Christian Paquin,Douglas Stebila,Goutam Tamvada

DOI: https://doi.org/10.1007/978-3-030-44223-1_5

2020-01-01

Abstract:AbstractPost-quantum cryptographic primitives have a range of trade-offs compared to traditional public key algorithms, either having slower computation or larger public keys and ciphertexts/signatures, or both. While the performance of these algorithms in isolation is easy to measure and has been a focus of optimization techniques, performance in realistic network conditions has been less studied. Google and Cloudflare have reported results from running experiments with post-quantum key exchange algorithms in the Transport Layer Security (TLS) protocol with real users’ network traffic. Such experiments are highly realistic, but cannot be replicated without access to Internet-scale infrastructure, and do not allow for isolating the effect of individual network characteristics.In this work, we develop and make use of a framework for running such experiments in TLS cheaply by emulating network conditions using the networking features of the Linux kernel. Our testbed allows us to independently control variables such as link latency and packet loss rate, and then examine the performance impact of various post-quantum-primitives on TLS connection establishment, specifically hybrid elliptic curve/post-quantum key exchange and post-quantum digital signatures, based on implementations from the Open Quantum Safe project. Among our key results, we observe that packet loss rates above 3–5% start to have a significant impact on post-quantum algorithms that fragment across many packets, such as those based on unstructured lattices. The results from this emulation framework are also complemented by results on the latency of loading entire web pages over TLS in real network conditions, which show that network latency hides most of the impact from algorithms with slower computations (such as supersingular isogenies).

Xing Li,Xiaochong Jiang,Ye Yang,Lilong Chen,Yi Wang,Chao Wang,Chao Xu,Yilong Lv,Bowen Yang,Taotao Wu,Haifeng Gao,Zikang Chen,Yisong Qiao,Hongwei Ding,Yijian Dong,Hang Yang,Jianming Song,Jianyuan Lu,Pengyu Zhang,Chengkun Wei,Zihui Zhang,Wenzhi Chen,Qinming He,Shunmin Zhu

DOI: https://doi.org/10.1145/3651890.3672224

2024-01-01

Abstract:Apsara vSwitch (AVS) is a per-host deployed forwarding component for instance network connectivity in the Alibaba Cloud. To meet the growing performance demands, we accelerated AVS by adopting the most widely used "Sep-path" offloading architecture, which introduces a separate hardware data path to speed up popular traffic. However, the deployment results prove that it is difficult to bridge the gap in performance and programming flexibility of the software and hardware data paths, resulting in unpredictable performance and low iteration velocity. This paper introduces Triton, a flexible hardware offloading architecture for accelerating AVS. Triton stands out with a unified data path, where each packet passes serially through software and hardware processing to ensure predictable performance. For flexibility, Triton implements an elegant workload distribution model, which offloads generic tasks to hardware but maintains dynamic logic in software. Additionally, Triton integrates a series of cutting-edge software-hardware co-designs, including vector packet processing and header-payload slicing, to mitigate software bottlenecks and enhance forwarding efficiency. The deployment results compared to our prior solution based on "Sep-path" reveal that Triton achieves predictable high bandwidth and packet rate, and notably improves the connection establishment rate by 72%, with only 2μs increase in latency. More importantly, the flexibility and iteration velocity of the software in Triton will save development costs and bolster maintenance efficiency for cloud vendors.

Jieyu Zheng,Haoliang Zhu,Yifan Dong,Zhenyu Song,Zhenhao Zhang,Yafang Yang,Yunlei Zhao

