Secure your connection with TLS 1.3 Client 10Gbps IP Core (TLS10GC-IP)

Discover how to fortify your connection with the TLS10GC-IP, a cutting-edge TLS 1.3 Client 10Gbps IP Core! 🛡️🔒

Uncover the vulnerabilities of unsecured connections and how TLS encryption adds layers of security, thwarting potential data breaches. Delve into the technicalities of TLS, including encryption algorithms and key exchange methods.

See a live demonstration of TLS10GC-IP in action, showcasing its capabilities in establishing secure HTTPS connections with lightning-fast speeds.

Don’t let CPU limitations throttle your network’s potential. With TLS10GC-IP, achieve near 10 Gbps transfer speeds while offloading encryption tasks from your CPU. Experience heightened security without compromising on performance.

When using unsecured connections such as HTTP, data is transported between the client and server in plain text using the Transmission Control Protocol (TCP).

This makes it easy for a potential attacker to intercept and capture the packets using network tools like Wireshark, thereby compromising sensitive data and privacy.

To enhance security, HTTPS is utilized instead of HTTP, employing TLS to establish a secure connection.

TLS encrypts and secures data before transit between the client and server, significantly increasing the complexity for potential attackers attempting to intercept or read the data, thus imposing an additional task for both the client and server.

In PC-based systems, the CPU is responsible for encrypting data before transmission across the network and decrypting received data for further processing.

These cryptographic tasks can consume a significant amount of CPU resources, sometimes reaching 100% CPU usage, consequently affecting the transfer speed. For example, the transfer speed can decrease to 60% in half-duplex mode.

In high-speed networks, CPU limitations become the bottleneck of the system and prevent the system from achieving the full bandwidth capacity for data transfer.

DG offers the TLS10Gx IPcore as a hardware-accelerated solution for implementing TLS1.3, effectively managing handshake, encryption, and decryption processes without CPU workload.

By utilizing our TLS10Gx IPcore, the transfer speed can be restored to nearing 10 Gbps. Your CPU can seamlessly handle other tasks while ensuring security and high-speed data transfer.

Key features of TLS10GC

include support for cipher suites: TLS_AES_256_GCM_SHA384

  • Key exchange using X25519
  • Key derivation with HKDF and SHA384
  • AES256GCM for encryption/decryption
  • RSA2048 for certificates
  • rsa_pss_rsae_sha256 for signature algorithms

Let’s have a look TLS10GCdemo on ZCU106.

TLS10GCdemo showcases the utilization of TLS10GC IP-core to establish HTTPS connection using the TLS protocol.

The TLS10GCdemo is designed to work as a client and is compatible with general servers like Node.js.

User can use TLS10GCdemo to establish a connection with an HTTPS server, just like with a client web browser.

The demo system consists of a server, web browser, and TLS10Gdemo, all connected together through a network.

In this demonstration, users can set parameter which are,

  • IP address
  • Port number
  • MAC address of FPGA board
  • Enable showkey mode
  • Enable showcert mode
  • Download and upload data by using the supported command
  • To download data, myGET following by URL is used
  • To upload data, myPOST following by URL is used

For download data via web browser, when a user inputs a URL into a web browser, the requested data is downloaded and displayed.

For example, if a user requests the DG.html file located in the ./log folder, the contents of DG.html will be displayed.

Similarly, using the myGET command followed by the same URL that was input into the web browser to download the data, you can see the same data displayed on the serial console.

To upload a data pattern to server via a web browser, DG provide a sample html page, “UploadMenu.html”, to generate a data pattern and then send to the server using the HTTP POST method.

Users can select the type of data pattern and its length and then push the POST button to initiate the upload process.

Once the transfer is complete, the server console will display details of the transfer, the data length and transfer speed. If the data length is less than 16kB, the received data will also be displayed on the server console.

To upload data to server via TLS10GCdemo, user can input myPOST command followed by URL into the serial console.

This command simulates POST method of HTTP and generate data pattern to upload data to the server.

Once the transfer is complete, the serial console will display the length of the data and the transfer speed.

On the server console, you’ll also be able to see the data length and transfer speed. If the length of the received data is less than 16kB, it will be displayed on the server console as well.

The “Server” application is designed to encrypt data before transmission through the network in Tx mode, decrypt the last data block and verify the total received data size after finishing reception in Rx mode. 

This refined approach ensures that the CPU doesn’t simultaneously handle encryption and transmission tasks during Tx mode, and reception and decryption tasks during Rx mode.

Through half-duplex (download/upload) testing, we observe transfer speeds nearing 10 Gbps, accompanied by near full CPU utilization, as monitored by the PC’s task manager.

When the connection is secured, TLS protocol is implemented. The client must handle cryptographic algorithms for handshaking and transferring data.

In software system, user uses web browser running on CPU as a client to communicate with server such as Node.js.

The web browser starts consuming 100% of 1 intel i7 CPU core resources and cannot achieve 10Gbps throughput.

When TLS10GCdemo is used as a client with node.js server. The throughput is increased because TLS10GC-IP can handle TLS1.3 protocol with high-performance. But the transfer speed is still not achieve 10Gbps throughput because of the bottle neck from encrypting/decrypting data at node.js server.

To optimal data transfer speed, special test software is used as server. TLS10GCdemo can recover the transfer speed to nearly 10Gbps.

Visit our website for more insights into securing your data with TLS 1.3. Strengthen your network defenses today! 🔗✨