Seminar Topics & Project Ideas On Computer Science Electronics Electrical Mechanical Engineering Civil MBA Medicine Nursing Science Physics Mathematics Chemistry ppt pdf doc presentation downloads and Abstract

Design and Verication of an SHA Processor

[attachment=64649]

Abstract

The movement towards IPv6 from IPv4 has resulted in a total paradigm shift as far
as the Internet is concerned. The focus has shifted from merely providing a certain
service to providing a highly secure service. However, the underlying communication
protocol of IPv6, also known as NDP, was also found to contain certain security
loopholes. This prompted the release of a technique that was a lot more secure and
robust, namely, SEND.
In SEND, the focus lies on the usage of CGAs for the ecient and safe exchange of
the messages that form the backbone of IPv6. This thesis is an endeavor to study, analyze
and implement a scheme that would seamlessly generate these CGAs for IPv6.
After thorough research on the existing Cryptographic Hash Algorithms, the Secure
Hash family of algorithms was selected as the algorithm to be implemented. SHA-2,
a subset of this family of algorithms was focussed upon for this research.
In the course of this thesis, an ecient and robust Hardware description has been developed
that successfully implements SHA256, SHA384 and SHA512 on both FPGA
and ASIC. This design has been duly tested and veried with the existing software
implementations at hand and found to be compliant with the same.

Introduction

The past decade has seen a boom in Internet usage. With the advent of smartphones
and other hand-held devices the situation has been made further more complicated.
Currently, on an average, a large proportion of the population with access to the
internet owns at least one computer and maybe another hand-held device. Every
additional device that is manufactured needs to have its own IP address. This has
led to a situation in which the address space of the currently in use IPv4 protocol is
fast getting exhausted.
IPv4, with its 32-bit address space, is fast proving to be insucient for the growing
demands of consumers. The IETF has hence commenced the deployment of IPv6, a
more ecient and reliable alternative to IPv4. With its 128-bit address space, the
problem faced due to the limitations of IPv4 vis-a-vis the number of available IP
addresses seems highly unlikely [10].

Goal

The basic goal of this thesis is the successful implementation of a hardware module
that accepts an input of an arbitrary result and produces a relevant message digest.
A design of such a module is desired, that can easily be integrated in any IPv6
architecture that requires the use of CGAs. The SHA processor should also be easily
customizable, that is, support the generation of message digests of various sizes based
on the algorithm desired by the user. Furthermore, it should be easily implementable
at both FPGA and standard cell stages.

Background

This chapter aims to provide a basic theoretical background to the work carried
out in this thesis. It explains in detail protocols such as NDP and SEND. With
the help of this chapter, an eort is made to shed light on CGA and their utility
in the SEND protocol. Further, the properties of a Cryptographic Hash Algorithm
are explained in some detail. A comparative study is carried out on all the major
types of Secure Hash Algorithms with a special focus on the specic algorithms that
have been implemented in this project. The mathematical steps involved in these
protocols have also been explained in sucient detail. The section on Secure Hash
Algorithms is rounded o with some uses and existing implementations of various
dierent versions of the algorithm.
Finally, this chapter provides some information about FPGA chips and the
particular FPGA chip on which the implementation has been carried out. Apart
from that, some information about the 65nm standard cell CMOS library is also
provided.

Neighbor Discovery Protocol

The Neighbor Discovery Protocol is a protocol that is used in IPv6 and operates in
the Link Layer of the Internet model. A host using IPv6 takes the help of the NDP
to congure itself automatically when connected to a routed IPv6 network via the
ICMPv6 router discovery messages. ICMPv6 is a modication to the existing ICMP
which is used for IPv4. It is used by IPv6 nodes to report errors that occur when
packets are being processed [19].
IPv6 nodes use the NDP for the determination of the link-layer addresses of
its neighbors and also to clear out their caches when the values in them become
invalid. The protocol is also used by the nodes to actively keep track of their
neighbors and the changes, if any, in the link-layer addresses of these neighbors.

Secure Neighbor Discovery

In the previous section, a brief overview of the NDP has been provided. It has been
explained how nodes on the same link, with the help of NDP, discover the presence
of routers and other nodes and maintain a record of the reachability of each active
link. NDP, in itself, is vulnerable to various attacks because it does not elaborate how
IPSec AH has to be used to secure the communication.

Cryptographic Hash Algorithms

A Cryptographic Hash Algorithm, also referred to as Cryptographic Hash function is
an algorithm that accepts a block of data of arbitrary length, performs some mathematical
operations on it and returns a value of xed length. The input data is often
referred to as the message and the hash value generated as the digest or message digest.
Any change in the input message results in the generation of a new and unique
digest [21].