Cryptographic Path Validation for SCION in P4

Cryptographic Path Validation for SCION in P4

연구 분야: Cryptography

학회: EuroP4 '23: Proceedings of the 6th on European P4 Workshop

SCION has been proposed as a new Internet architecture addressing security and scalability shortcomings in the current Internet. Multiple real-world deployments of SCION exist already, nevertheless few hardware implementations of SCION routers are available. In this paper, we implement a SCION border router on a programmable 12.8 Tbit/s Intel Tofino 2 switch. Our router utilizes the multiple separately programmable packet pipelines of Tofino 2 in order to compute SCION's AES-CMAC-based hop authenticators in general-purpose P4 without assistance from specialized hardware. Using three out of four available pipelines, we achieve 394.7 Gbit/s throughput per port on 8 ports for a total of 3.16 Tbit/s capacity. Using only two pipelines we still achieve line rate throughput on 4 ports for a total of 1.58 Tbit/s capacity. To our knowledge there is no other SCION router including the AES-CMAC validation that offers a comparable performance.