Implementing AES Encryption on Programmable Switches via Scrambled Lookup Tables

AES is a symmetric encryption algorithm widely used in many applications. An AES implementation in the data plane can help us build in-network security and privacy applications, such as IP header encryption or onion routing. However, it is not straightforward to implement AES on today's commodity programmable switches, which may not include a dedicated cryptography co-processor and support only simple arithmetic operation and table lookup. In this paper, we present the Scrambled Lookup Table technique for reducing the number of sequential arithmetic operations required for AES encryption, by utilizing the table matching capability available on programmable switches. We demonstrate an efficient implementation of AES on the Barefoot Tofino programmable switch that encrypts 10.92Gbit, 8.76Gbit, and 7.37Gbit of data per second, for AES-128, -192, and -256 respectively, using less than 15% of the switch memory.

[1]  Elisabeth Oswald,et al.  An ASIC Implementation of the AES SBoxes , 2002, CT-RSA.

[2]  Jean-Philippe Aumasson,et al.  Too Much Crypto , 2019, IACR Cryptol. ePrint Arch..

[3]  Dirk Fox,et al.  Advanced Encryption Standard (AES) , 1999, Datenschutz und Datensicherheit.

[4]  Nick Feamster,et al.  SPINE: Surveillance Protection in the Network Elements , 2019, FOCI @ USENIX Security Symposium.

[5]  Lars R. Knudsen,et al.  Practically Secure Feistel Ciphers , 1994 .

[6]  Yue Qi,et al.  A Fast AES Encryption Method Based on Single LUT for Industrial Wireless Network , 2014, 2014 International Conference on Identification, Information and Knowledge in the Internet of Things.

[7]  Thomas Peyrin,et al.  Looting the LUTs: FPGA Optimization of AES and AES-like Ciphers for Authenticated Encryption , 2017, INDOCRYPT.

[8]  Elaine B. Barker,et al.  Report on the Development of the Advanced Encryption Standard (AES) , 2001, Journal of research of the National Institute of Standards and Technology.

[9]  Pedro Reviriego,et al.  Security of HyperLogLog (HLL) Cardinality Estimation: Vulnerabilities and Protection , 2020, IEEE Communications Letters.

[10]  Mark Schmidt,et al.  P4-MACsec: Dynamic Topology Monitoring and Data Layer Protection With MACsec in P4-Based SDN , 2019, IEEE Access.

[11]  Arpit Gupta,et al.  ONTAS: Flexible and Scalable Online Network Traffic Anonymization System , 2019, NetAI@SIGCOMM.

[12]  George Varghese,et al.  Forwarding metamorphosis: fast programmable match-action processing in hardware for SDN , 2013, SIGCOMM.

[13]  Akashi Satoh,et al.  An Optimized S-Box Circuit Architecture for Low Power AES Design , 2002, CHES.