TY - GEN
T1 - Cryptographic hashing in P4 data planes
AU - Scholz, Dominik
AU - Oeldemann, Andreas
AU - Geyer, Fabien
AU - Gallenmuller, Sebastian
AU - Stubbe, Henning
AU - Wild, Thomas
AU - Herkersdorf, Andreas
AU - Carle, Georg
N1 - Publisher Copyright:
© 2019 IEEE.
PY - 2019/9
Y1 - 2019/9
N2 - P4 introduces a standardized, universal way for data plane programming. Secure and resilient communication typically involves the processing of payload data and specialized cryptographic hash functions. We observe that current P4 targets lack the support for both. Therefore, applications and protocols, which require message authentication codes or hashing structures that are resilient against attacks such as denial-of-service, cannot be implemented. To enable authentication and resilience, we make the case for extending P4 targets with cryptographic hash functions. We propose an extension of the P4 Portable Switch Architecture for cryptographic hashes and discuss our prototype implementations for three different P4 target platforms: CPU, NPU, and FPGA. To assess the practical applicability, we conduct a performance evaluation and analyze the resource consumption. Our prototype implementations show that cryptographic hashing can be integrated efficiently. We cannot identify a single hash function delivering satisfying performance on all investigated platforms. Therefore, we recommend a set of hash functions to optimize target-specific performance.
AB - P4 introduces a standardized, universal way for data plane programming. Secure and resilient communication typically involves the processing of payload data and specialized cryptographic hash functions. We observe that current P4 targets lack the support for both. Therefore, applications and protocols, which require message authentication codes or hashing structures that are resilient against attacks such as denial-of-service, cannot be implemented. To enable authentication and resilience, we make the case for extending P4 targets with cryptographic hash functions. We propose an extension of the P4 Portable Switch Architecture for cryptographic hashes and discuss our prototype implementations for three different P4 target platforms: CPU, NPU, and FPGA. To assess the practical applicability, we conduct a performance evaluation and analyze the resource consumption. Our prototype implementations show that cryptographic hashing can be integrated efficiently. We cannot identify a single hash function delivering satisfying performance on all investigated platforms. Therefore, we recommend a set of hash functions to optimize target-specific performance.
KW - Data Plane Programming
KW - Hash function
KW - P4
KW - Performance Evaluation
UR - http://www.scopus.com/inward/record.url?scp=85075750621&partnerID=8YFLogxK
U2 - 10.1109/ANCS.2019.8901886
DO - 10.1109/ANCS.2019.8901886
M3 - Conference contribution
AN - SCOPUS:85075750621
T3 - 2019 ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2019
BT - 2019 ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2019
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2019 ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2019
Y2 - 24 September 2019 through 25 September 2019
ER -