Advertisement

Design and Implementation of Novel Flexible Crypto Coprocessor and Its Application in Security Protocol

  • Shice Ni
  • Yong Dou
  • Kai Chen
  • Lin Deng
Part of the Communications in Computer and Information Science book series (CCIS, volume 396)

Abstract

Cryptography is an essential component in modern electronic commerce. Accelerating security protocols is a great challenge in general-purpose processor due to the complexity of crypto algorithms. The ultimate solution to this problem would be an adaptive processor that can provide software-like flexibility with hardware-like performance. After analyzing the characteristics of security protocols, we discover that most crypto algorithms are employed at the function level among different security protocols, and propose a novel flexible crypto coprocessor (FC Coprocessor) architecture that rely on Reconfigurable Cryptographic Blocks (RCBs) to achieve a balance between high performance and flexibility and implement a flexible architecture for security protocols on FPGA. Within the RCBs, the pipelining technique is adopted to realize parallel data and reduce the cost of the host and the coprocessor. We consider several crypto algorithms as examples to illustrate the design of RCB in the FC Coprocessor. Finally, we implement the prototype of the FC coprocessor on Xilinx XC5VLX330 FPGA chip. The experiment results show that the coprocessor, running at 189 MHz, outperforms the software-based Secure Sockets Layer protocol running on an Intel Core i3 530 CPU at 2.93 GHz by a factor of 4.8X for typical crypto algorithm blocks.

Keywords

flexible crypto coprocessor reconfigurable crypto block security protocol accelerator 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Freier, A.O., Karlton, P., Kocher, P.C.: Introduction to SSL. IETF draft (1996), https://developer.mozilla.org/zh-CN/docs/Introduction_to_SSL#The_SSL_Protocol
  2. 2.
    Kent, S., Atkinson, R.: Security Architecture for the Internet Protocol. RFC 2401 (November 1998)Google Scholar
  3. 3.
    Taylor, R.R., Goldstein, S.C.: A High-Performance Flexible Architecture for Cryptography. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, p. 231. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  4. 4.
    Antão, S., Chaves, R., Sousa, L.: AES and ECC Cryptography Processor with Runtime Configuration. In: Proceedings of ADCOM (2009)Google Scholar
  5. 5.
    Hodjat, A., Verbauwhede, I.: A 21.54 Gbits/s Fully Pipelined AES Processor on FPGA. In: Proc. FCCM 2004 (2004)Google Scholar
  6. 6.
    Mazzeo, A., Romano, L., Saggese, G.P., et al.: FPGA-based Implementation of a serial RSA processor. In: Proc. DATE 2003 (2003)Google Scholar
  7. 7.
    Michail, H.E., Athanasios, P., et al.: Top-Down Design Methodology for Ultrahigh-Performance Hashing Cores. IEEE Transactions on Dependable and Secure Computing 6(4), 255–268 (2009)CrossRefGoogle Scholar
  8. 8.
    Kakarountas, A.P., Michail, H. (eds.): High-Speed FPGA Implementation of Secure Hash Algorithm for IPSec and VPN Applications. The Journal of Supercomputing 37, 179–195 (2006)Google Scholar
  9. 9.
    Elbirt, A.J., Paar, C.: An Instruction-Level Distributed Processor for Symmetric-Key Cryptography. IEEE Transactions on Parallel and Distributed Systems 16(5) (2005)Google Scholar
  10. 10.
    Mosanya, E., Teuscher, C., Restrepo, H.F., Galley, P., Sánchez, E.: CryptoBooster: A Reconfigurable and Modular Cryptographic Coprocessor. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 246–256. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  11. 11.
    Prasanna, V.K., Dandalis, A.: FPGA-based Cryptography for Internet Security. In: Online Symposium for Electronic Engineers (2000)Google Scholar
  12. 12.
    Li, M., Ji, X., Liu, B.: Analysing and Researching Montgomery Algorithm. Science Technology and Engineering 6, 1628–1631 (2006)Google Scholar
  13. 13.
    Rivest, R.L.: The MD5 Message-Digest Algorithm. RFC 1321, MIT Laboratory for Computer Science and RSA Data Security, Inc. (April 1992)Google Scholar
  14. 14.
    Rivest, R., Shamir, A., Adleman, L.: A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM 21, 120–126 (1978)MathSciNetCrossRefzbMATHGoogle Scholar
  15. 15.
    NIST Federal Information Processing Standards Publication, FIPS PUB 180-2 (2002)Google Scholar
  16. 16.
    National Institute of Standards and Technology. Advanced Encryption Standard (AES). Federal Information Processing Standards Publications – FIPS 197 (2001)Google Scholar
  17. 17.
    FIPS PUB 46-3, Data Encryption Standard (DES), Reaffirmed (1977)Google Scholar
  18. 18.
    Rivest, R.L.: The RC5 Encryption Algorithm. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 86–96. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  19. 19.
    OProfile. OProfile Website (2012), http://oprofile.sourceforge.net/news/
  20. 20.
    Bouhraous, A.: Design feasibility study for a 500Gbits/s advanced encryption standard cipher/decipher engine. IET Computers & Digital Techniques 4(4), 334–348 (2010)CrossRefGoogle Scholar
  21. 21.
    de Dormale, G.M., et al.: On Solving RC5 Challenges with FPGAs. In: Proceedings of FCCM (2007)Google Scholar
  22. 22.
    Michail, H.E., et al.: On the Exploitation of a High-Throughput SHA-256 FPGA Design for HMACACM. Transactions on Reconfigurable Technology and Systems 5(1) (2012)Google Scholar
  23. 23.
    Wang, Y., Zhao, Q., Jiang, L., Shao, Y.: Ultra-High Throughput Implementations for MD5 Hash Algorithm on FPGA. In: Zhang, W., Chen, Z., Douglas, C.C., Tong, W. (eds.) HPCA 2009. LNCS, vol. 5938, pp. 433–441. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  24. 24.
    Paar, T.B.C.: High-Radix Montgomery Modular Exponentiation on Reconfigurable Hardware. IEEE Transaction on Computer 50(7) (2001)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Shice Ni
    • 1
  • Yong Dou
    • 1
  • Kai Chen
    • 1
  • Lin Deng
    • 1
  1. 1.National Laboratory for Parallel and Distribution ProcessingNational University of Defense TechnologyChangshaP.R. China

Personalised recommendations