An adaptive cryptographic engine for IPSec architectures

Architectures that implement the Internet Protocol Security (IPSec) standard have to meet the enormous computing demands of cryptographic algorithms. In addition, IPSec architectures have to be flexible enough to adapt to diverse security parameters. This paper proposes an FPGA-based Adaptive Cryptographic Engine (ACE) for IPSec architectures. By taking advantage of FPGA technology, ACE can adapt to diverse security parameters on the fly while providing superior performance compared with software-based approaches. For example, for the final candidate algorithms of the Advanced Encryption Standard (AES), our techniques lead to throughput speed-up of 4-20 while the key-setup latency time is reduced by a factor of 20-700 compared with software-based approaches. We also develop a compression technique that reduces the memory requirements of ACE without the need for dedicated hardware. Though data compression has been extensively studied before, we are not aware of any prior work that addresses the compression problem of FPGA-based embedded systems with respect to the implementation cost. Using our technique, we demonstrate up to 40% savings in memory for various configuration bit-streams