tech-invite   World Map     

IETF     RFCs     Groups     SIP     ABNFs    |    3GPP     Specs     Glossaries     Architecture     IMS     UICC    |    search

RFC 3723

 
 
 

Securing Block Storage Protocols over IP

Part 3 of 3, p. 51 to 70
Prev RFC Part

 


prevText      Top      Up      ToC       Page 51 
6.  IANA Considerations

   This section provides guidance to the Internet Assigned Numbers
   Authority (IANA) regarding registration of values of the SRP_GROUP
   key parameter within iSCSI, in accordance with BCP 26, [RFC2434].

   IANA considerations for the iSCSI protocol are described in
   [RFC3720], Section 13; for the iFCP protocol in [iFCP], Section 12;
   and for the FCIP protocol in [FCIP], Appendix B.

Top      Up      ToC       Page 52 
6.1.  Definition of Terms

   The following terms are used here with the meanings defined in BCP
   26:  "name space", "assigned value", "registration".

   The following policies are used here with the meanings defined in BCP
   26: "Private Use", "First Come First Served", "Expert Review",
   "Specification Required", "IETF Consensus", "Standards Action".

6.2.  Recommended Registration Policies

   For registration requests where a Designated Expert should be
   consulted, the responsible IESG Area Director should appoint the
   Designated Expert.

   For registration requests requiring Expert Review, the IPS mailing
   list should be consulted, or if the IPS WG is disbanded, to a mailing
   list designated by the IESG Area Director.

   This document defines the following SRP_GROUP keys:

      SRP-768, SRP-1024, SRP-1280, SRP-1536, SRP-2048, MODP-3072, MODP-
      4096, MODP-6144, MODP-8192

   New SRP_GROUP keys MUST conform to the iSCSI extension item-label
   format described in [RFC3720] Section 13.5.4.

   Registration of new SRP_GROUP keys is by Designated Expert with
   Specification Required.  The request is posted to the IPS WG mailing
   list or its successor for comment and security review, and MUST
   include a non-probabalistic proof of primality for the proposed SRP
   group.  After a period of one month as passed, the Designated Expert
   will either approve or deny the registration request.

7.  Normative References

   [RFC793]       Postel, J., "Transmission Control Protocol", STD 7,
                  RFC 793, September 1981.

   [RFC1191]      Mogul, J. and S. Deering, "Path MTU Discovery", RFC
                  1191, November 1990.

   [RFC1435]      Knowles, S., "IESG Advice from Experience with Path
                  MTU Discovery", RFC 1435, March 1993.

   [RFC1981]      McCann, J., Deering, S. and J. Mogul, "Path MTU
                  Discovery for IP version 6", RFC 1981, August 1996.

Top      Up      ToC       Page 53 
   [RFC2104]      Krawczyk, H., Bellare, M. and R. Canetti, "HMAC:
                  Keyed- Hashing for Message Authentication", RFC 2104,
                  February 1997.

   [RFC2119]      Bradner, S., "Key words for use in RFCs to Indicate
                  Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC2131]      Droms, R., "Dynamic Host Configuration Protocol", RFC
                  2131, March 1997.

   [RFC2401]      Kent, S. and R. Atkinson, "Security Architecture for
                  the Internet Protocol", RFC 2401, November 1998.

   [RFC2404]      Madson, C. and R. Glenn, "The Use of HMAC-SHA-1-96
                  within ESP and AH", RFC 2404, November 1998.

   [RFC2406]      Kent, S. and R. Atkinson, "IP Encapsulating Security
                  Payload (ESP)", RFC 2406, November 1998.

   [RFC2407]      Piper, D., "The Internet IP Security Domain of
                  Interpretation of ISAKMP", RFC 2407, November 1998.

   [RFC2408]      Maughan, D., Schertler, M., Schneider, M. and J.
                  Turner, "Internet Security Association and Key
                  Management Protocol (ISAKMP)," RFC 2408, November
                  1998.

   [RFC2409]      Harkins, D. and D. Carrel, "The Internet Key Exchange
                  (IKE)", RFC 2409, November 1998.

   [RFC2412]      Orman, H., "The OAKLEY Key Determination Protocol",
                  RFC 2412, November 1998.

   [RFC2434]      Narten, T. and H. Alvestrand, "Guidelines for Writing
                  an IANA Considerations Section in RFCs", BCP 26, RFC
                  2434, October 1998.

