MultiSec: A Multi-Protocol Security Forwarding Mechanism Based on Programmable Data Plane

With the development of network technology, various network protocols different from TCP/IP have emerged. The heterogeneous integrated network has been proposed to realize the interconnection between heterogeneous networks running different protocols. However, current protocol conversion mechanisms often can only handle a few pre-defined protocols and do not support the flexible expansion of new protocols, which cannot meet the needs of the efficient convergence of different heterogeneous networks. Addirionally, due to the lack of security mechanisms, data in the core network is confronted with the risk of stealing and tampering. Our aim is to provide a protocol-extensible protocol conversion and secure transmission integration mechanism, MultiSec, for heterogeneous converged networks. First, based on the programmable data plane, the parser is reconfigured to realize multi-protocol parsing. Furthermore, the encryption mechanism implemented in the P4 extern is proposed and unified to the data plane together with the protocol conversion mechanism. Finally, the MultiSec prototype is implemented on a programmable software switch and accelerated by a dedicated encryption card. Experiments show that MultiSec successfully realizes multi-protocol conversion and data encryption, and the system performance is significantly improved with the help of an encryption card.