Google yalengeza kutsegulidwa kwazomwe zafotokozedwera komanso kukhazikitsidwa kwa PSP (PSP Security Protocol), yomwe imagwiritsidwa ntchito kubisa magalimoto pakati pa malo opangira data. Protocol imagwiritsa ntchito mapangidwe ophatikizira magalimoto ofanana ndi IPsec ESP (Encapsulating Security Payloads) pa IP, kupereka kubisa, kuwongolera kukhulupirika kwachinsinsi komanso kutsimikizika kwa magwero. Khodi yokhazikitsa PSP idalembedwa mu C ndikugawidwa pansi pa layisensi ya Apache 2.0.
Mbali ya PSP ndikukhathamiritsa kwa protocol kuti ifulumizitse kuwerengera ndikuchepetsa katundu pa purosesa yapakati posuntha ma encryption ndi decryption ku mbali ya makhadi a netiweki (kutsitsa). Kuthamanga kwa Hardware kumafuna makadi apadera a PSP-compatible network. Kwa machitidwe omwe ali ndi makhadi a netiweki omwe sagwirizana ndi PSP, kukhazikitsa pulogalamu ya SoftPSP kumaperekedwa.
Protocol ya UDP imagwiritsidwa ntchito ngati chotengera kusamutsa deta. Phukusi la PSP limayamba ndi mutu wa IP, wotsatiridwa ndi mutu wa UDP, kenako mutu wake wa PSP wokhala ndi chidziwitso chachinsinsi komanso chotsimikizika. Kenako, zomwe zili mu paketi yoyambirira ya TCP/UDP zimawonjezeredwa, kutha ndi chipika chomaliza cha PSP chokhala ndi cheki kuti chitsimikizire kukhulupirika. Mutu wa PSP, komanso mutu ndi deta ya paketi yotsekedwa, nthawi zonse zimatsimikiziridwa kuti zitsimikizire kuti paketi ndi ndani. Deta ya paketi yotsekedwa ikhoza kusungidwa, pamene n'zotheka kugwiritsa ntchito kubisala mwachisawawa pamene mukusiya mbali ya mutu wa TCP momveka bwino (posunga kulamulira kowona), mwachitsanzo, kuti athe kuyendera mapaketi pazida zoyendera maukonde.
PSP sichimangirizidwa ku protocol iliyonse yosinthira makiyi, imapereka zosankha zingapo zamapaketi ndipo imathandizira kugwiritsa ntchito ma algorithms osiyanasiyana a cryptographic. Mwachitsanzo, thandizo limaperekedwa kwa AES-GCM aligorivimu ya encryption and authentication (kutsimikizika) ndi AES-GMAC kuti itsimikizidwe popanda kubisa deta yeniyeni, mwachitsanzo pamene deta siili yofunikira, koma muyenera kuonetsetsa kuti sinakhalepo. Zasokonezedwa pakupatsirana komanso kuti ndi zolondola zomwe zidatumizidwa poyambirira.
Mosiyana ndi ma protocol wamba a VPN, PSP imagwiritsa ntchito kubisa pamlingo wa kulumikizana kwa maukonde, osati njira yonse yolumikizirana, i.e. PSP imagwiritsa ntchito makiyi obisala osiyana pamalumikizidwe osiyanasiyana a UDP ndi TCP. Njirayi imapangitsa kuti pakhale kukhazikika kwapadera kwa magalimoto kuchokera ku mapulogalamu osiyanasiyana ndi mapurosesa, zomwe ndizofunikira pamene ntchito ndi ntchito za ogwiritsa ntchito osiyanasiyana zikuyenda pa seva yomweyo.
Google imagwiritsa ntchito protocol ya PSP kuteteza kulumikizana kwake mkati komanso kuteteza kuchuluka kwa makasitomala a Google Cloud. Ndondomekoyi idapangidwa kuti igwire bwino ntchito pazida za Google ndipo ikuyenera kufulumizitsa kubisa kwa hardware pamaso pa mamiliyoni ambiri olumikizira maukonde ndikukhazikitsa mazana masauzande olumikizira atsopano pamphindikati.
Mitundu iwiri yogwiritsira ntchito imathandizidwa: "stateful" ndi "stateless". Mu "stateless" mode, makiyi obisa amatumizidwa ku netiweki khadi muzofotokozera paketi, ndipo kuti asungidwe amachotsedwa kumunda wa SPI (Security Parameter Index) womwe ukupezeka mu paketi pogwiritsa ntchito kiyi ya master (256-bit AES, yosungidwa mkati. kukumbukira khadi maukonde ndi m'malo maola 24 aliwonse), amene amalola kusunga maukonde khadi kukumbukira ndi kuchepetsa zambiri zokhudza boma kugwirizana encrypted kusungidwa pa zida mbali. Mu "stateful" mode, makiyi a kulumikizana kulikonse amasungidwa pa netiweki khadi patebulo lapadera, mofanana ndi momwe hardware acceleration imagwiritsidwira ntchito mu IPsec.
PSP imapereka kuphatikiza kwapadera kwa ma protocol a TLS ndi IPsec/VPN. TLS inayenerera Google pokhudzana ndi chitetezo cholumikizira, koma sichinali choyenera chifukwa chosowa kusinthasintha kwa hardware mathamangitsidwe ndi kusowa kwa UDP thandizo. IPsec anapereka protocol ufulu ndi kuthandiza hardware mathamangitsidwe bwino, koma sanali kugwirizana kiyi kumanga kugwirizana munthu, linapangidwa kwa ochepa tunnel analengedwa, ndipo anali ndi mavuto makulitsidwe hardware mathamangitsidwe chifukwa kusunga zonse kubisa boma matebulo ili mu kukumbukira. ya khadi la maukonde (mwachitsanzo, 10 GB kukumbukira chofunika kusamalira 5 miliyoni malumikizidwe).
Pankhani ya PSP, zambiri za momwe kusungidwira (makiyi, ma vectors oyambira, manambala otsatizana, ndi zina zambiri) zitha kufalitsidwa mu chofotokozera cha paketi ya TX kapena ngati cholozera kuti musunge kukumbukira kwamakina, osagwiritsa ntchito kukumbukira khadi. Malinga ndi Google, pafupifupi 0.7% ya mphamvu zamakompyuta komanso kukumbukira zambiri zidagwiritsidwa ntchito kale pakubisa kuchuluka kwa magalimoto a RPC pamapangidwe akampani. Kukhazikitsidwa kwa PSP pogwiritsa ntchito mathamangitsidwe a hardware kunapangitsa kuti chiwerengerochi chikhale 0.2%.
Source: opennet.ru