   [RFC2451]      Pereira, R. and R. Adams, "The ESP CBC-Mode Cipher
                  Algorithms", RFC 2451, November 1998.

   [RFC2608]      Guttman, E., Perkins, C., Veizades, J. and M. Day,
                  "Service Location Protocol, Version 2", RFC 2608, June
                  1999.

   [RFC2923]      Lahey, K., "TCP Problems with Path MTU Discovery", RFC
                  2923, September 2000.

Top      Up      ToC       Page 54 
   [RFC2945]      Wu, T., "The SRP Authentication and Key Exchange
                  System", RFC 2945, September 2000.

   [RFC3315]      Droms, R., Ed., Bound, J., Volz,, B., Lemon, T.,
                  Perkins, C. and M. Carney, "Dynamic Host Configuration
                  Protocol for IPv6 (DHCPv6)", RFC 3315, July 2003.

   [RFC3456]      Patel, B., Aboba, B., Kelly, S. and V. Gupta, "Dynamic
                  Host Configuration Protocol (DHCPv4) Configuration of
                  IPsec Tunnel Mode", RFC 3456, January 2003.

   [RFC3526]      Kivinen, T. and M. Kojo, "More Modular Exponential
                  (MODP) Diffie-Hellman groups for Internet Key Exchange
                  (IKE)", RFC 3526, May 2003.

   [RFC3566]      Frankel, S. and H. Herbert, "The AES-XCBC-MAC-96
                  Algorithm and Its Use with IPsec", RFC 3566, September
                  2003.

   [RFC3643]      Weber, R., Rajagopal, M., Trovostino, F., O'Donnel.,
                  M, Monia, C.and M. Mehrar, "Fibre Channel (FC) Frame
                  Encapsuation", RFC 3643, December 2003.

   [RFC3686]      Housley, R., "Using Advanced Encryption Standard (AES)
                  Counter Mode With IPsec Encapsulating Security Payload
                  (ESP)", RFC 3686, January 2004.

   [RFC3720]      Satran, J., Meth, K., Sapuntzakis, C. Chadalapaka, M.
                  and E. Zeidner, "Internet Small Computer Systems
                  Interface (iSCSI)", RFC 3720, April 2004.

   [3DESANSI]     American National Standard for Financial Services
                  X9.52-1998, "Triple Data Encryption Algorithm Modes of
                  Operation", American Bankers Association, Washington,
                  D.C., July 29, 1998

   [SRPNDSS]      Wu, T., "The Secure Remote Password Protocol", in
                  Proceedings of the 1998 Internet Society Symposium on
                  Network and Distributed Systems Security, San Diego,
                  CA, pp.  97-111

8.  Informative References

   [RFC1321]      Rivest, R., "The MD5 Message-Digest Algorithm", RFC
                  1321, April 1992.

   [RFC1994]      Simpson, W., "PPP Challenge Handshake Authentication
                  Protocol (CHAP)", RFC 1994, August 1996.

Top      Up      ToC       Page 55 
   [RFC2230]      Atkinson, R., "Key Exchange Delegation Record for the
                  DNS", RFC 2230, November 1997.

   [RFC2373]      Hinden, R. and S. Deering, "IP Version 6 Addressing
                  Architecture", RFC 2373, July 1998.

   [RFC2402]      Kent, S., Atkinson, R., "IP Authentication Header",
                  RFC 2402, November 1998.

   [RFC2403]      Madson, C. and R. Glenn, "The Use of HMAC-MD5-96
                  within ESP and AH", RFC 2403, November 1998.

   [RFC2405]      Madson, C. and N. Doraswamy, "The ESP DES-CBC Cipher
                  Algorithm With Explicit IV", RFC 2405, November 1998.

   [RFC2535]      Eastlake, D., "Domain Name System Security
                  Extensions", RFC 2535, March 1999.

   [RFC2782]      Gulbrandsen, A., Vixie, P. and L. Esibov, "A DNS RR
                  for specifying the location of services (DNS SRV)",
                  RFC 2782, February 2000.

   [RFC2845]      Vixie, P., Gudmundsson, O., Eastlake, D. and B.
                  Wellington, "Secret Key Transaction Authentication for
                  DNS (TSIG)", RFC 2845, May 2000.

