Check out the new USENIX Web site. next up previous
Next: Paper Organization Up: The Design of the Previous: The Design of the

Introduction

Today's computing systems are used for applications such as electronic commerce, tele-collaboration of various types, and evolving peer-to-peer systems, often containing sensitive information. Security in these systems depends on several mechanisms that utilize cryptographic primitives as a basic building block. Such cryptographic primitives can be very complex [2] because the design of these systems is intended to impede simple, brute-force, computational attacks. This complexity drives the belief that strong security is fundamentally inimical to good performance.

This belief has led to the common predilection to avoid cryptography in favor of performance [22]. However, the foundation for this belief is often software implementation [8] of algorithms intended for efficient hardware implementation. To address this issue, vendors have been marketing hardware cryptographic accelerators that implement several cryptographic algorithms used by security protocols and applications. However, modern operating systems lack the necessary support to provide efficient access to such functionality to applications and the operating system itself through a uniform API that abstracts away device details. As a result, accelerators are often used directly through libraries linked with applications, typically requiring device-specific knowledge by the applications, and preventing the operating system itself from easily utilizing such hardware.

We present the OpenBSD Cryptographic Framework (OCF), a service virtualization layer implemented inside the kernel, that provides uniform access to accelerator functionality by hiding device-specific details behind a carefully-designed API. The abstraction introduced allows us to easily support new hardware accelerators and enable applications to use any such accelerator without device-specific knowledge. Furthermore, this intermediate layer does not unduly impact performance, as is common when such abstractions are introduced. The OCF has been in use with OpenBSD [5] for over three years and has proven stable and efficient in practice. It offers features such as load-balancing across multiple accelerators, session migration, and algorithm chaining. We describe the changes we made to the OpenBSD kernel and applications to take advantage of the OCF. In previous work [18] we presented a preliminary analysis of the impact of hardware acceleration on network security protocols, without describing the OCF itself in any detail. Here, we evaluate the impact of the OCF in a variety of micro-benchmarks, measuring overall system performance, application throughput and latency, and aggregate throughput when multiple applications use the OCF.

Our evaluation shows that, despite its addition in the system as a device/service virtualization layer, the OCF is extremely efficient in utilizing cryptographic accelerator functionality, attaining 95% of the theoretical peak device performance. In another configuration, we were able to achieve a 3DES aggregate throughput of over 800 Mbps, by employing a multi-threaded application and load-balancing across multiple accelerators. Furthermore, use of hardware accelerators can remove contention for the CPU and thus improve overall system responsiveness and performance for unrelated tasks. Our evaluation allowed us to determine that the limiting factor for high-performance cryptography in modern systems is data copying and the PCI bus. Furthermore, small data-buffers should be processed in software if possible, freeing hardware accelerators to handle larger requests that better amortize the system and PCI transaction costs. On the other hand, multi-threading results in increased utilization of the OCF, improving aggregate throughput. We make recommendations for future directions in architectural placement of cryptographic functionality, operating system provisions, and application design, and discuss several improvements and promising directions for future work.

The framework has been in use with IPsec since OpenBSD 2.8, although it continues to evolve in response to new requirements. Public-key support and the /dev/crypto interface were introduced in a later version. The OCF has also been ported to FreeBSD and NetBSD, and we are working on Windows and Linux versions.