The demand for private communication have increased with the growth of mobile and private application. Such trend has led today’s web traffic tends to use TLS protocol, but TLS incurs severe performance penalty due to the cryptography for data secrecy. Many proposals have attempted to amortize the cryptography overhead by offloading TLS to external devices, but those proposals are overshadowed by PCIe DMA overhead.
This work presents AccelTLS, a hardware-assisted TLS accelerator that partially offloads TLS on network interface cards (NICs). AccelTLS offloads handshake of TLS which is in charge of session key exchange to NIC. It does not require extra DMA of packet contents for TLS operations, and preserve the CPU cycles and memory bandwidth of host stack by simplification of the host stack and packet DMA avoidance between the host and NIC. In addition, it utilizes hardware cryptography accelerator of the NIC for private decrypt of TLS which is 3.6x faster than software implementation of commodity processor. Our evaluation shows that AccelTLS improves the TLS performance by 1.9x to 6.9x depending on the number of CPU cores.