   [RFC2865]      Rigney, C., Willens, S., Rubens, A. and W. Simpson,
                  "Remote Authentication Dial In User Service (RADIUS)",
                  RFC 2865, June 2000.

   [RFC2931]      Eastlake, D., "DNS Request and Transaction Signatures
                  (SIG(0)s )", RFC 2931, September 2000.

   [RFC2983]      Black, D. "Differentiated Services and Tunnels", RFC
                  2983, October 2000.

   [RFC3007]      Wellington, B., "Simple Secure Domain Name System
                  (DNS) Dynamic Update", RFC 3007, November 2000.

   [RFC3347]      Krueger, M. and R. Haagens, "Small Computer Systems
                  Interface protocol over the Internet (iSCSI)
                  Requirements and Design Considerations", RFC 3347,
                  July 2002.

   [RFC3721]      Bakke, M., Hafner, J., Hufferd, J., Voruganti, K. and
                  M. Krueger, "Internet Small Computer Systems Interface
                  (iSCSI) Naming and Discovery", RFC 3721, April 2004.

Top      Up      ToC       Page 56 
   [AESPERF]      Schneier, B., J. Kelsey, D. Whiting, D. Wagner, C.
                  Hall, and N. Ferguson, "Performance Comparison of the
                  AES Submissions", http://www.counterpane.com/aes-
                  performance.html

   [AuthMIB]      Bakke, M., et al., "Definitions of Managed Objects for
                  iSCSI", Work in Progress, September 2002.

   [CRCTCP]       Stone J., Partridge, C., "When the CRC and TCP
                  checksum disagree", ACM Sigcomm, Sept. 2000.

   [DESANALY]     Bellare, Desai, Jokippi, Rogaway, "A Concrete
                  Treatment of Symmetric Encryption: Analysis of the DES
                  Modes of Operation", 1997, http://www-
                  cse.ucsd.edu/users/mihir/papers/sym-enc.html

   [DESCRACK]     Cracking DES, O'Reilly & Associates, Sebastapol, CA
                  2000.

   [DESDIFF]      Biham, E., Shamir, A., "Differential Cryptanalysis of
                  DES-like cryptosystems", Journal of Cryptology Vol 4,
                  Jan 1991.

   [DESINT]       Bellovin, S., "An Issue With DES-CBC When Used Without
                  Strong Integrity", Proceedings of the 32nd IETF,
                  Danvers, MA, April 1995

   [FCIP]         Rajagopal, M., et al., "Fibre Channel over TCP/IP
                  (FCIP)", Work in Progress, August 2002.

   [FCIPSLP]      Petersen, D., "Finding FCIP Entities Using SLPv2",
                  Work in Progress, September 2002.

   [FIPS46-3]     U.S. DoC/NIST, "Data encryption standard (DES)", FIPS
                  46-3, October 25, 1999.

   [FIPS74]       U.S. DoC/NIST, "Guidelines for implementing and using
                  the nbs data encryption standard", FIPS 74, Apr 1981.

   [FIPS197]      U.S. DoC/NIST, "Advanced Encryption Standard (AES)",
                  FIPS 197, November 2001,
                  http://csrc.nist.gov/CryptoToolkit/aes

   [iFCP]         Monia, C., et al., "iFCP - A Protocol for Internet
                  Fibre Channel Storage Networking", Work in Progress,
                  August 2002.

Top      Up      ToC       Page 57 
   [RFC3715]      Aboba, B. and W. Dixon, "IPsec-Network Address
                  Translation (NAT) Compatibility Requirements", RFC
                  3715, March 2004.

   [iSCSISLP]     Bakke, M., "Finding iSCSI targets and Name Servers
                  Using SLP", Work in Progress, March 2002.

   [iSNS]         Gibbons, K., et al., "iSNS Internet Storage Name
                  Service", Work in Progress, August 2002.

   [KeyLen]       Orman, H., Hoffman, P., "Determining Strengths For
                  Public Keys Used For Exchanging Symmetric Keys", Work
                  in Progress, December 2001.

   [MD5Attack]    Dobbertin, H., "The Status of MD5 After a Recent
                  Attack", CryptoBytes Vol.2 No.2, Summer 1996

   [NATIKE]       Kivinen, T., et al., "Negotiation of NAT-Traversal in
                  the IKE", Work in Progress, June 2002.

