The Design of the {OpenBSD} Cryptographic Framework

Cryptographic transformations are a fundamental building block in many security applications and protocols. To improve performance, several vendors market hardware accelerator cards. However, until now no operating system provided a mechanism that allowed both uniform and efficient use of this new type of resource. We present the OpenBSD Cryptographic Framework (OCF), a service virtualization layer implemented inside the kernel, that provides uniform access to accelerator functionality by hiding card-specific details behind a carefully-designed API. We evaluate the impact of the OCF in a variety of benchmarks, measuring overall system performance, application throughput and latency, and aggregate throughput when multiple applications make use of it. We conclude that the OCF is extremely efficient in utilizing cryptographic accelerator functionality, attaining 95% of the theoretical peak device performance, and over 800 Mbit/sec aggregate throughput using 3DES. We believe that this validates our decision to opt for ease of use by applications and kernel components through a uniform API, and for seamless support for new accelerators. Furthermore, our evaluation points to several bottlenecks in system and operating system design: data copying between user and kernel modes, PCI bus signaling inefficiency, protocols that use small data units, and single-threaded applications. We offer several suggestions for improvements and directions for future work.

[1]  Sean W. Smith,et al.  Improving DES Coprocessor Throughput for Short Operations , 2001, USENIX Security Symposium.

[2]  P. Druschel,et al.  Network subsystem design , 1993, IEEE Network.

[3]  Carlisle M. Adams Independent Data Unit Protection Generic Security Service Application Program Interface (IDUP-GSS-API) , 1998, RFC.

[4]  Valery Smyslov Simple Cryptographic Program Interface (Crypto API) , 1999, RFC.

[5]  PasqualeJoseph,et al.  The importance of non-data touching processing overheads in TCP/IP , 1993 .

[6]  Joseph Pasquale,et al.  The importance of non-data touching processing overheads in TCP/IP , 1993, SIGCOMM '93.

[7]  Chang Shao-shun On the Synthesis of System , 2005 .

[8]  Jonathan M. Smith,et al.  Exploiting Parallelism in Hardware Implementations of the DES , 1991, CRYPTO.

[9]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[10]  kc claffy,et al.  The nature of the beast: Recent traffic measurements from an Internet backbone , 1998 .

[11]  J.M. Smith,et al.  Giving applications access to Gb/s networking , 1993, IEEE Network.

[12]  Jonathan M. Smith,et al.  Hardware/Software Organization of a High-Performance ATM Host Interface , 1993, IEEE J. Sel. Areas Commun..

[13]  Stephen T. Kent,et al.  Security Architecture for the Internet Protocol , 1998, RFC.

[14]  NSA Cross Security Service API : Cryptographic API Recommendation , 1995 .

[15]  Calton Pu,et al.  The Synthesis Kernel , 1988, Comput. Syst..

[16]  Angelos D. Keromytis,et al.  Cryptography in OpenBSD: An Overview , 1999, USENIX Annual Technical Conference, FREENIX Track.

[17]  Angelos D. Keromytis,et al.  A Study of the Relative Costs of Network Security Protocols , 2002, USENIX Annual Technical Conference, FREENIX Track.

[18]  John Linn,et al.  Generic Security Service Application Program Interface, Version 2 , 1997, RFC.

[19]  Peter Gutmann,et al.  The Design of a Cryptographic Security Architecture , 1999, USENIX Security Symposium.

[20]  Matthew K. Franklin,et al.  Cryptology As a Network Service , 2001, NDSS.

[21]  Jonathan M. Smith Practical Problems with a Cryptographic Protection Scheme , 1989, CRYPTO.

[22]  Jonathan M. Smith,et al.  Cryptographic Support in a Gigabit Network , 1992 .

[23]  John Linn,et al.  Generic Security Service Application Program Interface , 1993, RFC.

[24]  Angelos D. Keromytis,et al.  Implementing IPsec , 1997, GLOBECOM 97. IEEE Global Telecommunications Conference. Conference Record.

[25]  David C. Feldmeier,et al.  UNIX Password Security - Ten Years Later , 1989, CRYPTO.

[26]  Peter Gutmann An Open-Source Cryptographic Coprocessor , 2000, USENIX Security Symposium.