Welcome!

Welcome to the GRIP (Gigabit Rate IP Security) project home page. The goals of the GRIP project are as follows:

• Gigabit Rate IPsec Processing: Enable gigabit rate IP Security processing by development of software to utilize existing FPGA hardware assist board.
• Reconfiguration Features: Development of a flexible, reconfigurable platform that will allow offline and runtime reconfiguration of software and hardware functionality in response to requirement changes and/or operational considerations.
• Session Establishment, Key Exchange: Improve performance of session establishment via integration session managment and Internet Key Exchange (IKE) functions in to design.
• Implementation and Demonstration: Implement and demonstrate the above capabilities over SuperNet and its component networks.

Overview and Background

GRIP is a research project to develop the technologies necessary for secure host-to-host Internet Protocol Security (IPsec) communications at gigabit rates. This project will define an architecture, develop a design, and implement this capability. Successful completion of this project will require solutions which addresses the following issues: 1) sustained gigabit rate IP communications that overcomes the PCI system bus, memory, and CPU bottlenecks, 2) gigabit rate cryptographic processing, 3) dynamic management of configurable hardware assist, and 4) integration with automated security association and key exchange protocols.

The GRIP proposal is the fusion of two successful research areas at ISI, high-speed internetworking and adaptive computing systems. Within the DARPA Adaptive Computing Systems (ACS) program, ISI is researching reconfigurable hardware accelerators, runtime systems, and design tools targeting multiple Defense application domains. The second generation SLAAC-1V Virtex 64-bit PCI accelerator developed at ISI provides three million equivalent hardware logic gates and supports rapid runtime reconfiguration for dynamically changing the hardware in response to application requirements. GRIP will use this ACS technology in combination ISI's extensive networking expertise to extend gigabit desktop networking capabilities to include IPsec.

• IPsec encryption and authentication at gigabit rates: offers end-to-end security for host-to-host communication, and secures aggregated traffic between security gateways.
• Programmable IPsec accelerator using advanced ACS technology: hardware adapts to changes in security protocols and algorithms.
• Innovative pipelined parallel processing of packets using FPGAs for gigabit throughput.
• A system design that optimizes utilization of system bottlenecks: memory, CPU, and bus.
• An IP protocol stack that supports hardware accelerator assist and automatic fallback to software encryption when hardware is not available.
• Integration with IPsec session management and key exchange protocols to allow for offline and runtime session establishment and modification.
• Runtime reconfiguration technology to dynamically adapt IPsec hardware acceleration to support multiple simultaneous sessions/different encryption schemes (DES, 3DES, AES).
• An IPsec domain-specific design tool based on JHDL and Xilinx JBits technology that allows developers to extend ACS hardware acceleration support to additional encryption and authentication standards.
• Software and hardware for standard COTS PC workstations running FreeBSD and Linux operating systems to engage in gigabit rate IPsec communications. Software includes kernel patches for IPsec implementation, device drivers for hardware assist board, and an Application Programming Interface (API) for IPsec usage.