   [NSPUE2]       "Recommendation for Block Cipher Modes of Operation",
                  National Institute of Standards and Technology (NIST)
                  Special Publication 800-38A, CODEN: NSPUE2, U.S.
                  Government Printing Office, Washington, DC, July 2001.

   [PENTPERF]     A. Bosselaers, "Performance of Pentium
                  implementations",
                  http://www.esat.kuleuven.ac.be/~bosselae/

   [PMAC]         Rogaway, P., Black, J., "PMAC: Proposal to NIST for a
                  parallelizable message authentication code",
                  http://csrc.nist.gov/encryption/modes/proposedmodes/
                  pmac/pmac-spec.pdf

   [Seq]          Kent, S., "IP Encapsulating Security Payload (ESP)",
                  Work in Progress, July 2002.

   [SRPDIST]      Wu, T., "SRP Distribution", http://www-cs-
                  students.stanford.edu/~tjw/srp/download.html

   [UDPIPsec]     Huttunen, A., et. al., "UDP Encapsulation of IPsec
                  Packets", Work in Progress, June 2002.

   [UMAC]         Black, J., Halevi, S., Krawczyk, H., Krovetz, T.,
                  Rogaway, P., "UMAC: Fast and provably secure message
                  authentication", Advances in Cryptology - CRYPTO '99,
                  LNCS vol. 1666, pp.  216-233.  Full version available
                  from http://www.cs.ucdavis.edu/~rogaway/umac

Top      Up      ToC       Page 58 
   [UMACKR]       Krovetz, T., Black, J., Halevi, S., Hevia, A.,
                  Krawczyk, H., Rogaway, P., "UMAC: Message
                  Authentication Code using Universal Hashing", Work in
                  Progress, October 2000.  Also available
                  at:http://www.cs.ucdavis.edu/~rogaway/umac/draft-
                  krovetz-umac-01.txt

   [UMACPERF]     Rogaway, P., "UMAC Performance",
                  http://www.cs.ucdavis.edu/~rogaway/umac/perf00.html

9.  Acknowledgments

   Thanks to Steve Bellovin of AT&T Research, William Dixon of V6
   Security, David Black of EMC, Joseph Tardo and Uri Elzur of Broadcom,
   Julo Satran, Ted Ts'o, Ofer Biran, and Charles Kunzinger of IBM,
   Allison Mankin of ISI, Mark Bakke and Steve Senum of Cisco, Erik
   Guttman of Sun Microsystems and Howard Herbert of Intel for useful
   discussions of this problem space.

Top      Up      ToC       Page 59 
Appendix A - Well Known Groups for Use with SRP

   Modulus (N) and generator (g) values for various modulus lengths are
   given below.  The values below are taken from software developed by
   Tom Wu and Eugene Jhong for the Stanford SRP distribution [SRPDIST],
   and subsequently rigorously verified to be prime.  Implementations
   supporting SRP authentication MUST support groups up to 1536 bits,
   with 1536 bits being the default.

   iSCSI Key="SRP-768" [768 bits]
   Modulus (base 16) =
   B344C7C4F8C495031BB4E04FF8F84EE95008163940B9558276744D91F7CC9F40
   2653BE7147F00F576B93754BCDDF71B636F2099E6FFF90E79575F3D0DE694AFF
   737D9BE9713CEF8D837ADA6380B1093E94B6A529A8C6C2BE33E0867C60C3262B
   Generator = 2

   iSCSI Key="SRP-1024" [1024 bits]
   Modulus (base 16) =
   EEAF0AB9ADB38DD69C33F80AFA8FC5E86072618775FF3C0B9EA2314C9C256576
   D674DF7496EA81D3383B4813D692C6E0E0D5D8E250B98BE48E495C1D6089DAD1
   5DC7D7B46154D6B6CE8EF4AD69B15D4982559B297BCF1885C529F566660E57EC
   68EDBC3C05726CC02FD4CBF4976EAA9AFD5138FE8376435B9FC61D2FC0EB06E3
   Generator = 2