2024-04-23

Abstract:TLS is extensively utilized for secure data transmission over networks. However, with the advent of quantum computers, the security of TLS based on traditional public-key cryptography is under threat. To counter quantum threats, it is imperative to integrate post-quantum algorithms into TLS. Most PQ-TLS research focuses on integration and evaluation, but few studies address the improvement of PQ-TLS performance by optimizing PQC implementation. For the TLS protocol, handshake performance is crucial, and for post-quantum TLS (PQ-TLS) the performance of post-quantum key encapsulation mechanisms (KEMs) directly impacts handshake performance. In this work, we explore the impact of post-quantum KEMs on PQ-TLS performance. We explore how to improve ML-KEM performance using the latest Intel's Advanced Vector Extensions instruction set AVX-512. We detail a spectrum of techniques devised to parallelize polynomial multiplication, modular reduction, and other computationally intensive modules within ML-KEM. Our optimized ML-KEM implementation achieves up to 1.64x speedup compared to the latest AVX2 implementation. Furthermore, we introduce a novel batch key generation method for ML-KEM that can seamlessly integrate into the TLS protocols. The batch method accelerates the key generation procedure by 3.5x to 4.9x. We integrate the optimized AVX-512 implementation of ML-KEM into TLS 1.3, and assess handshake performance under both PQ-only and hybrid modes. The assessment demonstrates that our faster ML-KEM implementation results in a higher number of TLS 1.3 handshakes per second under both modes. Additionally, we revisit two IND-1-CCA KEM constructions discussed in Eurocrypt22 and Asiacrypt23. Besides, we implement them based on ML-KEM and integrate the one of better performance into TLS 1.3 with benchmarks.

Cryptography and Security

Yiquan Chen,Jinlong Chen,Yijing Wang,Yi Chen,Zhen Jin,Jiexiong Xu,Guoju Fang,Wenhai Lin,Chengkun Wei,Wenzhi Chen

DOI: https://doi.org/10.1109/ccgrid57682.2023.00012

2023-01-01

Abstract:NVMe over Fabrics (NVMe-oF) has been widely applied as a remote storage protocol in cloud computing. The existing NVMe-oF software stack consumes a large number of CPU resources. Emerging devices, such as Smart NICs and DPUs, have supported hardware offloading of NVMe-oF to free these valuable CPU cores. However, NVMe-oF offloading capacity is always compromised because of limited hardware resources on design. Additionally, from thorough evaluations, we found that NVMe-oF inevitably suffers from severe performance degradation on complex application I/O patterns when using hardware offloading. It is challenging to achieve high performance and fully utilize NVMe-oF offloading simultaneously. In this paper, we propose HyQ, a novel hybrid I/O queue architecture for NVMe-oF, to achieve high performance while gaining the advantages of hardware offloading. HyQ realizes the coexistence of hardware offloading and software non-offloading queues, thus enabling the dynamic dispatching of I/O requests to appropriate processing queues according to user-defined I/O scheduling policies. Additionally, HyQ provides a request scheduling framework to support customized schedulers that select appropriate queues for I/O requests. In our evaluation, HyQ achieves up to 1.91x IOPS and 8.36x bandwidth performance improvement over the original hardware offloading scheme.

Jiexiong Xu,Yue Qiu,Yiquan Chen,Yijing Wang,Wenhai Lin,Yiquan Lin,Shushu Zhao,Yuqi Liu,Ying Wang,Wenzhi Chen

DOI: https://doi.org/10.1145/3688351.3689154

2024-01-01

Abstract:The NVMe-over-Fabrics (NVMe-oF) is gaining popularity in cloud data centers as a remote storage protocol for accessing NVMe storage devices across servers. With the rapid increase in throughput of the NVMe storage devices, the NVMe-oF stack consumes a significant amount of valuable CPU resources. To release these valuable computing power to other tasks, many smartNICs now support NVMe-oF Target offloading. However, this emerging NVMe-oF offloading scheme's performance has not been fully investigated. In this work, we conducted comprehensive evaluations on smartNIC NVMe-oF target offloading and non-offloading NVMe-oF with TCP and RDMA. Our results demonstrate that the target offloading can achieve comparable throughput compared to NVMe/RDMA in most synthetic and real-world application workloads while releasing up to 38.7% CPU resources. Additionally, target offloading benefits from host bypass and peer-to-peer communication between smartNIC and NVMe SSD, resulting in only 68.9% to 95.8% average latency of NVMe/RDMA. However, we also found that target offloading schemes lack flexibility for specific storage device models, leading to abnormal performance degradation. Finally, we provide insight for system architects to select the appropriate scheme based on the workload and storage device features to fully leverage the advantages of target offloading.

