research-article

Implementing ChaCha based crypto primitives on programmable SmartNICs

Authors:

Shaguftha Zuveria Kottur,

Krishna Kadiyala,

Praveen Tammana,

Rinku ShahAuthors Info & Claims

FFSPIN '22: Proceedings of the ACM SIGCOMM Workshop on Formal Foundations and Security of Programmable Network Infrastructures

Pages 15 - 23

https://doi.org/10.1145/3528082.3544833

Published: 22 August 2022 Publication History

Abstract

Control and management plane applications such as serverless function orchestration and 4G/5G control plane functions are offloaded to smartNICs to reduce communication and processing latency. Such applications involve multiple inter-host interactions that were traditionally secured using SSL/TLS gRPC-based communication channels. Offloading the applications to smartNIC implies that we must also offload the security algorithms. Otherwise, we need to send the application messages to the host VM/container for crypto operations, negating offload benefits.

We propose crypto externs for Netronome Agilio smartNICs that implement authentication and confidentiality (encryption/decryption) using the ChaCha stream cipher algorithm. AES and ChaCha are two popular cipher suites, but we chose ChaCha since none of the smartNICs have ChaCha-based crypto accelerators. However, smartNICs have restricted instruction set, and limited memory, making it difficult to implement security algorithms. This paper identifies and addresses several challenges to implement ChaCha crypto primitives successfully. Our evaluations show that our crypto extern implementation satisfies the scalability requirement of popular applications such as serverless management functions and host in-band network telemetry.

References

[1]

2005. Encryption and Checksum Specifications for Kerberos 5. https://curl.se/rfc/rfc3961.txt. (February 2005).

[2]

2014. CVE-2014-0160. https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0160. (April 2014).

[3]

2016. NFP-4000 Theory of Operation. https://www.netronome.com/static/app/img/products/silicon-solutions/WP_NFP4000_TOO.pdf. (2016).

[4]

2016. Pktgen - Traffic Generator powered by DPDK. https://github.com/pktgen/Pktgen-DPDK. (2016).

[5]

2018. Programming NFP with P4 and C. https://www.netronome.com/media/documents/WP_Programming_with_P4_and_C.pdf. (2018).

[6]

2020. BCM5880X SmartNIC Solution User Guide. https://docs.broadcom.com/doc/5880X-UG30X. (January 2020).

[7]

2020. Marvell LiquidIO^™ III. https://www.marvell.com/content/dam/marvell/en/public-collateral/embedded-processors/marvell-liquidio-III-solutions-brief.pdf. (September 2020).

[8]

2020. NVIDIA MELLANOX BLUEFIELD-2 HIGH PERFORMANCE ETHERNET SMARTNIC. https://network.nvidia.com/files/doc-2020/pb-bluefield-2-smart-nic-eth.pdf. (August 2020).

[9]

2021. Lambda quotas. https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-limits.html. (2021).

[10]

2021. NVIDIA BLUEFIELD-3 DPU PROGRAMMABLE DATA CENTER INFRASTRUCTURE ON-A-CHIP. https://www.nvidia.com/content/dam/en-zz/Solutions/Data-Center/documents/datasheet-nvidia-bluefield-3-dpu.pdf. (2021).

[11]

2021. Protocol Numbers. https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml. (April 2021).

[12]

2022. gRPC Authentication. https://grpc.io/docs/guides/auth. (February 2022).

[13]

2022. VMware Horizon 7 sizing limits and recommendations. https://kb.vmware.com/s/article/2150348. (May 2022).

[14]

Alexandre Adomnicai, Jacques JA Fournier, and Laurent Masson. 2017. Bricklayer attack: A side-channel analysis on the chacha quarter round. In International Conference on Cryptology in India. Springer, 65--84.

[15]

Showan Esmail Asyabi. [n. d.]. A Survey on In-Memory KV Store Designs for Today's Data Centers. ([n. d.]).

[16]

Jean-Philippe Aumasson, Simon Fischer, Shahram Khazaei, Willi Meier, and Christian Rechberger. 2008. New Features of Latin Dances: Analysis of Salsa, ChaCha, and Rumba. In Fast Software Encryption, Kaisa Nyberg (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 470--488.

[17]

Daniel J. Bernstein. [n. d.]. ChaCha, a variant of Salsa20. ([n. d.]).