   iSCSI Key="SRP-1280" [1280 bits]
   Modulus (base 16) =
   D77946826E811914B39401D56A0A7843A8E7575D738C672A090AB1187D690DC4
   3872FC06A7B6A43F3B95BEAEC7DF04B9D242EBDC481111283216CE816E004B78
   6C5FCE856780D41837D95AD787A50BBE90BD3A9C98AC0F5FC0DE744B1CDE1891
   690894BC1F65E00DE15B4B2AA6D87100C9ECC2527E45EB849DEB14BB2049B163
   EA04187FD27C1BD9C7958CD40CE7067A9C024F9B7C5A0B4F5003686161F0605B
   Generator = 2

   iSCSI Key="SRP-1536" [1536 bits]
   Modulus (base 16) =
   9DEF3CAFB939277AB1F12A8617A47BBBDBA51DF499AC4C80BEEEA9614B19CC4D
   5F4F5F556E27CBDE51C6A94BE4607A291558903BA0D0F84380B655BB9A22E8DC
   DF028A7CEC67F0D08134B1C8B97989149B609E0BE3BAB63D47548381DBC5B1FC
   764E3F4B53DD9DA1158BFD3E2B9C8CF56EDF019539349627DB2FD53D24B7C486
   65772E437D6C7F8CE442734AF7CCB7AE837C264AE3A9BEB87F8A2FE9B8B5292E
   5A021FFF5E91479E8CE7A28C2442C6F315180F93499A234DCF76E3FED135F9BB
   Generator = 2

Top      Up      ToC       Page 60 
   iSCSI Key="SRP-2048" [2048 bits]
   Modulus (base 16) =
   AC6BDB41324A9A9BF166DE5E1389582FAF72B6651987EE07FC3192943DB56050
   A37329CBB4A099ED8193E0757767A13DD52312AB4B03310DCD7F48A9DA04FD50
   E8083969EDB767B0CF6095179A163AB3661A05FBD5FAAAE82918A9962F0B93B8
   55F97993EC975EEAA80D740ADBF4FF747359D041D5C33EA71D281E446B14773B
   CA97B43A23FB801676BD207A436C6481F1D2B9078717461A5B9D32E688F87748
   544523B524B0D57D5EA77A2775D2ECFA032CFBDBF52FB3786160279004E57AE6
   AF874E7303CE53299CCC041C7BC308D82A5698F3A8D0C38271AE35F8E9DBFBB6
   94B5C803D89F7AE435DE236D525F54759B65E372FCD68EF20FA7111F9E4AFF73
   Generator = 2

   In addition to these groups, the following groups MAY be supported,
   each of which has also been rigorously proven to be prime:

   [1]  iSCSI Key="MODP-3072": the 3072-bit [RFC3526] group, generator:
        5

   [2]  iSCSI Key="MODP-4096": the 4096-bit [RFC3526] group, generator:
        5

   [3]  iSCSI Key="MODP-6144": the 6144-bit [RFC3526] group, generator:
        5

   [4]  iSCSI Key="MODP-8192": the 8192-bit [RFC3526] group, generator:
        19

Top      Up      ToC       Page 61 
Appendix B - Software Performance of IPsec Transforms

   This Appendix provides data on the performance of IPsec encryption
   and authentication transforms in software.  Since the performance of
   IPsec transforms is heavily implementation dependent, the data
   presented here may not be representative of performance in a given
   situation, and are presented solely for purposes of comparison.
   Other performance data is available in [AESPERF], [PENTPERF] and
   [UMACPERF].

B.1.  Authentication Transforms

   Table B-1 presents the cycles/byte required by the AES-PMAC, AES-
   CBC-MAC, AES-UMAC, HMAC-MD5, and HMAC-SHA1 algorithms at various
   packet sizes, implemented in software.

