Google ya ba da sanarwar buɗe ƙayyadaddun bayanai da aiwatar da tunani na PSP (PSP Security Protocol), da ake amfani da shi don ɓoye zirga-zirga tsakanin cibiyoyin bayanai. Yarjejeniyar tana amfani da tsarin gine-ginen zirga-zirgar ababen hawa mai kama da IPsec ESP (Encapsulating Security Payloads) akan IP, yana ba da ɓoyewa, sarrafa amincin sirri da amincin tushe. An rubuta lambar aiwatar da PSP a cikin C kuma an rarraba ta ƙarƙashin lasisin Apache 2.0.
Siffar PSP ita ce haɓaka ƙa'idar don hanzarta ƙididdigewa da rage nauyi a kan na'ura mai sarrafawa ta tsakiya ta hanyar motsa ɓoyayyen ɓoyewa da ayyukan ɓoyewa zuwa gefen katunan cibiyar sadarwa (offload). Haɓakar kayan aikin yana buƙatar katunan cibiyar sadarwa masu jituwa na musamman na PSP. Don tsarin tare da katunan cibiyar sadarwa waɗanda basa goyan bayan PSP, ana ba da shawarar aiwatar da software na SoftPSP.
Ana amfani da ka'idar UDP azaman sufuri don canja wurin bayanai. Fakitin PSP yana farawa da mai taken IP, sannan kuma mai taken UDP, sannan kuma nasa na PSP tare da boye-boye da bayanan tantancewa. Bayan haka, an haɗa abubuwan da ke cikin fakitin TCP/UDP na asali, yana ƙarewa tare da shingen PSP na ƙarshe tare da adadin kuɗi don tabbatar da mutunci. Shugaban PSP, da kan kai da bayanan fakitin da aka rufe, koyaushe ana inganta su don tabbatar da ainihin fakitin. Ana iya ɓoye bayanan fakitin da aka ɓoye, yayin da yana yiwuwa a zaɓi yin amfani da ɓoyewa yayin barin wani ɓangare na taken TCP a sarari (yayin da ake ci gaba da sarrafa sahihanci), alal misali, don ba da damar bincika fakiti akan kayan aikin hanyar sadarwa.
PSP ba ta daura da kowace ƙayyadaddun ƙa'idar musanyar maɓalli, tana ba da zaɓuɓɓukan tsarin fakiti da yawa kuma tana goyan bayan amfani da algorithms daban-daban. Misali, ana ba da tallafi don AES-GCM algorithm don ɓoyewa da tabbatarwa (tabbatacce) da AES-GMAC don tantancewa ba tare da ɓoye ainihin bayanan ba, misali lokacin da bayanan ba su da mahimmanci, amma kuna buƙatar tabbatar da cewa basu da. An yi musu tarnaki yayin watsawa da kuma cewa shi ne daidai wanda aka aiko da shi.
Ba kamar ka'idodin VPN na yau da kullun ba, PSP yana amfani da ɓoyewa a matakin haɗin yanar gizo ɗaya, kuma ba duka tashar sadarwa ba, watau. PSP yana amfani da maɓallan ɓoye daban don haɗin UDP da TCP daban-daban. Wannan hanya ta sa ya yiwu a cimma tsananin keɓewar zirga-zirga daga aikace-aikace daban-daban da masu sarrafawa, wanda ke da mahimmanci lokacin da aikace-aikacen da sabis na masu amfani daban-daban ke gudana akan sabar iri ɗaya.
Google yana amfani da ka'idar PSP duka don kare hanyoyin sadarwar cikin gida da kuma kare zirga-zirgar abokan cinikin Google Cloud. An tsara ƙa'idar da farko don yin aiki yadda ya kamata a cikin kayan aikin matakin Google kuma yakamata ta samar da haɓaka ɓoyayyen kayan aiki a gaban miliyoyin hanyoyin haɗin yanar gizo masu aiki da kafa ɗaruruwan dubban sabbin hanyoyin haɗin gwiwa a sakan daya.
Ana goyan bayan hanyoyin aiki guda biyu: “jihar” da “marasa jiha”. A cikin yanayin "marasa jiha", ana aika maɓallan ɓoyewa zuwa katin sadarwar da ke cikin bayanin fakiti, kuma don yankewa ana fitar da su daga filin SPI (Security Parameter Index) da ke cikin fakiti ta amfani da maɓallin babban (256-bit AES, an adana shi a ciki). ƙwaƙwalwar ajiyar katin cibiyar sadarwa da maye gurbin kowane sa'o'i 24), wanda ke ba ka damar adana ƙwaƙwalwar ajiyar katin cibiyar sadarwa da rage bayanai game da yanayin haɗin da aka ɓoye da aka adana a gefen kayan aiki. A cikin yanayin "ƙaddara", maɓallan kowane haɗin suna ana adana su akan katin cibiyar sadarwa a cikin tebur na musamman, kama da yadda ake aiwatar da haɓaka kayan aiki a cikin IPsec.
PSP yana ba da haɗin kai na musamman na TLS da IPsec/VPN damar yarjejeniya. TLS ya dace da Google dangane da tsaro na haɗin kai, amma bai dace ba saboda rashin sassaucinsa don haɓaka kayan masarufi da rashin tallafin UDP. IPsec ya ba da 'yancin kai na ƙa'ida kuma yana goyan bayan haɓaka kayan masarufi da kyau, amma bai goyi bayan maɓalli na haɗin kai ga haɗin kai ba, an tsara shi don ƙananan ramuka da aka ƙirƙira, kuma yana da matsalolin haɓaka haɓaka kayan masarufi saboda adana cikakken yanayin ɓoyewa a cikin teburan da ke cikin ƙwaƙwalwar ajiya. na katin cibiyar sadarwa (misali, ana buƙatar 10 GB na ƙwaƙwalwar ajiya don sarrafa haɗin haɗin miliyan 5).
A cikin yanayin PSP, ana iya watsa bayanai game da yanayin ɓoyewa (maɓallai, maɓallai na farko, lambobi jerin, da sauransu) a cikin fakitin fakitin TX ko a cikin nau'i na mai nuni don ɗaukar ƙwaƙwalwar ajiyar tsarin, ba tare da mamaye ƙwaƙwalwar ajiyar katin cibiyar sadarwa ba. A cewar Google, a baya an kashe kusan kashi 0.7% na ikon sarrafa kwamfuta da kuma adadi mai yawa na ƙwaƙwalwar ajiya don ɓoye zirga-zirgar RPC a cikin kayan aikin kamfanin. Gabatar da PSP ta hanyar yin amfani da hanzarin kayan aiki ya sa ya yiwu a rage wannan adadi zuwa 0.2%.
source: budenet.ru