IPsec-Protected Transport of HDTV over IP

  • Peter Bellows
  • Jaroslav Flidr
  • Ladan Gharai
  • Colin Perkins
  • Pawel Chodowiec
  • Kris Gaj
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2778)


Bandwidth-intensive applications compete directly with the operating system’s network stack for CPU cycles. This is particularly true when the stack performs security protocols such as IPsec; the additional load of complex cryptographic transforms overwhelms modern CPUs when data rates exceed 100 Mbps. This paper describes a network-processing accelerator which overcomes these bottlenecks by offloading packet processing and cryptographic transforms to an intelligent interface card. The system achieves sustained 1 Gbps host-to-host bandwidth of encrypted IPsec traffic on commodity CPUs and networks. It appears to the application developer as a normal network interface, because the hardware acceleration is transparent to the user. The system is highly programmable and can support a variety of offload functions. A sample application is described, wherein production-quality HDTV is transported over IP at nearly 900 Mbps, fully secured using IPsec with AES encryption.


Device Driver Packet Processing Security Association Grip System HDTV System 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Calvin, J.: Digital convergence. In: Proceedings of theWorkshop on New Visions ofr Large- Scale Networks: Research and Applications, Vienna, Virginia (2001)Google Scholar
  2. 2.
    IP Security Protocol (IPsec) Charter: Latest RFCs and Internet Drafts for IPsec (2003),
  3. 3.
    FreeS/WAN: IPsec Performance Benchmarking (2002),
  4. 4.
    Schott, B., Bellows, P., French, M., Parker, R.: Applications of adaptive computing systems for signal processing challenges. In: Proceedings of the Asia South Pacific Design Automation Conference, Kitakyushu, Japan (2003)Google Scholar
  5. 5.
    Bellows, P., Flidr, J., Lehman, T., Schott, B., Underwood, K.D.: GRIP: A reconfigurable architecture for host-based gigabit-rate packet processing. In: Proc. of the IEEE Symposium on Field-Programmable Custom Computing Machines, Napa Valley, CA (2002)Google Scholar
  6. 6.
    Chodowiec, P., Gaj, K., Bellows, P., Schott, B.: Experimental testing of the gigabit IPseccompliant implementations of Rijndael and Triple-DES using SLAAC-1V FPGA acceleratorboard. In: Proc. of the 4th Int’l Information Security Conf., Malaga, Spain (2001)Google Scholar
  7. 7.
    Grembowski, T., Lien, R., Gaj, K., Nguyen, N., Bellows, P., Flidr, J., Lehman, T., Schott, B.: Comparative analysis of the hardware implementations of hash functions SHA-1 and SHA-512. In: Proc. of the 5th Int’l Information Security Conf., Sao Paulo, Brazil (2002)Google Scholar
  8. 8.
    Hutchings, B.L., Franklin, R., Carver, D.: Assisting network intrusion detection with reconfigurable hardware. In: Proc. of the IEEE Symposium on Field-Programmable Custom Computing Machines, Napa Valley, CA (2002)Google Scholar
  9. 9.
    FreeS/Wan (2003),
  10. 10.
    Society of Motion Picture and Television Engineers: Bit-serial digital interface for highdefinition television systems. SMPTE-292M (1998)Google Scholar
  11. 11.
    Perkins, C.S., Gharai, L., Lehman, T., Mankin, A.: Experiments with delivery of HDTV over IP networks. In: Proc. of the 12th International Packet Video Workshop (2002)Google Scholar
  12. 12.
    Schulzrinne, H., Casner, S., Frederick, R., Jacobson, V.: RTP: A transport protocol for realtime applications RFC 1889 (1996)Google Scholar
  13. 13.
    DVS Digital Video Systems (2003),
  14. 14.
    Mummert, T., Kosak, C., Steenkiste, P., Fisher, A.: Fine grain parallel communication on general purpose LANs. In: Proceedings of 1996 International Conference on Supercomputing (ICS 1996), Philadelphia, PA, USA, pp. 341–349 (1996)Google Scholar
  15. 15.
    Reinhardt, S.K., Larus, J.R., Wood, D.A.: Tempest and typhoon: User-level shared memory. In: International Conference on Computer Architecture, Chicago, Illinois, USA (1994)Google Scholar
  16. 16.
    Sumimoto, S., Tezuka, H., Hori, A., Harada, H., Takahashi, T., Ishikawa, Y.: The design and evaluation of high performance communication using a Gigabit Ethernet. In: International Conference on Supercomputing, Rhodes, Greece (1999)Google Scholar
  17. 17.
    Shivam, P., Wyckoff, P., Panda, D.: EMP: Zero-copy OS-bypass NIC-driven Gigabit Ethernet message passing. In: Proc. of the 2001 Conference on Supercomputing (2001)Google Scholar
  18. 18.
    Lockwood, J.W., Turner, J.S., Taylor, D.E.: Field programmable port extender (FPX) for distributed routing and queueing. In: Proc. of the ACM International Symposium on Field Programmable Gate Arrays, Napa Valley, CA, pp. 30–39 (1997)Google Scholar
  19. 19.
    McHenry, J.T., Dowd, P.W., Pellegrino, F.A., Carrozzi, T.M., Cocks, W.B.: An FPGA-based coprocessor for ATM irewalls. In: Proc. of the IEEE Symposium on FPGAs for Custom Computing Machines, Napa Valley, CA, pp. 30–39 (1997)Google Scholar
  20. 20.
    Underwood, K.D., Sass, R.R., Ligon, W.B.: Analysis of a prototype intelligent network interface. Concurrency and Computing: Practice and Experience (2002)Google Scholar
  21. 21.
    National Laboratory for Applied Network Research: Network performance measuring tool (2003),
  22. 22.
    Jarvinen, K., Tommiska, M., Skytta, J.: Fully pipelined memoryless 17.8 Gbps AES-128 encryptor. In: 11th ACM International Symposium on Field- Programmable Gate Arrays (FPGA 2003), Monterey, California (2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Peter Bellows
    • 1
  • Jaroslav Flidr
    • 1
  • Ladan Gharai
    • 1
  • Colin Perkins
    • 1
  • Pawel Chodowiec
    • 2
  • Kris Gaj
    • 2
  1. 1.USC Information Sciences InstituteArlingtonUSA
  2. 2.Dept. of Electrical and Computer EngineeringGeorge Mason UniversityFairfaxUSA

Personalised recommendations