   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |         |         |           |         |         |         |
   |  Data   |  AES-   | AES-CBC-  |  AES-   |  HMAC-  |  HMAC-  |
   |  Size   |  PMAC   | MAC       |  UMAC   |  MD5    |  SHA1   |
   |         |         |           |         |         |         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   64    |  31.22  |   26.02   |  19.51  |  93.66  | 109.27  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  128    |  33.82  |   28.62   |  11.06  |  57.43  |  65.04  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  192    |  34.69  |   26.02   |   8.67  |  45.09  |  48.56  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  256    |  33.82  |   27.32   |   7.15  |  41.63  |  41.63  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  320    |  33.3   |   27.06   |   6.24  |  36.42  |  37.46  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  384    |  33.82  |   26.88   |   5.42  |  34.69  |  34.69  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  448    |  33.45  |   26.76   |   5.39  |  32.71  |  31.96  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  512    |  33.82  |   26.67   |   4.88  |  31.22  |  30.57  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  576    |  33.53  |   26.59   |   4.77  |  30.64  |  29.48  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  640    |  33.3   |   26.54   |   4.42  |  29.66  |  28.62  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  768    |  33.82  |   26.88   |   4.23  |  28.18  |  27.32  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  896    |  33.45  |   27.13   |   3.9   |  27.5   |  25.64  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | 1024    |  33.5   |   26.67   |   3.82  |  26.99  |  24.71  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Top      Up      ToC       Page 62 
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |         |         |           |         |         |         |
   |  Data   |  AES-   | AES-CBC-  |  AES-   |  HMAC-  |  HMAC-  |
   |  Size   |  PMAC   | MAC       |  UMAC   |  MD5    |  SHA1   |
   |         |         |           |         |         |         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | 1152    |  33.53  |   27.17   |   3.69  |  26.3   |  23.99  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | 1280    |  33.56  |   26.8    |   3.58  |  26.28  |  23.67  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | 1408    |  33.58  |   26.96   |   3.55  |  25.54  |  23.41  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | 1500    |  33.52  |   26.86   |   3.5   |  25.09  |  22.87  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Table B-1: Cycles/byte consumed by the AES-PMAC, AES-CBC-MAC, AES-
   UMAC, HMAC-MD5, and HMAC-SHA1 authentication algorithms at various
   packet sizes.

   Source: Jesse Walker, Intel

Top      Up      ToC       Page 63 
   Table B-2 presents the cycles/second required by the AES-PMAC, AES-
   CBC-MAC, AES-UMAC, HMAC-MD5, and HMAC-SHA1 algorithms, implemented in
   software, assuming a 1500 byte packet.

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|             | Cycles/     |  Cycles/sec | Cycles/sec  |  Cycles/sec |
|  Transform  |  octet      |     @       |    @        |     @       |
|             | (software)  |  100 Mbps   |   1 Gbps    |   10 Gbps   |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|             |             |             |             |             |
| AES-UMAC    |     3.5     |  43,750,000 | 437,500,000 |  4.375  B   |
| (8 octets)  |             |             |             |             |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|             |             |             |             |             |
| HMAC-SHA1   |    22.87    | 285,875,000 |   2.8588 B  |  28.588 B   |
| (20 octets) |             |             |             |             |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|             |             |             |             |             |
| HMAC-MD5    |    25.09    | 313,625,000 |   3.1363 B  |  31.363 B   |
|             |             |             |             |             |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|             |             |             |             |             |
| AES-CBC-MAC |    26.86    | 335,750,000 |   3.358 B   |  33.575 B   |
|             |             |             |             |             |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|             |             |             |             |             |
| AES-PMAC    |    33.52    | 419,000,000 |   4.19  B   |  41.900 B   |
| (8 octets)  |             |             |             |             |
|             |             |             |             |             |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Table B-2: Software performance of the HMAC-SHA1, HMAC-MD5, AES-CBC-
   MAC and AES-PMAC authentication algorithms at 100 Mbps, 1 Gbps, and
   10 Gbps line rates (1500 byte packet).

   Source: Jesse Walker, Intel

   At speeds of 100 Mbps, AES-UMAC is implementable with only a modest
   processor, and the other algorithms are implementable, assuming that
   a single high-speed processor can be dedicated to the task.  At 1
   Gbps, only AES-UMAC is implementable on a single high-speed
   processor; multiple high speed processors (1+ Ghz) will be required
   for the other algorithms.  At 10 Gbps, only AES-UMAC is implementable
   even with multiple high speed processors; the other algorithms will
   require a prodigious number of cycles/second.  Thus at 10 Gbps,
   hardware acceleration will be required for all algorithms with the
   possible exception of AES-UMAC.

Top      Up      ToC       Page 64 
B.2.  Encryption and Authentication Transforms

   Table B-3 presents the cycles/byte required by the AES-CBC, AES-CTR
   and 3DES-CBC encryption algorithms (no MAC), implemented in software,
   for various packet sizes.

