Setting up secure VPN connections with cryptography offloaded to your Altera SoC FPGA

Roger May (Altera), Sébastien Rabou and Gregory Baudet (Barco Silex)

IT applications that monitor and run industrial infrastructure are more and more connected to each other and to the cloud. Examples are the power grid, oil and gas infrastructure, supply chain and logistics… The Industry 4.0 is becoming embedded in a growing Internet of Things (IoT). If you are responsible for implementing and safeguarding the security of industrial applications, this forms a formidable challenge. The question is not whether cyberattacks on your infrastructure will happen; it is when they will happen.

A key element is securing all point-to-point connections in the network through the proper use of cryptography. But if you add these compute-intensive routines to your software stack, they may put a heavy burden on the performance of your applications, and still leave them vulnerable.

In this white paper, we’ll explain the benefits of offloading cryptography routines to hardware. As an example platform, we consider the Cyclone® V SoC device, an Altera® FPGA. Key here is selecting the right IP blocks and installing the appropriate Linux drivers that drive the hardware and allow for an easy integration in your application. Next to being more secure, hardware cryptography is also much faster. A comparison of hardware and software security routines on the Cyclone V SoC shows a gain of 30X for typical Ethernet packets of 1.5 Kbytes.