables. In Proceedings of the Workshop on Secure Programmable Network Infrastructure, pages 8–14.
Costa, F. G. (2023). Pipo-tg: parameterizable high performance traffic generation.
Coutinho, M. (2023a). Design, diffusion, and cryptanalysis of symmetric primitive.
Coutinho, M. (2023b). forro cipher. [link]. Online: Acesso em 28-05-2024.
Coutinho, M., Passos, I., and Borges, F. (2023a). The design and implementation of xforró14-poly1305: a new authenticated encryption scheme. In Anais do XXIII Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais, pages 456–469, Porto Alegre, RS, Brasil. SBC.
Coutinho, M., Passos, I., Vásquez, J. C. G., Sarkar, S., de Mendonça, F. L., de Sousa Jr, R. T., and Borges, F. (2023b). Latin dances reloaded: Improved cryptanalysis against salsa and chacha, and the proposal of forró. Journal of Cryptology, 36(3):18.
Dang, H. T., Bressana, P., Wang, H., Lee, K. S., Zilberman, N., Weatherspoon, H., Canini, M., Pedone, F., and Soulé, R. (2020). P4xos: Consensus as a network service. IEEE/ACM Transactions on Networking, 28(4):1726–1738.
Datta, R., Choi, S., Chowdhary, A., and Park, Y. (2018). P4guard: Designing p4 based firewall. In MILCOM 2018-2018 IEEE Military Communications Conference (MIL-COM), pages 1–6. IEEE.
Dworkin, M., Barker, E., Nechvatal, J., Foti, J., Bassham, L., Roback, E., and Dray, J. (2001). Advanced encryption standard (aes).
Fernandes, E. L. and Rothenberg, C. E. (2014). Openflow 1.3 software switch. Salao de Ferramentas do XXXII Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuıdos SBRC, pages 1021–1028.
Hauser, F., Häberle, M., Merling, D., Lindner, S., Gurevich, V., Zeiger, F., Frank, R., and Menth, M. (2023). A survey on data plane programming with p4: Fundamentals, advances, and applied research. Journal of Network and Computer Applications, 212:103561.
Jin, X., Li, X., Zhang, H., Soulé, R., Lee, J., Foster, N., Kim, C., and Stoica, I. (2017). Netcache: Balancing key-value stores with fast in-network caching. In Proceedings of the 26th Symposium on Operating Systems Principles, pages 121–136.
Kfoury, E. F., Crichigno, J., and Bou-Harb, E. (2021). An exhaustive survey on p4 programmable data plane switches: Taxonomy, applications, challenges, and future trends. IEEE Access, 9:87094–87155.
Kreutz, D., Ramos, F. M., Verissimo, P. E., Rothenberg, C. E., Azodolmolky, S., and Uhlig, S. (2014). Software-defined networking: A comprehensive survey. Proceedings of the IEEE, 103(1):14–76.
Li, G., Zhang, M., Liu, C., Kong, X., Chen, A., Gu, G., and Duan, H. (2019). Nethcf: Enabling line-rate and adaptive spoofed ip traffic filtering. In 2019 IEEE 27th international conference on network protocols (ICNP), pages 1–12. IEEE.
Mahrach, S., Mjihil, O., and Haqiq, A. (2018). Scalable and dynamic network intrusion detection and prevention system. In Innovations in Bio-Inspired Computing and Applications: Proceedings of the 8th International Conference on Innovations in Bio-Inspired Computing and Applications (IBICA 2017) held in Marrakech, Morocco, December 11-13, 2017, pages 318–328. Springer.
Nir, Y. and Langley, A. (2015). ChaCha20 and Poly1305 for IETF Protocols. RFC 7539.
Peterson, L., Cascone, C., and Davie, B. (2021). Software-Defined Networks: A Systems Approach. Systems Approach LLC.
Scholz, D., Oeldemann, A., Geyer, F., Gallenmüller, S., Stubbe, H., Wild, T., Herkersdorf, A., and Carle, G. (2019). Cryptographic hashing in p4 data planes. In 2019 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS), pages 1–6. IEEE.