   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |               |             |             |             |
   |  Data size    |   AES-CBC   |   AES-CTR   |  3DES-CBC   |
   |               |             |             |             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |      64       |   31.22     |    26.02    |  156.09     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     128       |   31.22     |    28.62    |  150.89     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     192       |   31.22     |    27.75    |  150.89     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     256       |   28.62     |    27.32    |  150.89     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     320       |   29.14     |    28.1     |  150.89     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     384       |   28.62     |    27.75    |  148.29     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     448       |   28.99     |    27.5     |  149.4      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     512       |   28.62     |    27.32    |  148.29     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     576       |   28.33     |    27.75    |  147.72     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     640       |   28.62     |    27.06    |  147.77     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     768       |   28.18     |    27.32    |  147.42     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     896       |   28.25     |    27.5     |  147.55     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |    1024       |   27.97     |    27.32    |  148.29     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |    1152       |   28.33     |    27.46    |  147.13     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |    1280       |   28.1      |    27.58    |  146.99     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |    1408       |   27.91     |    27.43    |  147.34     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |    1500       |   27.97     |    27.53    |  147.85     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Top      Up      ToC       Page 65 
   Table B-3: Cycles/byte consumed by the AES-CBC, AES-CTR and 3DES-CBC
   encryption algorithms at various packet sizes, implemented in
   software.

   Source: Jesse Walker, Intel

   Table B-4 presents the cycles/second required by the AES-CBC, AES-CTR
   and 3DES-CBC encryption algorithms (no MAC), implemented in software,
   at 100 Mbps, 1 Gbps, and 10 Gbps line rates (assuming a 1500 byte
   packet).

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|             | Cycles/     |  Cycles/sec | Cycles/sec  |  Cycles/sec |
|   Transform |  octet      |     @       |    @        |     @       |
|             | (software)  |  100 Mbps   |   1 Gbps    |   10 Gbps   |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|             |             |             |             |             |
| AES-CBC     |   27.97     | 349,625,000 |   3.4963 B  |  34.963 B   |
|             |             |             |             |             |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|             |             |             |             |             |
| AES-CTR     |   27.53     | 344,125,000 |   3.4413 B  |  34.413 B   |
|             |             |             |             |             |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|             |             |             |             |             |
| 3DES -CBC   |  147.85     | 1.84813 B   |  18.4813 B  | 184.813 B   |
|             |             |             |             |             |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Table B-4: Software performance of the AES-CBC, AES-CTR, and 3DES
   encryption algorithms at 100 Mbps, 1 Gbps, and 10 Gbps line rates
   (1500 byte packet).

   Source: Jesse Walker, Intel

Top      Up      ToC       Page 66 
   At speeds of 100 Mbps, AES-CBC and AES-CTR mode are implementable
   with a high-speed processor, while 3DES would require multiple high
   speed processors.  At speeds of 1 Gbps, multiple high speed
   processors are required for AES-CBC and AES-CTR mode.  At speeds of
   1+ Gbps for 3DES, and 10 Gbps for all algorithms, implementation in
   software is infeasible, and hardware acceleration is required.

   Table B-5 presents the cycles/byte required for combined
   encryption/authentication algorithms: AES CBC + CBCMAC, AES CTR +
   CBCMAC, AES CTR + UMAC, and AES-OCB at various packet sizes,
   implemented in software.

   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |               |  AES      | AES     |  AES    |         |
   |  Data size    |  CBC +    | CTR +   |  CTR +  |  AES-   |
   |               |  CBCMAC   | CBCMAC  |  UMAC   |  OCB    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |      64       |  119.67   |  52.03  |  52.03  |  57.23  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     128       |   70.24   |  57.23  |  39.02  |  44.23  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     192       |   58.97   |  55.5   |  36.42  |  41.63  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     256       |   57.23   |  55.93  |  35.12  |  40.32  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     320       |   57.23   |  55.15  |  33.3   |  38.5   |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     384       |   57.23   |  55.5   |  32.95  |  37.29  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     448       |   58.72   |    55   |  32.71  |  37.17  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     512       |   58.54   |  55.28  |  32.52  |  36.42  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     576       |   57.81   |  55.5   |  31.8   |  37     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     640       |   57.75   |  55.15  |  31.74  |  36.42  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     768       |   57.67   |  55.5   |  31.65  |  35.99  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     896       |   57.61   |  55.75  |  31.22  |  35.68  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |    1024       |   57.56   |  55.61  |  31.22  |  35.45  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |    1152       |   57.52   |  55.21  |  31.22  |  35.55  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Top      Up      ToC       Page 67 
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |               |  AES      | AES     |  AES    |         |
   |  Data size    |  CBC +    | CTR +   |  CTR +  |  AES-   |
   |               |  CBCMAC   | CBCMAC  |  UMAC   |  OCB    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |    1280       |   57.75   |  55.15  |  31.22  |  36.16  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |    1408       |   57.47   |  55.34  |  30.75  |  35.24  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |    1500       |   57.72   |  55.5   |  30.86  |  35.3   |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Table B-5: Cycles/byte of combined encryption/authentication
   algorithms:  AES CBC + CBCMAC, AES CTR + CBCMAC, AES CTR + UMAC, and
   AES-OCB at various packet sizes, implemented in software.

