Secure protocol communication by hardware


Hardware offload processing for encryption / decryption and authentication in SSL / TLS by combining our TCP offload and crypt engine.

Since the record layer processing is completely hardware offloaded, the user application can overwhelmingly reduce the CPU load which only needs preparing the data to transfer securely.

In addition, by creating the TLS tunnel between the terminal and the host, the high performance and low latency VPN is possible.


HW takes over high-performance, low-latency secure communication and contributes to power consumption reduction

With PTU (TLS extension) integrated with the crypto engine, the data transmission process in SSL / TLS is completed with full hardware.
Even if a dedicated HW is used for encryption, memory transfer occurs before and after encryption in a normal system. This is because the TCP / IP protocol stack is separated (left figure).
However, with Intellectual Highway’s TLS-enhanced PTU, there is no extra memory transfer of encrypted data or data required for the TLS protocol (right figure). Therefore, high-performance, low-latency secure communication is achievable.


Application Example

TLS Proxy (HTTPS Proxy)

As a Proxy server, HW ensures that plaintext communication (eg HTTP) on client machines to secure protocols (eg HTTPS). At the same time as reducing the load of HTTPS encryption processing on the client machine, communication to the outside is forced to be encrypted. Also, the security management can be easier because the inside of the intranet is in plain text.


This is a demo that converts HTTP access from a client to HTTPS with PTU on FPGA and replaces communication between servers with TLS communication. In the captured log, TLS encapsulation can be seen.



Version: TLS1.2
Encryption/Decryption:AES128, AES192, AES256
Message Authentication:GCM, SHA2


Throughput: Maximum 25Gbps(depends on crypt engine and number of sessions)


Intel, Xilinx
Intel PAC, Xilinx Alveo series