Sivaraman, V., Narayana, S., Rottenstreich, O., Muthukrishnan, S., and Rexford, J. (2017). Heavy-hitter detection entirely in the data plane. In Proceedings of the Symposium on SDN Research, pages 164–176.
Tokusashi, Y., Matsutani, H., and Zilberman, N. (2018). Lake: the power of in-network computing. In 2018 International Conference on ReConFigurable Computing and FPGAs (ReConFig), pages 1–8. IEEE.
Vieira, M. A., Castanho, M. S., Pacífico, R. D., Santos, E. R., Júnior, E. P. C., and Vieira, L. F. (2020). Fast packet processing with ebpf and xdp: Concepts, code, challenges, and applications. ACM Computing Surveys (CSUR), 53(1):1–36.
Yoo, S. and Chen, X. (2021). Secure keyed hashing on programmable switches. In Proceedings of the ACM SIGCOMM 2021 Workshop on Secure Programmable network INfrastructure, pages 16–22.
Yoshinaka, Y., Takemasa, J., Koizumi, Y., and Hasegawa, T. (2022). On implementing chacha on a programmable switch. In Proceedings of the 5th International Workshop on P4 in Europe, pages 15–18.
Zheng, C., Rienecker, B., and Zilberman, N. (2023). Qcmp: Load balancing via in-network reinforcement learning. In Proceedings of the 2nd ACM SIGCOMM Workshop on Future of Internet Routing & Addressing, pages 35–40.
Bernstein, D. J. et al. (2008). Chacha, a variant of salsa20. In Workshop record of SASC, volume 8, pages 3–5. Citeseer.
Bosshart, P., Daly, D., Gibb, G., Izzard, M., McKeown, N., Rexford, J., Schlesinger, C., Talayco, D., Vahdat, A., Varghese, G., et al. (2014). P4: Programming protocol-independent packet processors. ACM SIGCOMM Computer Communication Review, 44(3):87–95.
Chen, X. (2020). Implementing aes encryption on programmable switches via scrambled lookup tables. In Proceedings of the Workshop on Secure Programmable Network Infrastructure, pages 8–14.
Costa, F. G. (2023). Pipo-tg: parameterizable high performance traffic generation.
Coutinho, M. (2023a). Design, diffusion, and cryptanalysis of symmetric primitive.
Coutinho, M. (2023b). forro cipher. [link]. Online: Acesso em 28-05-2024.
Coutinho, M., Passos, I., and Borges, F. (2023a). The design and implementation of xforró14-poly1305: a new authenticated encryption scheme. In Anais do XXIII Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais, pages 456–469, Porto Alegre, RS, Brasil. SBC.
Coutinho, M., Passos, I., Vásquez, J. C. G., Sarkar, S., de Mendonça, F. L., de Sousa Jr, R. T., and Borges, F. (2023b). Latin dances reloaded: Improved cryptanalysis against salsa and chacha, and the proposal of forró. Journal of Cryptology, 36(3):18.
Dang, H. T., Bressana, P., Wang, H., Lee, K. S., Zilberman, N., Weatherspoon, H., Canini, M., Pedone, F., and Soulé, R. (2020). P4xos: Consensus as a network service. IEEE/ACM Transactions on Networking, 28(4):1726–1738.
Datta, R., Choi, S., Chowdhary, A., and Park, Y. (2018). P4guard: Designing p4 based firewall. In MILCOM 2018-2018 IEEE Military Communications Conference (MIL-COM), pages 1–6. IEEE.
Dworkin, M., Barker, E., Nechvatal, J., Foti, J., Bassham, L., Roback, E., and Dray, J. (2001). Advanced encryption standard (aes).
Fernandes, E. L. and Rothenberg, C. E. (2014). Openflow 1.3 software switch. Salao de Ferramentas do XXXII Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuıdos SBRC, pages 1021–1028.