Top      Up      ToC       Page 68 
   Table B-6 presents the cycles/second required for the AES CBC +
   CBCMAC, AES CTR + CBCMAC, AES CTR + UMAC, and AES-OCB encryption and
   authentication algorithms operating at line rates of 100 Mbps, 1 Gbps
   and 10 Gbps, assuming 1500 byte packets.

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|             | Cycles/     |  Cycles/sec | Cycles/sec  |  Cycles/sec |
|  Transform  |  octet      |      @      |    @        |     @       |
|             | (software)  |  100 Mbps   |   1 Gbps    |   10 Gbps   |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|             |             |             |             |             |
|     AES     |             |             |             |             |
|CBC + CBCMAC |   57.72     | 721,500,000 |  7.215 B    |  72.15 B    |
|             |             |             |             |             |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|             |             |             |             |             |
|     AES     |             |             |             |             |
|CTR + CBCMAC |   55.5      | 693,750,000 |  6.938 B    |  69.38 B    |
|             |             |             |             |             |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|             |             |             |             |             |
|     AES     |             |             |             |             |
| CTR + UMAC  |   30.86     | 385,750,000 |  3.858 B    |  38.58 B    |
|             |             |             |             |             |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|             |             |             |             |             |
|             |             |             |             |             |
|   AES-OCB   |   35.3      | 441,250,000 |   4.413 B   |  44.13 B    |
|             |             |             |             |             |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Table B-6: Cycles/second required for the AES CBC + CBCMAC, AES CTR +
   CBCMAC, AES CTR + UMAC, and AES-OCB encryption and authentication
   algorithms, operating at line rates of 100 Mbps, 1 Gbps and 10 Gbps,
   assuming 1500 octet packets.

   Source: Jesse Walker, Intel

   At speeds of 100 Mbps, the algorithms are implementable on a high
   speed processor.  At speeds of 1 Gbps, multiple high speed processors
   are required, and none of the algorithms are implementable in
   software at 10 Gbps line rate.

Top      Up      ToC       Page 69 
Authors' Addresses

   Bernard Aboba
   Microsoft Corporation
   One Microsoft Way
   Redmond, WA 98052

   Phone: +1 425 706 6605
   Fax:   +1 425 936 7329
   EMail: bernarda@microsoft.com

   Joshua Tseng
   McDATA Corporation
   3850 North First Street
   San Jose, CA 95134-1702

   Phone: +1 650 207 8012
   EMail: joshtseng@yahoo.com

   Jesse Walker
   Intel Corporation
   2211 NE 25th Avenue
   Hillboro, OR 97124

   Phone: +1 503 712 1849
   Fax:   +1 503 264 4843
   EMail: jesse.walker@intel.com

   Venkat Rangan
   Brocade Communications Systems Inc.
   1745 Technology Drive,
   San Jose, CA 95110

   Phone: +1 408 333 7318
   Fax: +1 408 333 7099
   EMail: vrangan@brocade.com

   Franco Travostino
   Director, Content Internetworking Lab
   Nortel Networks
   3 Federal Street
   Billerica, MA  01821

   Phone: +1 978 288 7708
   EMail: travos@nortelnetworks.com

Top      Up      ToC       Page 70 
Full Copyright Statement

   Copyright (C) The Internet Society (2004).  This document is subject
   to the rights, licenses and restrictions contained in BCP 78 and
   except as set forth therein, the authors retain all their rights.

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
   ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
   INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
   INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Intellectual Property

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at ietf-
   ipr@ietf.org.

Acknowledgement

   Funding for the RFC Editor function is currently provided by the
   Internet Society.