The Optimization On ARM Crypto-Engine In The Application Of WebServer

With the rapid development of emerging technologies such as big data and cloud computing,a huge amount of data is generated in daily life.These data need to be encrypted before they are sent on the network or stored to local disk to ensure the security.However,the encryption operation is compute-intensive and requires a large amount of CPU resources,which leads to the number and performance of server in data center continuously increase.The issues about energy and cost caused by these massive servers are becoming prominent.Compared with the traditional x86 architecture,the solutions based on ARM server are able to give full play to their low-cost and low-power advantages in transaction intensive applications.Based on the ARM architecture server,in this paper we design and realize a hardware encryption system with ARM Crypto-Engine,which can offload the compute-intensive encryption operations from CPU to hardware device,to accelerate the encryption calculations.The hardware encryption system consists of WebServer,OpenSSL,Cryptodev-Linux,hardware driver and hardware device.Based on the data flow of HTTPS protocol,we analyze the implementation of each subsystem in detail,and give some suggestions to optimize the whole system.The optimization methods mainly include the resource management of the driver layer,the HW/SW co-design of OpenSSL and data aggregation.Through the optimization methods of data aggregation and driver's resource management,the system can reduce the overhead of mode switch and context switch of calling hardware,thus improving the performance of hardware encryption.Through the HW/SW co-design method,the system exerts the superiorities of instruction set and hardware and makes full use of system resource.At the end of this paper,we construct the experimental environment of 40 Gbps network bandwidth to test the encryption performance of instruction set,primary hardware system and optimized hardware system,and we test the system performance from both OpenSSL and end-to-end levels.The result of OpenSSL layer shows that,for AES-256-CBC algorithm,when the size of encrypted data is larger than 16 KB,the optimized hardware system can improve the performance by up to 40% and 800% comparing with instruction set and primary hardware.When the size is smaller than 16 KB,the performance of optimized hardware is similar to instruction set,which is 2-8 times better than the primary hardware.Other algorithms such as AES-128-CBC,AES-256-GCM and AES-128-GCM also have the same effects.The result of end-to-end shows that,for ECDHE-RSA-AES256-SHA and ECDHE-RSA-AES-SHA cipher suit,whose encrypted data can be aggregated into 128 KB,the optimized hardware encryption system can get 20% and 90% improvement comparing with instruction set and primary hardware.For ECDHE-RSA-AES256-GCM-SHA384 cipher suite,whose encrypted data can only be aggregated into 32 KB,the performance of optimized hardware encryption system is lower than the instruction set,but has about 50% improvement comparing with primary hardware.In general,these optimization methods have a significant improvement on the performance of hardware encryption system,and make the hardware device more suitable for WebServer applications.