Go to DBLP homepageNET-SM4: A High-Performance Secure Encryption Mechanism Based on In-Network Computing
Abstract: Encryption is crucial for securing critical network infrastructures, including datacenter networks, 5 G networks, and the Internet of Things (IoT). In-network encryption (INE) offers a promising solution by enabling direct encryption of data on the network's data plane during transmission, thereby eliminating the need for host-side hardware encryption. However, existing INE solutions fail to fully leverage the processing capabilities of programmable switches, leading to low throughput, high resource overhead, and limited key flexibility. These limitations hinder their compatibility with other network functions and restrict their real-world deployment. To address these challenges, we introduce NET-SM4, a high-performance secure encryption mechanism based on in-network computing. NET-SM4 offloads the highly secure and pipeline-optimized SM4 encryption algorithm to programmable switches. By employing a hardwarefriendly table lookup approach, NET-SM4 reduces computation dependency chains and supports parallel encryption inherently, thereby achieving high throughput and low resource overhead for in-network encryption. We implement a prototype of NETSM4 on a commercial Tofino switch and evaluate its performance through testbed experiments and a real-world RDMA-based case study. The results demonstrate that NET-SM4 (1) outperforms state-of-the-art in-network encryption solutions in throughput by up to 293.85 %, and (2) ensures link-speed data transmission with less than $20 \mu$ s overhead in real-world scenarios.
External IDs:dblp:conf/iwqos/WangZZWZ25
Loading