Maximilian Schöffel,Frederik Lauer,Carl C. Rheinländer,Norbert Wehn

DOI: https://doi.org/10.1145/3450268.3453528

2021-05-18

Abstract:Recent achievements in designing quantum computers place a serious threat on the security of state-of-the-art public key cryptography and on all communication that relies on it. Meanwhile, security is seen as one of the most critical issues of low-power IoT devices even with pre-quantum public key cryptography since IoT devices have strict energy constraints and limited computational power. Thus, state-of-the-art dedicated hardware accelerators have been deployed to facilitate secure and confidential communication with well established protocols on such devices. It is common belief that the complexity of the cryptographic computations are also the bottleneck of the new, quantum-resistant algorithms and that hardware accelerators are necessary to use them efficiently on energy constrained embedded devices. In this paper, we carried out an in-depth investigation of the application of potential Post-Quantum Cryptography algorithms, which were proposed in the associated US NIST process, to a representative TLS-based low-power IoT infrastructure. First, we show that the main contributor to the TLS handshake latency are the higher bandwidth requirements of post-quantum Key-Encapsulation Mechanisms rather than the cryptographic computations itself. Second, from the perspective of crypto-agility we show that edge devices with code-based, isogeny-based as well as lattice-based algorithms have low energy consumption, which enables long battery run times in typical IoT scenarios without dedicated hardware accelerators. Third, we increase the level of security further by combining pre-quantum and post-quantum algorithms to a hybrid key exchange, and quantify the overhead in energy consumption and latency of it.

Erik Sy,Moritz Moennich,Tobias Mueller,Hannes Federrath,Mathias Fischer

DOI: https://doi.org/10.48550/arXiv.1902.02531

2019-02-07

Abstract:TLS can resume previous connections via abbreviated resumption handshakes that significantly decrease the delay and save expensive cryptographic operations. For that, cryptographic TLS state from previous connections is reused. TLS version 1.3 recommends to avoid resumption handshakes, and thus the reuse of cryptographic state, when connecting to a different hostname. In this work, we reassess this recommendation, as we find that sharing cryptographic TLS state across hostnames is a common practice on the web. We propose a TLS extension that allows the server to inform the client about TLS state sharing with other hostnames. This information enables the client to efficiently resume TLS sessions across hostnames. Our evaluation indicates that our TLS extension provides huge performance gains for the web. For example, about 58.7% of the 20.24 full TLS handshakes that are required to retrieve an average website on the web can be converted to resumed connection establishments. This yields to a reduction of 44% of the CPU time consumed for TLS connection establishments. Furthermore, our TLS extension accelerates the connection establishment with an average website by up to 30.6% for TLS 1.3. Thus, our proposal significantly reduces the (energy) costs and the delay overhead in the encrypted web.

Cryptography and Security

Kaiyu Hou,Sen Lin,Yan Chen,Vinod Yegneswaran

DOI: https://doi.org/10.1145/3542929.3563458

2022-01-01

Abstract:ABSTRACTServerless computing has greatly simplified cloud programming. It liberates cloud tenants from various system administration and resource management tasks, such as configuration and provisioning. Under this new cloud computing paradigm, a single monolithic application is divided into separate stateless functions, i.e., function-as-a-service (FaaS), which are then orchestrated together to support complex business logic. But there is a fundamental cost associated with this enhanced flexibility. Internal network connections between functions are now initiated frequently, to support serverless features such as agile autoscaling and function chains, raising communication latency. To alleviate this cost, current serverless providers sacrifice security for performance, keeping internal function communications unencrypted. We believe that the emerging QUIC protocol, which has secured and accelerated HTTP communications in the wide area, could proffer a solution to this challenge. We design a QUIC-based FaaS framework, called QFaaS, and implement it on the OpenFaaS platform. Our design explicitly ensures that existing serverless applications can directly benefit from QFaaS without any application code modification. Experiments on synthetic functions and real-world applications demonstrate that QFaaS can reduce communication latency for single functions and function chains by 28% and 40%, respectively, and save up to 50 ms in end-user response time.

