Computer Engineering and Applications ›› 2007, Vol. 43 ›› Issue (4): 122-124.

• 网络、通信与安全 • Previous Articles     Next Articles

Implementation of embedded VPN Gateway based hardware data encryption

  

  • Received:2006-06-05 Revised:1900-01-01 Online:2007-02-01 Published:2007-02-01

基于硬件加密的嵌入式VPN网关实现

杨黎斌 慕德俊 蔡晓妍 刘航   

  1. 西北工业大学自动化学院 西北工业大学 西北工业大学
  • 通讯作者: 杨黎斌

Abstract: With increasing requirements of network applications, software data encryption/decryption for VPN gateway becomes bottleneck of the processing speeds. In this paper, a novel architecture for embedded VPN Gateway based on network processor, coupled with Cryptography card is proposed. The main idea is that the significant and computing intensive portion of the computation, such as encryption/decryption and hash calculation of IPSec data , are implemented by the hardware Cryptography card, while the network processor is dedicated to encapsulating IPSec data. The experimental results show that the architecture can work steadily and have a good performance in high speed.

摘要: 处理速度成为制约基于软件加/解密的VPN网关性能提高的瓶颈。文中提出了网络主处理器和加密卡并行处理IPSec数据的嵌入式VPN网关实现方案。在该实现方案中,IPSec数据包的加/解密以及认证等高强度的计算均由硬件加密卡完成,而使网络主处理器更专注于对IPSec数据包的封装处理。试验数据表明,这种实现方案运行稳定,能够满足高速网络的需求。