Hauser, F., Häberle, M., Merling, D., Lindner, S., Gurevich, V., Zeiger, F., Frank, R., and Menth, M. (2023). A survey on data plane programming with p4: Fundamentals, advances, and applied research. Journal of Network and Computer Applications, 212:103561.
Jin, X., Li, X., Zhang, H., Soulé, R., Lee, J., Foster, N., Kim, C., and Stoica, I. (2017). Netcache: Balancing key-value stores with fast in-network caching. In Proceedings of the 26th Symposium on Operating Systems Principles, pages 121–136.
Kfoury, E. F., Crichigno, J., and Bou-Harb, E. (2021). An exhaustive survey on p4 programmable data plane switches: Taxonomy, applications, challenges, and future trends. IEEE Access, 9:87094–87155.
Kreutz, D., Ramos, F. M., Verissimo, P. E., Rothenberg, C. E., Azodolmolky, S., and Uhlig, S. (2014). Software-defined networking: A comprehensive survey. Proceedings of the IEEE, 103(1):14–76.
Li, G., Zhang, M., Liu, C., Kong, X., Chen, A., Gu, G., and Duan, H. (2019). Nethcf: Enabling line-rate and adaptive spoofed ip traffic filtering. In 2019 IEEE 27th international conference on network protocols (ICNP), pages 1–12. IEEE.
Mahrach, S., Mjihil, O., and Haqiq, A. (2018). Scalable and dynamic network intrusion detection and prevention system. In Innovations in Bio-Inspired Computing and Applications: Proceedings of the 8th International Conference on Innovations in Bio-Inspired Computing and Applications (IBICA 2017) held in Marrakech, Morocco, December 11-13, 2017, pages 318–328. Springer.
Nir, Y. and Langley, A. (2015). ChaCha20 and Poly1305 for IETF Protocols. RFC 7539.
Peterson, L., Cascone, C., and Davie, B. (2021). Software-Defined Networks: A Systems Approach. Systems Approach LLC.
Scholz, D., Oeldemann, A., Geyer, F., Gallenmüller, S., Stubbe, H., Wild, T., Herkersdorf, A., and Carle, G. (2019). Cryptographic hashing in p4 data planes. In 2019 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS), pages 1–6. IEEE.
Sivaraman, V., Narayana, S., Rottenstreich, O., Muthukrishnan, S., and Rexford, J. (2017). Heavy-hitter detection entirely in the data plane. In Proceedings of the Symposium on SDN Research, pages 164–176.
Tokusashi, Y., Matsutani, H., and Zilberman, N. (2018). Lake: the power of in-network computing. In 2018 International Conference on ReConFigurable Computing and FPGAs (ReConFig), pages 1–8. IEEE.
Vieira, M. A., Castanho, M. S., Pacífico, R. D., Santos, E. R., Júnior, E. P. C., and Vieira, L. F. (2020). Fast packet processing with ebpf and xdp: Concepts, code, challenges, and applications. ACM Computing Surveys (CSUR), 53(1):1–36.
Yoo, S. and Chen, X. (2021). Secure keyed hashing on programmable switches. In Proceedings of the ACM SIGCOMM 2021 Workshop on Secure Programmable network INfrastructure, pages 16–22.
Yoshinaka, Y., Takemasa, J., Koizumi, Y., and Hasegawa, T. (2022). On implementing chacha on a programmable switch. In Proceedings of the 5th International Workshop on P4 in Europe, pages 15–18.
Zheng, C., Rienecker, B., and Zilberman, N. (2023). Qcmp: Load balancing via in-network reinforcement learning. In Proceedings of the 2nd ACM SIGCOMM Workshop on Future of Internet Routing & Addressing, pages 35–40.
Publicado
16/09/2024
Como Citar
PIERINI, Rodrigo A. de A.; TEIXEIRA, Caio; ROTHENBERG, Christian Esteve; HENRIQUES, Marco A. Amaral.
Implementação e avaliação da cifra de fluxo Forro14 em hardware programável Tofino usando a linguagem P4. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 24. , 2024, São José dos Campos/SP.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 399-414.
DOI: https://doi.org/10.5753/sbseg.2024.241483.