[18]

Abhik Bose, Diptyaroop Maji, Prateek Agarwal, Nilesh Unhale, Rinku Shah, and Mythili Vutukuru. 2021. Leveraging Programmable Dataplanes for a High Performance 5G User Plane Function. Association for Computing Machinery, New York, NY, USA, 57--64.

Digital Library

[19]

Xiaoqi Chen. 2020. Implementing AES Encryption on Programmable Switches via Scrambled Lookup Tables. In Proceedings of the Workshop on Secure Programmable Network Infrastructure (SPIN '20). Association for Computing Machinery, New York, NY, USA, 8--14.

Digital Library

[20]

Sean Choi, Muhammad Shahbaz, Balaji Prabhakar, and Mendel Rosenblum. 2019. λ-NIC: Interactive Serverless Compute on Programmable SmartNICs. CoRR abs/1909.11958 (2019). arXiv:1909.11958 http://arxiv.org/abs/1909.11958

[21]

Arka Rai Choudhuri and Subhamoy Maitra. 2016. Significantly improved multi-bit differentials for reduced round Salsa and ChaCha. IACR Transactions on Symmetric Cryptology (2016), 261--287.

[22]

Murilo Coutinho and TC Souza Neto. 2020. New multi-bit differentials to improve attacks against ChaCha. Cryptology ePrint Archive (2020).

[23]

Tianyi Cui, Wei Zhang, Kaiyuan Zhang, and Arvind Krishnamurthy. 2021. Offloading Load Balancers onto SmartNICs. Association for Computing Machinery, New York, NY, USA, 56--62.

Digital Library

[24]

Huynh Tu Dang, Pietro Bressana, Han Wang, Ki Suh Lee, Noa Zilberman, Hakim Weatherspoon, Marco Canini, Fernando Pedone, and Robert Soulé. 2019. Partitioned Paxos via the Network Data Plane. CoRR abs/1901.08806 (2019). arXiv:1901.08806 http://arxiv.org/abs/1901.08806

[25]

Nilanjan Daw, Umesh Bellur, and Purushottam Kulkarni. 2021. Speedo: Fast Dispatch and Orchestration of Serverless Workflows. In Proceedings of the ACM Symposium on Cloud Computing (SoCC '21). Association for Computing Machinery, New York, NY, USA, 585--599.

Digital Library

[26]

Kakumani KC Deepthi and Kunwar Singh. 2017. Cryptanalysis of Salsa and ChaCha: revisited. In International Conference on Mobile Networks and Management. Springer, 324--338.

[27]

Sabyasachi Dey and Santanu Sarkar. 2017. Improved analysis for reduced round Salsa and Chacha. Discrete Applied Mathematics 227 (2017), 58--69.

[28]

Daniel Firestone, Andrew Putnam, Sambhrama Mundkur, Derek Chiou, Alireza Dabagh, Mike Andrewartha, Hari Angepat, Vivek Bhanu, Adrian Caulfield, Eric Chung, Harish Kumar Chandrappa, Somesh Chaturmohta, Matt Humphrey, Jack Lavier, Norman Lam, Fengfen Liu, Kalin Ovtcharov, Jitu Padhye, Gautham Popuri, Shachar Raindel, Tejas Sapre, Mark Shaw, Gabriel Silva, Madhan Sivakumar, Nisheeth Srivastava, Anshuman Verma, Qasim Zuhair, Deepak Bansal, Doug Burger, Kushagra Vaid, David A. Maltz, and Albert Greenberg. 2018. Azure Accelerated Networking: SmartNICs in the Public Cloud. In Proceedings of the 15th USENIX Conference on Networked Systems Design and Implementation (NSDI'18). USENIX Association, USA, 51--64.

[29]

Qiao Kang, Jiarong Xing, and Ang Chen. 2019. Automated Attack Discovery in Data Plane Systems. In 12th USENIX Workshop on Cyber Security Experimentation and Test (CSET 19). USENIX Association, Santa Clara, CA. https://www.usenix.org/conference/cset19/presentation/kang

[30]

Naga Katta, Aditi Ghag, Mukesh Hira, Isaac Keslassy, Aran Bergman, Changhoon Kim, and Jennifer Rexford. 2017. Clove: Congestion-Aware Load Balancing at the Virtual Edge. In Proceedings of the 13th International Conference on Emerging Networking Experiments and Technologies (CoNEXT '17). Association for Computing Machinery, New York, NY, USA, 323--335.