Marcel Kempf,Benedikt Jaeger,Johannes Zirngibl,Kevin Ploch,Georg Carle

DOI: https://doi.org/10.1016/j.comcom.2024.04.038

IF: 5.047

2024-05-13

Computer Communications

Abstract:QUIC is a new protocol standardized in 2021 designed to improve on the widely used TCP / TLS stack. The main goal is to speed up web traffic via HTTP, but it is also used in other areas like tunneling. Based on UDP, it offers features like reliable in-order delivery, flow and congestion control, stream-based multiplexing, and always-on encryption using TLS 1.3. Unlike TCP, QUIC integrates these capabilities in user space, relying on kernel interaction solely for UDP. Operating in user space allows more flexibility but sacrifices some kernel-level efficiency and optimization that TCP benefits from. Various QUIC implementations exist, each distinct in programming language, architecture, and design. QUIC is already widely deployed on the Internet and has been evaluated, focussing on low latency, interoperability, and standard compliance. However, benchmarks on high-speed network links are still scarce. This paper presents an extension to the QUIC Interop Runner, a framework for testing the interoperability of QUIC implementations. Our contribution enables reproducible QUIC benchmarks on dedicated hardware and high-speed links. We provide results on 10G links, including multiple implementations, evaluate how OS features like buffer sizes and NIC offloading impact QUIC performance, and show which data rates can be achieved with QUIC compared to TCP. Moreover, we analyze different CPUs and CPU architectures influence reproducible and comparable performance measurements. Furthermore, our framework can be applied to evaluate the effects of future improvements to the protocol or the OS. Our results show that QUIC performance varies widely between client and server implementations from around 50 Mbit/s to over 6000 Mbit/s. We show that the OS generally sets the default buffer size too small. Based on our findings, the buffer size should be increased by at least an order of magnitude. Our profiling analysis identifies Packet I/O as the most expensive task for QUIC implementations. Furthermore, QUIC benefits less from AES NI hardware acceleration while both features improve the goodput of TCP to around 8000 Mbit/s. The lack of support for NIC offloading from QUIC implementations results in missed opportunities for performance improvement. The assessment of CPUs from different vendors and generations revealed significant performance variations. We employed core pinning to examine if the performance of QUIC implementations is affected by the allocation to specific CPU cores. The results indicated an increased goodput of up to 20% when running on a specifically chosen core compared to a randomly assigned core. This outcome highlights the impact of CPU core selection on the performance of QUIC implementations but also for reproducible measurements.

computer science, information systems,telecommunications,engineering, electrical & electronic

Marcel Kempf,Nikolas Gauder,Benedikt Jaeger,Johannes Zirngibl,Georg Carle

2024-05-15

Abstract:QUIC is a new network protocol standardized in 2021. It was designed to replace the TCP/TLS stack and is based on UDP. The most current web standard HTTP/3 is specifically designed to use QUIC as transport protocol. QUIC claims to provide secure and fast transport with low-latency connection establishment, flow and congestion control, reliable delivery, and stream multiplexing. To achieve the security goals, QUIC enforces the usage of TLS 1.3. It uses authenticated encryption with additional data (AEAD) algorithms to not only protect the payload but also parts of the header. The handshake relies on asymmetric cryptography, which will be broken with the introduction of powerful quantum computers, making the use of post-quantum cryptography inevitable. This paper presents a detailed evaluation of the impact of cryptography on QUIC performance. The high-performance QUIC implementations LSQUIC, quiche, and MsQuic are evaluated under different aspects. We break symmetric cryptography down to the different security features. To be able to isolate the impact of cryptography, we implemented a NOOP AEAD algorithm which leaves plaintext unaltered. We show that QUIC performance increases by 10 to 20% when removing packet protection. The header protection has negligible impact on performance, especially for AES ciphers. We integrate post-quantum cryptographic algorithms into QUIC, demonstrating its feasibility without major changes to the QUIC libraries by using a TLS library that implements post-quantum algorithms. Kyber, Dilithium, and FALCON are promising candidates for post-quantum secure QUIC, as they have a low impact on the handshake duration. Algorithms like SPHINCS+ with larger key sizes or more complex calculations significantly impact the handshake duration and cause additional issues in our measurements.

