Hardware Accelerator Advice

Kip Warner kip at thevertigo.com
Fri Nov 11 03:27:13 CET 2011 

On Thu, 2011-11-10 at 13:31 +0100, Nikos Mavrogiannopoulos wrote:
> On Thu, Nov 10, 2011 at 10:09 AM, Kip Warner <kip at thevertigo.com> wrote:
> > Hey folks,
> > I'd like the advice of anyone who would like to offer some regarding my
> > intended usage of GnuTLS.
> > I'd like to use it as part of a game server to ensure secure client /
> > server authentication during the handshake. During that process, I
> > understand that it can be resource intensive on the server when there
> > may be hundreds of clients attempting to do the same thing at the same
> > time. I know that there is a such thing as SSL hardware accelerator
> > cards that can have this computation offloaded to them, but seek
> > informed advice from the community for this situation.
> 
> Hello,
>  In gnutls you can use instruction based optimizations on CPU's like
> via (with padlock) or intel/amd (with AES-NI), to optimize the
> operations on AES and/or SHA. There are also embedded (usually)
> systems that provide a kernel driver (/dev/crypto) to  access few
> cryptographic algorithms. Both of the above optimize the transfer of
> data between client and server. They do not optimize the handshake
> procedure. For that you will need something like a hardware
> accelerator (or security module) that provides a PKCS #11 interface
> (driver) to access operations on RSA (or ECDSA) keys. I cannot suggest
> any because I have only tested security modules that didn't really
> provide acceleration (they were used for key isolation).
> 
> There are however, other ways to optimize the handshake for your
> server. That is using an elliptic curve (ECDSA) key instead of RSA, or
> using ephemeral elliptic curve diffie hellman instead of plain diffie
> hellman etc. If you have control over the client and server
> application you can configure them to use the ciphersuites that have
> the lesser impact in performance, and make use of session resumption.
> 
> > (2) Would one even be appropriate for this situation on the server?
> 
> It would if you really expect the server to be busy (in calculations).
> It might happen that with configuration tweaks the server remains idle
> even without one.
> 
> > (3) Can anyone recommend a card compatible with GnuTLS? I believe any
> > that implement /dev/crypto, correct? Assume that the server would be
> > running GNU/Linux with a relatively recent kernel.
> 
> I've you're looking for an optimizer of AES (or SHA), I'd suggest to
> get a cpu such the ones described above (intel/amd with AES-NI or via
> with padlock). If you also need to optimize RSA/ECDSA you'll need a
> hardware accelerator with PKCS #11 support. Such one should work out
> of the box because PKCS #11 is pretty simple, but you'd better ask the
> provider of the module for compatibility (especially if it is an
> expensive one).
> 
> regards,
> Nikos

Thanks Nikos. That was fairly comprehensive. From the looks of it, the
only SSL hardware accelerator cards I can find are in the tens of
thousands of dollar range which is not an option for me anyways.
-- 
Kip Warner -- Software Engineer
OpenPGP encrypted/signed mail preferred
http://www.thevertigo.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: </pipermail/attachments/20111110/7889829b/attachment.pgp>

More information about the Gnutls-help mailing list