HOME

TheInfoList



Click Here for Items Related To - TLS acceleration
OR:
TLS acceleration on:   [Wikipedia]   [Google]   [Amazon]

TLS acceleration (formerly known as SSL acceleration) is a method of offloading processor-intensive public-key encryption for
Transport Layer Security Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network, such as the Internet. The protocol is widely used in applications such as email, instant messaging, and voice over ...
(TLS) and its predecessor Secure Sockets Layer (SSL) to a hardware accelerator. Typically this means having a separate card that plugs into a PCI slot in a computer that contains one or more
coprocessor A coprocessor is a computer processor used to supplement the functions of the primary processor (the CPU). Operations performed by the coprocessor may be floating-point arithmetic, graphics, signal processing, string processing, cryptography or ...
s able to handle much of the SSL processing. TLS accelerators may use off-the-shelf CPUs, but most use custom
ASIC An application-specific integrated circuit (ASIC ) is an integrated circuit (IC) chip customized for a particular use, rather than intended for general-purpose use, such as a chip designed to run in a digital voice recorder or a high-efficien ...
and
RISC In electronics and computer science, a reduced instruction set computer (RISC) is a computer architecture designed to simplify the individual instructions given to the computer to accomplish tasks. Compared to the instructions given to a comp ...
chips to do most of the difficult computational work.


Principle of TLS acceleration operation

The most computationally expensive part of a TLS session is the TLS handshake, where the TLS server (usually a webserver) and the TLS client (usually a web browser) agree on a number of parameters that establish the security of the connection. During the TLS handshake the server and the client establish session keys (symmetric keys, used for the duration of a given session), but the encryption and signature of the TLS handshake messages itself is done using asymmetric keys, which requires more computational power than the symmetric cryptography used for the encryption/decryption of the session data. Typically a hardware TLS accelerator will offload processing of the TLS handshake while leaving it to the server software to process the less intense symmetric cryptography of the actual TLS
data exchange Data exchange is the process of taking data structured under a ''source'' schema and transforming it into a ''target'' schema, so that the target data is an accurate representation of the source data. Data exchange allows data to be shared between ...
, but some accelerators handle all TLS operations and terminate the TLS connection, thus leaving the server seeing only decrypted connections. Sometimes data centers employ dedicated servers for TLS acceleration in a reverse proxy configuration.


Central processor support

Modern
x86 x86 (also known as 80x86 or the 8086 family) is a family of complex instruction set computer (CISC) instruction set architectures initially developed by Intel, based on the 8086 microprocessor and its 8-bit-external-bus variant, the 8088. Th ...
CPUs support
Advanced Encryption Standard The Advanced Encryption Standard (AES), also known by its original name Rijndael (), is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001. AES is a variant ...
(AES) encoding and decoding in hardware, using the
AES instruction set An Advanced Encryption Standard instruction set (AES instruction set) is a set of instructions that are specifically designed to perform AES encryption and decryption operations efficiently. These instructions are typically found in modern process ...
proposed by Intel in March 2008. Allwinner Technology provides a hardware cryptographic accelerator in its A10, A20, A30 and A80 ARM
system-on-chip A system on a chip (SoC) is an integrated circuit that combines most or all key components of a computer or electronic system onto a single microchip. Typically, an SoC includes a central processing unit (CPU) with memory, input/output, and da ...
series, and all ARM CPUs have acceleration in the later ARMv8 architecture. The accelerator provides the RSA public-key algorithm, several widely used
symmetric-key algorithm Symmetric-key algorithms are algorithms for cryptography that use the same cryptographic keys for both the encryption of plaintext and the decryption of ciphertext. The keys may be identical, or there may be a simple transformation to go between ...
s,
cryptographic hash function A cryptographic hash function (CHF) is a hash algorithm (a map (mathematics), map of an arbitrary binary string to a binary string with a fixed size of n bits) that has special properties desirable for a cryptography, cryptographic application: ...
s, and a cryptographically secure
pseudo-random number generator A pseudorandom number generator (PRNG), also known as a deterministic random bit generator (DRBG), is an algorithm for generating a sequence of numbers whose properties approximate the properties of sequences of random numbers. The PRNG-generate ...
.[PATCH v5] crypto: Add Allwinner Security System crypto accelerator
on Linux ARM kernel mailing list


See also

* Application delivery controller * Hardware security module * Stunnel * TLS offloading


References


External links


SSL Acceleration and Offloading: What Are the Security Implications?
{{Hardware acceleration Hardware acceleration Computer optimization Cryptographic hardware Transport Layer Security