Networking and Internet Architecture,Cryptography and Security

Spyridon Mastorakis,Tahrina Ahmed,Jayaprakash Pisharath

DOI: https://doi.org/10.48550/arXiv.1802.06970

2018-02-20

Networking and Internet Architecture

Abstract:Nowadays, enterprises widely deploy Network Functions (NFs) and server applications in the cloud. However, processing of sensitive data and trusted execution cannot be securely deployed in the untrusted cloud. Cloud providers themselves could accidentally leak private information (e.g., due to misconfigurations) or rogue users could exploit vulnerabilities of the providers' systems to compromise execution integrity, posing a threat to the confidentiality of internal enterprise and customer data. In this paper, we identify (i) a number of NF and server application use-cases that trusted execution can be applied to, (ii) the assets and impact of compromising the private data and execution integrity of each use-case, and (iii) we leverage Intel's Software Guard Extensions (SGX) architecture to design Trusted Execution Environments (TEEs) for cloud-based NFs and server applications. We combine SGX with the Data Plane Development KIT (DPDK) to prototype and evaluate our TEEs for a number of application scenarios (Layer 2 frame and Layer 3 packet processing for plain and encrypted traffic, traffic load-balancing and back-end server processing). Our results indicate that NFs involving plain traffic can achieve almost native performance (e.g., ~22 Million Packets Per Second for Layer 3 forwarding for 64-byte frames), while NFs involving encrypted traffic and server processing can still achieve competitive performance (e.g., ~12 Million Packets Per Second for server processing for 64-byte frames).

Xianglong Deng,Shengyu Fan,Zhicheng Hu,Zhuoyu Tian,Zihao Yang,Jiangrui Yu,Dingyuan Cao,Dan Meng,Rui Hou,Meng Li,Qian Lou,Mingzhe Zhang

2024-10-17

Abstract:In this paper, we present the first multi-modal FHE accelerator based on a unified architecture, which efficiently supports CKKS, TFHE, and their conversion scheme within a single accelerator. To achieve this goal, we first analyze the theoretical foundations of the aforementioned schemes and highlight their composition from a finite number of arithmetic kernels. Then, we investigate the challenges for efficiently supporting these kernels within a unified architecture, which include 1) concurrent support for NTT and FFT, 2) maintaining high hardware utilization across various polynomial lengths, and 3) ensuring consistent performance across diverse arithmetic kernels. To tackle these challenges, we propose a novel FHE accelerator named Trinity, which incorporates algorithm optimizations, hardware component reuse, and dynamic workload scheduling to enhance the acceleration of CKKS, TFHE, and their conversion scheme. By adaptive select the proper allocation of components for NTT and MAC, Trinity maintains high utilization across NTTs with various polynomial lengths and imbalanced arithmetic workloads. The experiment results show that, for the pure CKKS and TFHE workloads, the performance of our Trinity outperforms the state-of-the-art accelerator for CKKS (SHARP) and TFHE (Morphling) by 1.49x and 4.23x, respectively. Moreover, Trinity achieves 919.3x performance improvement for the FHE-conversion scheme over the CPU-based implementation. Notably, despite the performance improvement, the hardware overhead of Trinity is only 85% of the summed circuit areas of SHARP and Morphling.

Hardware Architecture,Cryptography and Security

Pengkun Li,Jinshu Su,Xiaofeng Wang

DOI: https://doi.org/10.1109/jiot.2020.2988126

IF: 10.6

2020-08-01

IEEE Internet of Things Journal

Abstract:Enabling end-to-end secure communication is essential for many Internet-of-Things (IoT) application scenarios. Transport-layer security (TLS) and datagram TLS (DTLS) are the de-facto protocols for communication security in the IP-based IoT. However, the current authentication approaches of TLS are confronted with the heavy overhead and security issues in the resource-constrained IoT scenario. On the other hand, the identity-based cryptography (IBC) becomes an attractive cryptographic solution for the IoT. Unfortunately, the current IBC-based proposals exist the problem of either high communication latency or low level of security. In this article, we propose the first lightweight secure transport protocol called iTLS, which delivers protected data in the first flight with perfect forward secrecy, and provides implicit mutual authentication without certificates. iTLS dynamically generates identity-based early keys before receiving a server response, allowing clients to send the encrypted data without additional round trips. Furthermore, it employs the ephemeral secret ticket to obtain an ephemeral server key in the previous connection. Therefore, the early key established afterward can provide full forward secrecy. Design and implementation in the form of extension make iTLS fully compatible with TLS 1.3 and easy to be converted to a DTLS version. Our evaluation shows that iTLS reduces the network traffic overhead by at least 61.2%, and handshake latency on an ideal network by at least 60% compared to the certificate-based TLS. The results demonstrate iTLS achieves strong adaptability on the low-power and lossy IoT networks.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yanhua Li,Youhui Zhang,Weimin Zheng