Digital Library

[31]

Elie Kfoury, Jorge Crichigno, and Elias Bou-Harb. 2021. An Exhaustive Survey on P4 Programmable Data Plane Switches: Taxonomy, Applications, Challenges, and Future Trends. (02 2021).

[32]

Duckwoo Kim, SeungEon Lee, and KyoungSoo Park. 2020. A Case for SmartNIC-Accelerated Private Communication. In 4th Asia-Pacific Workshop on Networking (APNet '20). Association for Computing Machinery, New York, NY, USA, 30--35.

Digital Library

[33]

Hyojoon Kim and Arpit Gupta. 2019. ONTAS: Flexible and Scalable Online Network Traffic Anonymization System. In Proceedings of the 2019 Workshop on Network Meets AI & ML, NetAI@SIGCOMM 2019, Beijing, China, August 23, 2019. ACM, 15--21.

Digital Library

[34]

Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. 2019. Spectre Attacks: Exploiting Speculative Execution. In 2019 IEEE Symposium on Security and Privacy (SP). 1--19.

[35]

Yuliang Li, Rui Miao, Changhoon Kim, and Minlan Yu. 2016. FlowRadar: A Better NetFlow for Data Centers. In 13th USENIX Symposium on Networked Systems Design and Implementation (NSDI 16). USENIX Association, Santa Clara, CA, 311--324. https://www.usenix.org/conference/nsdi16/technical-sessions/presentation/li-yuliang

Digital Library

[36]

Zijun Li, Linsong Guo, Jiagan Cheng, Quan Chen, Bingsheng He, and Minyi Guo. 2021. The Serverless Computing Survey: A Technical Primer for Design Architecture. CoRR abs/2112.12921 (2021). arXiv:2112.12921 https://arxiv.org/abs/2112.12921

[37]

Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, Mike Hamburg, and Raoul Strackx. 2020. Meltdown: Reading Kernel Memory from User Space. Commun. ACM 63, 6 (may 2020), 46--56.

Digital Library

[38]

Ming Liu, Tianyi Cui, Henry Schuh, Arvind Krishnamurthy, Simon Peter, and Karan Gupta. 2019. Offloading Distributed Applications onto SmartNICs Using IPipe. In Proceedings of the ACM Special Interest Group on Data Communication (SIGCOMM '19). Association for Computing Machinery, New York, NY, USA, 318--333.

Digital Library

[39]

Ming Liu, Simon Peter, Arvind Krishnamurthy, and Phitchaya Mangpo Phothilimthana. 2019. E3: Energy-Efficient Microservices on SmartNIC-Accelerated Servers. In 2019 USENIX Annual Technical Conference (USENIX ATC 19). USENIX Association, Renton, WA, 363--378. https://www.usenix.org/conference/atc19/presentation/liu-ming

[40]

Subhamoy Maitra. 2016. Chosen IV Cryptanalysis on Reduced Round ChaCha and Salsa. Discrete Appl. Math. 208, C (jul 2016), 88--97.

Digital Library

[41]

Hooman Moghaddam and Arsalan Mosenia. 2019. Anonymizing Masses: Practical Light-weight Anonymity at the Network Level.

[42]

Daniele Moro, Manuel Peuster, Holger Karl, and Antonio Capone. 2019. FOP4: Function Offloading Prototyping in Heterogeneous and Programmable Network Scenarios. In 2019 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN). 1--6.

[43]

Zakaria Najm, Dirmanto Jap, Bernhard Jungk, Stjepan Picek, and Shivam Bhasin. 2018. On Comparing Side-channel Properties of AES and ChaCha20 on Microcontrollers. In 2018 IEEE Asia Pacific Conference on Circuits and Systems (APCCAS). 552--555.

[44]

Y. Nir. 2015. ChaCha20 and Poly1305 for IETF Protocols. RFC 7539. RFC Editor. https://datatracker.ietf.org/doc/html/rfc7539

[45]

Y. Nir. 2015. ChaCha20, Poly1305, and Their Use in the Internet Key Exchange Protocol (IKE) and IPsec. RFC 7634. RFC Editor. https://www.rfc-editor.org/rfc/rfc7634.html

[46]

Tomasz Osiński and Carmelo Cascone. 2021. Achieving End-to-End Network Visibility with Host-INT. In Proceedings of the Symposium on Architectures for Networking and Communications Systems (ANCS '21). Association for Computing Machinery, New York, NY, USA, 140--143.

