Secure communication in atm networks

HADES (high-speed ATM DES/TripleDES) is a very large scaled integrated circuit (VLSI) encryption unit that supports data encryption standard (DES) and two-key TripleDES in electronic code book (ECB) and cipher block chaining (CBC) operational mode. The throughput in TripleDES CBC (outer-CBC) is 155 Mbit/s. HADES has been designed as a single-chip unit to be integrated to ATM network devices such as ATM network interface cards. HADES has been specifically designed for asynchronous transfer mode (ATM) user plane confidentiality requirements in a platform-independent approach. Therefore, the industrial de-facto standard interface for ATM end systems is supported, namely UTOPIA. In an approach referred to as UTOPIA interception, HADES transparently intercepts the interface between ATM layer and the physical layer. On-chip session key pools support a per-virtual connection (per-VC) based encryption approach. I.e., each user communication channel-a VC in ATM terminology-can be assigned an unique session key. HADES is a ATM encryptor that is applicable to a wide range of ATM end systems, as UTOPIA is supported. In the SCAN context, the platform independence has been proven by the means of a 2 Mbit/s E1 ATM user network interface (UNI), as well as a 155 Mbit/s STM-1 UNI. A number of innovative aspects is given: First of all, the single-chip approach integrating the encryption cores and session key pools is novel. Two independent DES/TripleDES cores handle the two communication directions transmit and receive. The two cores-designed in a full-custom approach-are controlled by a set of controllers that perform the data sequencing, as well as control the access to the on-chip session key content addressable memory (CAM) and RAM that form the session key pool to achieve a key-agile ATM encryptor. The ATM CAM approach followed to find a session key assigned to a certain VC minimizes the additional delay that is introduced to ATM cell stream due to the encryption process. Actually, this delay is about one microsecond under worst-case scenarios, i.e. if a continues sequence of ATM cells each assigned a different VC and each to be TripleDES CBC encrypted, decrypted respectively. As the on-chip CAM is limited in size, an interface to commercial ATM CAM and RAM components has been developed that allows for a practically unlimited number of VCs that are supported. What advances the state-of-the-art in the ATM user plane confidentiality arena is that CBC operational mode is supported. CBC has the significant advantage that it is self-synchronizing in the case of ATM cell losses, but forms tough performance constraints as the encryption process is not parallel.