Research On Key Technology Of PCI-E High Performance Encryption Card

Space-ground integration network has the characteristics of open channel,satellite nodes exposure and heterogeneous network interconnection,compared with the conventional ground network are more likely to suffer from physical to counterfeit,unauthorized access,information theft,replay attacks,across network attacks and other security threats,facing an unprecedented security challenge.With the development of cloud computing and big data,the data of data center is becoming more and more complex,which have both structured data and unstructured data that are need to be processed by server and to be protected by encryption and storage of more high-performance equipment.In view of the threats faced by these data,it is extremely important to provide a safe protection measure.Traditional encryption card design on the speed and safety are unable to meet the above high business data throughput rate,large number of concurrent online services,so the research of key technology of safe and reliable high-performance encryption card on the basis of the existing encryption card to protect network and information security is very necessary.In this paper,based on the national secret algorithm and standard,this paper studies the key technology of high-performance encryption card based on PCI-E,and improves its performance while ensuring safety and reliability.As a separate encryption unit,it has the functions of data encryption and decryption,integrity protection,identity authentication,key management(the generation,distribution and storage of key,etc.),permission management,etc.The encryption card uses the standard of PCI-E high-speed serial bus,hardware description language to realize cryptographic algorithm,which enables the cipher card to have high speed data encryption and decryption performance and high-speed response capability to host computers.The research contents of this paper are mainly as follows:(1)This paper puts forward the goal of the research on high-performance encryption card,and analyzes the requirements of security,performance and safety protection.Based on the current research status,the hardware architecture of the encryption card is proposed.Through the design of hardware isolation to protect the internal data of the encryption card,a large number of key caches are implemented by designing FPGA external highperformance DDR to improve the concurrency performance of the cryptographic service,and improve the performance and security of the cryptographic algorithm.The software architecture of the encryption card is proposed,and the functions of each module in the framework are introduced in detail.The framework can achieve the function and scalability of the system well.A cryptographic service engine is proposed as a scheduling module for cipher operation,which solves the problem of complex high concurrency request for cryptographic service,cross calculation of multi cipher algorithm and unified virtualization management.(2)According to the requirements of the service environment of the encryption card,on this basis,the three-level key structure is used for protection,and the classification of key and the specific management strategy are introduced in detail.Based on the software system framework and hardware architecture of encryption card,the framework of key management system is put forward.The management form of the external interface to the key is put forward.Based on designing the protection structure of key storage,the key caching mechanism is proposed to ensure the secure storage of the key and the fast realization of the key cache.In order to verify the identity of the user of the encryption card and to protect the security of internal data of the encryption card,improve the security of the user to obtain the cryptographic service for the authentication process,a login model and an identity authentication protocol based on USB Key and suitable for encryption card are proposed.(3)The hardware structure of the encryption card,the initialization process and the cryptographic service flow are designed and implemented,and the scheme of key storage and caching in the key management system and the process of management are implemented.Finally,the hardware,function and cryptographic performance of the encryption card are tested respectively,and the result reaches the general goal.The encryption card makes full use of the speed advantage of hardware encryption and the high-speed performance of PCI-E transmission,and designs the security of key modules.It provides security services for users such as data encryption and decryption,digital signature and inspection,so as to ensure the security of important information in network transmission.The encryption card can be used not only to the end-to-end encryption in the information security transmission system,but also as the basic cryptographic module of the commercial cryptographic products such as VPN encryption gateway,data security platform and server cryptographic machine.It also can be used as the core component of various information security key management system and has a wide potential for system integration applications.