Digital Library

[47]

Tomasz Osiński. 2021. INT Host Reporter. https://github.com/opennetworkinglab/int-host-reporter. (December 2021).

[48]

Johannes Pfau, Maximilian Reuter, Tanja Harbaum, Klaus Hofmann, and Jürgen Becker. 2019. A Hardware Perspective on the ChaCha Ciphers: Scalable Chacha8/12/20 Implementations Ranging from 476 Slices to Bitrates of 175 Gbit/s. In 2019 32nd IEEE International System-on-Chip Conference (SOCC). 294--299.

[49]

Boris Pismenny, Haggai Eran, Aviad Yehezkel, Liran Liss, Adam Morrison, and Dan Tsafrir. 2021. Autonomous NIC Offloads. In Proceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2021). Association for Computing Machinery, New York, NY, USA, 18--35.

Digital Library

[50]

Cloud Run Quotas and Limits. 2022. https://cloud.google.com/run/quotas. (May 2022).

[51]

E. Rescorla. 2018. The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446. RFC Editor. https://www.rfc-editor.org/rfc/rfc8446.txt

[52]

Thomas Ristenpart, Eran Tromer, Hovav Shacham, and Stefan Savage. 2009. Hey, You, Get off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds. In Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS '09). Association for Computing Machinery, New York, NY, USA, 199--212.

Digital Library

[53]

Dominik Scholz, Andreas Oeldemann, Fabien Geyer, Sebastian Gallenmüller, Henning Stubbe, Thomas Wild, Andreas Herkersdorf, and Georg Carle. 2019. Cryptographic Hashing in P4 Data Planes. In 2019 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS). 1--6.

[54]

Henry N. Schuh, Weihao Liang, Ming Liu, Jacob Nelson, and Arvind Krishnamurthy. 2021. Xenic: SmartNIC-Accderated Distributed Transactions. In Proceedings of the ACM SIGOPS 28th Symposium on Operating Systems Principles (SOSP '21). Association for Computing Machinery, New York, NY, USA, 740--755.

Digital Library

[55]

Michael Schwarz, Moritz Lipp, Daniel Moghimi, Jo Van Bulck, Julian Stecklina, Thomas Prescher, and Daniel Gruss. 2019. ZombieLoad: Cross-Privilege-Boundary Data Sampling. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (CCS '19). Association for Computing Machinery, New York, NY, USA, 753--768.

Digital Library

[56]

Rinku Shah, Vikas Kumar, Mythili Vutukuru, and Purushottam Kulkarni. 2020. TurboEPC: Leveraging Dataplane Programmability to Accelerate the Mobile Packet Core. In Proceedings of the Symposium on SDN Research (SOSR '20). Association for Computing Machinery, New York, NY, USA, 83--95.

Digital Library

[57]

Pablo B Viegas, Ariel G de Castro, Arthur F Lorenzon, Fábio D Rossi, and Marcelo C Luizelli. 2021. The actual cost of programmable smartnics: Diving into the existing limits. In International Conference on Advanced Information Networking and Applications. Springer, 181--194.

[58]

Liang Wang, Hyojoon Kim, Prateek Mittal, and Jennifer Rexford. 2020. Programmable In-Network Obfuscation of Traffic.

[59]

Stuart Wray. 2014. The Joy of Micro-C. https://cdn.open-nfp.org/media/documents/the-joy-of-micro-c_fcjSfra.pdf. (December 2014).

[60]

Sophia Yoo and Xiaoqi Chen. 2021. Secure Keyed Hashing on Programmable Switches. In Proceedings of the ACM SIGCOMM 2021 Workshop on Secure Programmable Network INfrastructure (SPIN '21). Association for Computing Machinery, New York, NY, USA, 16--22.

Digital Library

[61]

Eder Ollora Zaballa, David Franco, Zifan Zhou, and Michael S. Berger. 2020. P4Knocking: Offloading host-based firewall functionalities to the network. In 2020 23rd Conference on Innovation in Clouds, Internet and Networks and Workshops (ICIN). 7--12.