DOI: https://doi.org/10.1145/2742854.2742866

2015-01-01

Abstract:Thread-Level Speculation (TLS) is an effective mechanism for exploiting automatic parallelization of the sequential programs, especially for the large scale chip multiprocessor (CMP) which is rich of idle computation resources on chip. TLS could use the idle computation resources to improve the performance of sequential program. However, the inter-thread correlation between the speculative threads requests more careful core assignment and thread scheduling for the TLS execution, rather than the conventional threads. Analysis shows that there is a high correlation between TLS execution performance and the on-chip "position" of the cores assigned for the TLS execution. Accordingly, we propose a "position-aware" task scheduling strategy for the thread-level speculative parallelization. We introduce a model to evaluate the "Centre of Data Gravity (CDG)" of the TLS program, and propose a new core assignment and thread scheduling mechanism based on CDG for the TLS execution. Tests show that, these strategies have achieved significant performance improvement: compared with the original TLS that does not consider the factor, the range of performance improvement is from 4.6% to 39%.

Yihong Zhu,Wenping Zhu,Yi Ouyang,Junwen Sun,Qi Zhao,Min Zhu,Jinjiang Yang,Chen,Qichao Tao,Hanning Wang,Guang Yang,Shaojun Wei,Aoyang Zhang,Leibo Liu

DOI: https://doi.org/10.1109/jssc.2024.3476949

IF: 5.4

2024-01-01

IEEE Journal of Solid-State Circuits

Abstract:Post-quantum cryptography (PQC) is currently being standardized to replace the existing public-key cryptography for data security in the era of quantum computing. PQC algorithms exhibit considerable diversity in their underlying mathematical problems, storage requirements, and computational patterns, thus complicating unified PQC architecture design. To address this issue, a unified PQC domain-specific accelerator (DSA), post-quantum processing unit (PQPU), is proposed to address the trade-off between performance and flexibility at the algorithm, architecture, and circuit levels. First, a task-clustering-based framework is proposed to enable task-level parallel execution by utilizing the inherent parallelism and common functions across different PQC algorithms. Second, a region-based dynamically updated task path (TP) is constructed to facilitate automatic task-dependency management, with agile control flow and minimized overheads. Finally, algorithm-hardware co-optimizations are proposed in each task cluster to improve throughput and energy efficiency. Fabricated in a 28-nm process, PQPU has energy efficiency and throughput of 4.4 mu J/Op and 69.4 kOPS. The energy-delay product (EDP) and throughput achieved are 19.3% and 44.6% compared to the state-of-the-art design, respectively. To the best of our knowledge, PQPU is the first silicon-proven PQC accelerator that supports all valid schemes in NIST PQC standardization.

Shuihai Hu,Wei Bai,Kai Chen,Chen Tian,Ying Zhang,Haitao Wu

DOI: https://doi.org/10.1109/tcc.2018.2890252

IF: 5.697

2021-04-01

IEEE Transactions on Cloud Computing

Abstract:Today’s cloud is shared among multiple tenants running different applications, and a desirable multi-tenant datacenter network infrastructure should provide bandwidth guarantees for throughput-intensive applications, low latency for latency-sensitive short messages, as well as work conservation to fully utilize the network bandwidth. Despite significant efforts in recent years, none of them can achieve these three properties simultaneously. In this paper, we identify the key deficiency of prior solutions and use this insight to motivate our design of $\mathsf{Trinity}$Trinity—a simple, practical yet effective solution that achieves bandwidth guarantees, work conservation and low latency simultaneously in the cloud. We implement $\mathsf{Trinity}$Trinity using existing commodity hardwares and demonstrate its superior performance over prior solutions using testbed experiments.

computer science, information systems, theory & methods

Jiechen Zhao,Ran Shu,Katie Lim,Zewen Fan,Thomas Anderson,Mingyu Gao,Natalie Enright Jerger

2024-10-23

Abstract:Cloud servers use accelerators for common tasks (e.g., encryption, compression, hashing) to improve CPU/GPU efficiency and overall performance. However, users' Service-level Objectives (SLOs) can be violated due to accelerator-related contention. The root cause is that existing solutions for accelerators only focus on isolation or fair allocation of compute and memory resources; they overlook the contention for communication-related resources. Specifically, three communication-induced challenges drive us to re-think the problem: (1) Accelerator traffic patterns are diverse, hard to predict, and mixed across users, (2) communication-related components lack effective low-level isolation mechanism to configure, and (3) computational heterogeneity of accelerators lead to unique relationships between the traffic mixture and the corresponding accelerator performance. The focus of this work is meeting SLOs in accelerator-rich systems. We present \design{}, treating accelerator SLO management as traffic management with proactive traffic shaping. We develop an SLO-aware protocol coupled with an offloaded interface on an architecture that supports precise and scalable traffic shaping. We guarantee accelerator SLO for various circumstances, with up to 45% tail latency reduction and less than 1% throughput variance.

