高速 SSL 协议芯片关键技术研究-《计算机技术与发展》

文章信息/Info

Author(s):: GUI Zuo-qin; MENG Tao; CUI Guang-cai; LIN Cun-hua; CHEN Hao-juan; Jiangnan Institute of Computing Technology,Wuxi 214000,China

摘要:: 在信息安全领域快速发展的形势下,SSL VPN (secure socket layer virtual private network) 作为主流安全访问及控制系统得到了广泛应用。随着千兆、万兆网络的发展,用户对于网络访问的速度要求更高,传统的软件实现 SSL VPN 已经无法满足网络高速发展的需求。在对 SSL 协议深入研究的基础上,提出基于 SSL 专用处理器和 TCP 硬核的 SSL 协议芯片设计模型,该设计采用 TCAM( ternary content access memory) +SRAM 的策略查找映射方式,有效降低系统开销,提升 SSL 的处理速度。针对 VPN 通信流的特点,将访问控制与 VPN 隧道、转发机制紧耦合,从而增强网络安全性。基于此模型设计的高速 SSL 协议芯片,可通过简单改变系统配置参数应对不同的网络环境,使其既可以工作在虚拟网络模式下,又可以工作在代理模式下,满足了多样化、快速化网络部署需求。

Abstract:: In the context of rapid development in the field of information security,SSL VPN is widely used as the mainstream security and control system. With the development of 1 000Mbps and 10Gbps network, users have higher requirements on the speed of network access,and the traditional software implementation of SSL VPN has been unable to meet the needs of high-speed network development. Based on the deep research of SSL protocol, a SSL protocol chip design model is presented based on SSL ASIP and TCP hard core.The policy search mapping method of TCAM + SRAM is adopted to effectively reduce system overhead and improve the SSL processing speed. According to the characteristics of VPN communication stream, the access control is tightly coupled with VPN tunnel and transmission mechanism to enhance network security. The design of high speed SSL chip can response to different network environments by simply changing the configuration parameters of system,so it can work at virtual mode and agency mode which satisfy the need of diversity and rapid network deployment.