Cited By

Basu SNadig D(2024)Offloading NVMe over Fabrics (NVMe-oF) to SmartNICs on an at-scale Distributed Testbed2024 IEEE 10th International Conference on Network Softwarization (NetSoft)10.1109/NetSoft60951.2024.10588915(316-318)Online publication date: 24-Jun-2024
https://doi.org/10.1109/NetSoft60951.2024.10588915
Yoshinaka YKochiyama MKoizumi YTakemasa JHasegawa T(2024)A lightweight anonymity protocol at terabit speeds on programmable switchesComputer Networks10.1016/j.comnet.2024.110721253(110721)Online publication date: Nov-2024
https://doi.org/10.1016/j.comnet.2024.110721
Rashidi B(2024)High‐Performance Hardware Structure of ChaCha20 Stream Cipher Based on Sparse Parallel Prefix AdderInternational Journal of Circuit Theory and Applications10.1002/cta.4264Online publication date: 4-Sep-2024
https://doi.org/10.1002/cta.4264
Show More Cited By

Index Terms

Implementing ChaCha based crypto primitives on programmable SmartNICs
1. Networks
  1. Network services
    1. In-network processing
    2. Programmable networks
2. Security and privacy
  1. Network security
    1. Security protocols

Recommendations

Revisiting Cryptanalysis on ChaCha From Crypto 2020 and Eurocrypt 2021
ChaCha has been one of the most prominent ARX designs of the last few years because of its use in several systems. The cryptanalysis of ChaCha involves a differential attack that exploits the idea of Probabilistic Neutral Bits (PNBs). For a long period, ...
SmartNIC-Enabled Live Migration for Storage-Optimized VMs
APSys '24: Proceedings of the 15th ACM SIGOPS Asia-Pacific Workshop on Systems

Cloud providers offer storage-optimized VMs equipped with locally attached storage to meet the high performance requirements of cloud users. However, current cloud providers cannot enable live migration for storage-optimized VMs due to the high resource ...
An observation on NORX, BLAKE2, and ChaCha
Abstract
This note extends the first-order truncated differentials found by Das, Maitra, and Meier [1] on 2 rounds of the NORX32 permutation. These lead to stronger 2.5-round differential biases for NORX and BLAKE2's permutation, and for 5 ...
Highlights
- Improved the differential biases reported by Das et al. for 2 rounds of NORX32.

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

FFSPIN '22: Proceedings of the ACM SIGCOMM Workshop on Formal Foundations and Security of Programmable Network Infrastructures

August 2022

36 pages

ISBN:9781450393294

DOI:10.1145/3528082

Conference Chairs:
Diogo Barradas
University of Waterloo
,
Zaoxing Liu
Boston University
,
Georgiana Caltais
University of Twente

Copyright © 2022 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGCOMM: ACM Special Interest Group on Data Communication

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 August 2022

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SIGCOMM '22

Sponsor:

SIGCOMM

SIGCOMM '22: ACM SIGCOMM 2022 Conference

August 22, 2022

Amsterdam, Netherlands

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
312
Total Downloads

Downloads (Last 12 months)138
Downloads (Last 6 weeks)5

Reflects downloads up to 26 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Basu SNadig D(2024)Offloading NVMe over Fabrics (NVMe-oF) to SmartNICs on an at-scale Distributed Testbed2024 IEEE 10th International Conference on Network Softwarization (NetSoft)10.1109/NetSoft60951.2024.10588915(316-318)Online publication date: 24-Jun-2024
https://doi.org/10.1109/NetSoft60951.2024.10588915
Yoshinaka YKochiyama MKoizumi YTakemasa JHasegawa T(2024)A lightweight anonymity protocol at terabit speeds on programmable switchesComputer Networks10.1016/j.comnet.2024.110721253(110721)Online publication date: Nov-2024
https://doi.org/10.1016/j.comnet.2024.110721
Rashidi B(2024)High‐Performance Hardware Structure of ChaCha20 Stream Cipher Based on Sparse Parallel Prefix AdderInternational Journal of Circuit Theory and Applications10.1002/cta.4264Online publication date: 4-Sep-2024
https://doi.org/10.1002/cta.4264
Hussain LRawat MYadav NDarak STammana PShah R(2023)Microservice-based in-network security framework for FPGA NICs2023 IEEE/ACM 23rd International Symposium on Cluster, Cloud and Internet Computing Workshops (CCGridW)10.1109/CCGridW59191.2023.00074(328-330)Online publication date: May-2023
https://doi.org/10.1109/CCGridW59191.2023.00074

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents