25-04-2014, 04:00 PM
A Parallel Architecture for Secure FPGA Symmetric Encryption
ABSTRACT
Cryptographic algorithms are at the heart of secure systems worldwide, providing encryption for millions of sensitive financial, government, and private transactions daily. Reconfigurable computing platforms like FPGAs provide a relatively low-cost, high-performance method of implementing cryptographic primitives. Several standard algorithms are used: the Data Encryption Standard (DES), its cipher block chained counterpart (3DES), and the Advanced Encryption Standard (AES). Conventional high-performance
architectures utilize loop-unrolled approaches where internal hardware functions are duplicated. We propose a parallel architecture in which internal hardware functionality is not duplicated but reused. This creates a reasonably compact single block, which is ideal for duplication. This allows multiple users to share the same hardware, as spatial isolation is achieved by the physical separation of individual encryption blocks. Also, this allows for a greater degree of scalability, and
system throughput becomes limited only by available physical resources and available I/O resources. We conclude that this parallel encryption architecture allows for comparable performance compared to conventional pipelined architectures with greater flexibility and hardware efficiency. We show that a pipelined encryption system cannot be used in a physically secure environment as it does not protect the keys adequately. Temporal isolation of the key is achieved using the parallel architecture. Indirect key storage is accomplished using principles of controlled physical random functions, which make all key values fully transient and never hardware-resident. Thus the parallel architecture achieves a high level of physical and design security within the FPGA, protecting the key from both invasive and non-invasive physical attacks.
ABSTRACT
Cryptographic algorithms are at the heart of secure systems worldwide, providing encryption for millions of sensitive financial, government, and private transactions daily. Reconfigurable computing platforms like FPGAs provide a relatively low-cost, high-performance method of implementing cryptographic primitives. Several standard algorithms are used: the Data Encryption Standard (DES), its cipher block chained counterpart (3DES), and the Advanced Encryption Standard (AES). Conventional high-performance
architectures utilize loop-unrolled approaches where internal hardware functions are duplicated. We propose a parallel architecture in which internal hardware functionality is not duplicated but reused. This creates a reasonably compact single block, which is ideal for duplication. This allows multiple users to share the same hardware, as spatial isolation is achieved by the physical separation of individual encryption blocks. Also, this allows for a greater degree of scalability, and
system throughput becomes limited only by available physical resources and available I/O resources. We conclude that this parallel encryption architecture allows for comparable performance compared to conventional pipelined architectures with greater flexibility and hardware efficiency. We show that a pipelined encryption system cannot be used in a physically secure environment as it does not protect the keys adequately. Temporal isolation of the key is achieved using the parallel architecture. Indirect key storage is accomplished using principles of controlled physical random functions, which make all key values fully transient and never hardware-resident. Thus the parallel architecture achieves a high level of physical and design security within the FPGA, protecting the key from both invasive and non-invasive physical attacks.