Hardware Architecture,Operating Systems

Taehyun Ahn,Jiwon Kwak,Seungjoo Kim

2023-09-28

Abstract:Recently, many organizations have been installing middleboxes in their networks in large numbers to provide various services to their customers. Although middleboxes have the advantage of not being dependent on specific hardware and being able to provide a variety of services, they can become a new attack target for hackers. Therefore, many researchers have proposed security-enchanced TLS protocols, but their results have some limitations. In this paper, we proposed a middlebox-delegated TLS (mdTLS) protocol that not only achieves the same security level but also requires relatively less computation compared to recent research results. mdTLS is a TLS protocol designed based on the proxy signature scheme, which requires about 39% less computation than middlebox-aware TLS (maTLS), which is the best in security and performance among existing research results. In order to substantiate the enhanced security of mdTLS, we conducted a formal verification using the Tamarin. Our verification demonstrates that mdTLS not only satisfies the security properties set forth by maTLS but also complies with the essential security properties required for proxy signature scheme.

Cryptography and Security

Dimitrios Sikeridis,Panos Kampanakis,Michael Devetsikiotis

DOI: https://doi.org/10.1145/3386367.3431305

2020-11-23

Abstract:The advances in quantum computing present a threat to public key primitives due to their ability to solve hard cryptographic problems in polynomial time. To address this threat to critical Internet security protocols like the Transfer Layer Security (TLS), and Secure Shell (SSH), the National Institute of Standards and Technology (NIST) is currently working on the new generation of quantum-resistant key encapsulation and authentication schemes. In this paper, we evaluate protocol handshake performance when both post-quantum key exchange and authentication are integrated into TLS and SSH. Our experiments consider realistic network conditions and reveal that the introduced handshake latency ranges between 1-300% for TLS and 0.5-50% for SSH depending on the post-quantum algorithms used. In addition, we examine how the initial TCP window size affects post-quantum TLS and SSH performance, and show that even a small size increase can reduce the observed post-quantum slowdown by 50%. Finally, we discuss alternatives that can encourage the early adoption of post-quantum cryptography with minimum protocol performance degradation.

Ketong Shang,Jiangnan Lin,Yu Qin,Muyan Shen,Hongzhan Ma,Wei Feng,Dengguo Feng

2024-12-05

Abstract:Confidential Computing has emerged to address data security challenges in cloud-centric deployments by protecting data in use through hardware-level isolation. However, reliance on a single hardware root of trust (RoT) limits user confidence in cloud platforms, especially for high-performance AI services, where end-to-end protection of sensitive models and data is critical. Furthermore, the lack of interoperability and a unified trust model in multi-cloud environments prevents the establishment of a cross-platform, cross-cloud chain of trust, creating a significant trust gap for users with high privacy requirements. To address the challenges mentioned above, this paper proposes CCxTrust (Confidential Computing with Trust), a confidential computing platform leveraging collaborative roots of trust from TEE and TPM. CCxTrust combines the black-box RoT embedded in the CPU-TEE with the flexible white-box RoT of TPM to establish a collaborative trust framework. The platform implements independent Roots of Trust for Measurement (RTM) for TEE and TPM, and a collaborative Root of Trust for Report (RTR) for composite attestation. The Root of Trust for Storage (RTS) is solely supported by TPM. We also present the design and implementation of a confidential TPM supporting multiple modes for secure use within confidential virtual machines. Additionally, we propose a composite attestation protocol integrating TEE and TPM to enhance security and attestation efficiency, which is proven secure under the PCL protocol security model. We implemented a prototype of CCxTrust on a confidential computing server with AMD SEV-SNP and TPM chips, requiring minimal modifications to the TPM and guest Linux kernel. The composite attestation efficiency improved by 24% without significant overhead, while Confidential TPM performance showed a 16.47% reduction compared to standard TPM.

Cryptography and Security