![]() Ultimately, we decided that IPsec does not meet our security requirements as it lacks support for keys per layer-4 connection. Existing IPsec offload engines are designed to support encryption for a small number of site-to-site tunnels. Assuming the size of an entry is 256B in either direction, transmit or receive, the total memory requirement for 10M connections is 5GB (256B x 2 x 10M) – which is well beyond the affordable capacity of commodity offload engines. However, a limitation of IPSec offload solutions is that they cannot economically support our scale partly because they store the full encryption state in an associative hardware table with modest update rates. IPsec protocol, on the other hand, is transport independent and can be offloaded to hardware. TLS also does not support non-TCP transport protocols, such as UDP. While TLS meets our security requirements, it is not an-offload friendly solution because of the tight coupling between the connection state in the kernel and the offload state in hardware. At Google’s scale, the implication is that the cryptographic offload must support millions of live Transmission Control Protocol (TCP) connections and sustain 100,000 new connections per second at peak.īefore inventing a new offload-friendly protocol, we investigated existing industry-standards: Transport Layer Security (TLS) and Internet Protocol Security (IPsec). Hence, we require per-connection encryption and authentication, similar to Transport Layer Security (TLS). Google’s production machines are shared among multiple tenants that have strict isolation requirements. ![]() Such costs spurred us to offload encryption to our network interface cards (NICs) using PSP (a recursive acronym for PSP Security Protocol), which we are open sourcing today. While this effort provided invaluable privacy and security benefits, software encryption came at significant cost: it took ~0.7% of Google's processing power to encrypt and decrypt RPCs, along with a corresponding amount of memory. Our approach is described in our Encryption in Transit whitepaper. Since then, we gradually rolled out changes to encrypt almost all data in transit. Almost a decade ago, we started encrypting traffic between our data centers to help protect user privacy.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |