Abstract
The confidentiality and integrity of a stream has become one of the biggest issues in telecommunication. The best available algorithm handling the confidentiality of a data stream is the symmetric key block cipher combined with a chaining mode of operation such as cipher block chaining (CBC) or counter mode (CTR). This scheme is difficult to accelerate using hardware when multiple streams coexist. This is caused by the computation time requirement and mainly by management of the streams. In most accelerators, computation is treated at the block-level rather than as a stream, making the management of multiple streams complex.
This article presents a solution combining CBC and CTR modes of operation with a hardware context switching. The hardware context switching allows the accelerator to treat the data as a stream. Each stream can have different parameters: key, initialization value, state of counter. Stream switching was managed by the hardware context switching mechanism. A high-level synthesis tool was used to generate the context switching circuit. The scheme was tested on three cryptographic algorithms: AES, DES, and BC3. The hardware context switching allowed the software to manage multiple streams easily, efficiently, and rapidly. The software was freed of the task of managing the stream state. Compared to the original algorithm, about 18%–38% additional logic elements were required to implement the CBC or CTR mode and the additional circuits to support context switching. Using this method, the performance overhead when treating multiple streams was low, and the performance was comparable to that of existing hardware accelerators not supporting multiple streams.
- Altera. 2006. White Paper: FPGA Architecture. Technical Report WP-01003-1.0. Altera.Google Scholar
- American Bankers Association et al. 1985. American National Standard for Financial Institution Key Management (Wholesale).Google Scholar
- Armando Astarloa, Purificacion Saiz, Jesus Lazaro, Eduardo Jacob, and Unai Bidarte. 2006. Multi-architectural 128 bit AES-CBC core based on open-source hardware AES implementations for secure industrial communications. In Proceedings of the International Conference on Communication Technology. IEEE, 1–5.Google Scholar
Cross Ref
- Christopher Babecki, Wenchao Qian, Somnath Paul, Robert Karam, and Swarup Bhunia. 2015. An embedded memory-centric reconfigurable hardware accelerator for security applications. IEEE Trans. Comput. 65, 10 (2015), 3196–3202. Google Scholar
Digital Library
- Alban Bourge, Olivier Muller, and Frédéric Rousseau. 2016. Generating efficient context-switch capable circuits through autonomous design flow. ACM Trans. Reconfigur. Technol. Syst. 10, 1 (2016), 1–23. Google Scholar
Digital Library
- Charles C. Castello, Jeffrey Fan, Te-Shun Chou, and Hong-Ming Kuo. 2008. Integration and implementation of secured IP based surveillance networks. In Proceedings of the IEEE Asia-Pacific Services Computing Conference. IEEE, 117–122. Google Scholar
Digital Library
- ISO/IEC JTC 1/SC 27 Committee. 2011. ISO/IEC 9797:2011, information technology—security techniques—message authentication codes (MACs), November 2001. Retrieved from https://www.iso.org/standard/50375.html.Google Scholar
- Karima Dichou, Victor Tourtchine, and Faycal Rahmoune. 2015. Finding the best FPGA implementation of the DES algorithm to secure smart cards. In Proceedings of the 4th International Conference on Electrical Engineering (ICEE’15). IEEE, 1–4.Google Scholar
Cross Ref
- Morris Dworkin. 2001. Recommendation for block cipher modes of operation. methods and techniques. Technical Report. National Institute of Standards and Technology, Gaithersburg, MD, Computer Security Division. Google Scholar
- PUB FIPS. 2009. 197, Advanced Encryption Standard (AES), National Institute of Standards and Technology, U.S. Department of Commerce, November 2001. Retrieved from http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf.Google Scholar
- Xinming Huang and Wei Wang. 2015. A novel and efficient design for an RSA cryptosystem with a very large key size. IEEE Trans. Circ. Syst. II: Express Briefs 62, 10 (2015), 972–976.Google Scholar
Cross Ref
- Yi-Li Huang, Fang-Yie Leu, Jung-Chun Liu, Jing-Hao Yang, Chih-Wei Yu, Cheng-Chung Chu, and Chao-Tung Yang. 2013. Building a block cipher mode of operation with feedback keys. In Proceedings of the IEEE International Symposium on Industrial Electronics. IEEE, 1–4.Google Scholar
Cross Ref
- Hans Christoph Hudde. 2009. Building stream ciphers from block ciphers and their security. Seminararbeit Ruhr-Universität Bochum (2009).Google Scholar
- Kimmo Jarvinen and Jorma Skytta. 2008. On parallelization of high-speed processors for elliptic curve cryptography. IEEE Trans. Very Large Scale Integr. Syst. 16, 9 (2008), 1162–1175. Google Scholar
Digital Library
- Krzysztof Jozwik, Hiroyuki Tomiyama, Masato Edahiro, Shinya Honda, and Hiroaki Takada. 2012. Comparison of preemption schemes for partially reconfigurable FPGAs. IEEE Embed. Syst. Lett. 4, 2 (2012), 45–48. Google Scholar
Digital Library
- Robert R. Jueneman. 1983. Analysis of certain aspects of output feedback mode. In Advances in Cryptology. Springer, Berlin, 99–127.Google Scholar
- Dirk Koch, Christian Haubelt, and Jürgen Teich. 2007. Efficient hardware checkpointing: Concepts, overhead analysis, and implementation. In Proceedings of the ACM/SIGDA 15th International Symposium on Field Programmable Gate Arrays. 188–196. Google Scholar
Digital Library
- M. Kocheta, N. Sujatha, K. Sivakanya, R. Srikanth, Sridhar Shetty, and P. V. Ananda Mohan. 2013. A review of some recent stream ciphers. In Proceedings of the International conference on Circuits, Controls and Communications (CCUBE’13). IEEE, 1–6.Google Scholar
- Ma’Muri, Yusuf Kurniawan, and Sarwono Sutikno. 2017. Implementation of BC3 encryption algorithm on FPGA Zynq-7000. In Proceedings of the International Symposium on Electronics and Smart Devices (ISESD’17). IEEE, 329–334.Google Scholar
- Sanu Mathew, Farhana Sheikh, Amit Agarwal, Mike Kounavis, Steven Hsu, Himanshu Kaul, Mark Anders, and Ram Krishnamurthy. 2010. 53Gbps native GF () composite-field AES-encrypt/decrypt accelerator for content-protection in 45nm high-performance microprocessors. In Proceedings of the Symposium on VLSI Circuits. IEEE, 169–170.Google Scholar
- Kerry McKay, Lawrence Bassham, Meltem Sönmez Turan, and Nicky Mouha. 2016. Report on lightweight cryptography. Technical Report. National Institute of Standards and Technology.Google Scholar
- Christof Paar, Peter Fleischmann, and Pedro Soria-Rodriguez. 1999. Fast arithmetic for public-key algorithms in Galois fields with composite exponents. IEEE Trans. Comput. 48, 10 (1999), 1025–1034. Google Scholar
Digital Library
- Wuqiong Pan, Fangyu Zheng, Yuan Zhao, Wen-Tao Zhu, and Jiwu Jing. 2016. An efficient elliptic curve cryptography signature server with GPU acceleration. IEEE Trans. Info. Forensics Secur. 12, 1 (2016), 111–122. Google Scholar
Digital Library
- Simon Pontie, Alban Bourge, Adrien Prost-Boucle, Paolo Maistri, Olivier Muller, Régis Leveugle, and Frédéric Rousseau. 2016. HLS-based methodology for fast iterative development applied to Elliptic Curve arithmetic. In Proceedings of the Euromicro Conference on Digital System Design (DSD’16). IEEE, 511–518.Google Scholar
Cross Ref
- Adrien Prost-Boucle, Olivier Muller, and Frédéric Rousseau. 2014. Fast and standalone design space exploration for high-level synthesis under resource constraints. J. Syst. Architect. 60, 1 (2014), 79–93. Google Scholar
Digital Library
- Septafiansyah Dwi Putra, Mario Yudhiprawira, Sarwono Sutikno, Yusuf Kurniawan, and Adang Suwandi Ahmad. 2019. Power analysis attack against encryption devices: a comprehensive analysis of AES, DES, and BC3. Telkomnika 17, 3 (2019), 1282–1289.Google Scholar
Cross Ref
- Phillip Rogaway. 2002. Authenticated-encryption with associated-data. In Proceedings of the 9th ACM Conference on Computer and Communications Security. 98–107. Google Scholar
Digital Library
- Vasco Santos, Joao Paulo Barraca, and Diogo Gomes. 2017. Secure decentralized IoT infrastructure. In Proceedings of the Wireless Days. IEEE, 173–175.Google Scholar
Cross Ref
- Arif Sasongko, Hidayat Hidayat, Yusuf Kurniawan, and Sarwono Sutikno. 2011. Architecture for the secret-key BC3 cryptography algorithm. J. ICT Res. Appl. 5, 2 (2011), 125–140.Google Scholar
- Zafar Shahid, Marc Chaumont, and William Puech. 2011. Fast protection of H. 264/AVC by selective encryption of CAVLC and CABAC for I and P frames. IEEE Trans. Circ. Syst. Video Technol. 21, 5 (2011), 565–576. Google Scholar
Digital Library
- Weiwei Shan, Longxing Shi, Xingyuan Fu, Xiao Zhang, Chaoxuan Tian, Zhipeng Xu, Jun Yang, and Jie Li. 2014. A side-channel analysis resistant reconfigurable cryptographic coprocessor supporting multiple block cipher algorithms. In Proceedings of the 51st Annual Design Automation Conference. 1–6. Google Scholar
Digital Library
- Chang Shu, Kris Gaj, and Tarek El-Ghazawi. 2005. Low latency elliptic curve cryptography accelerators for NIST curves over binary fields. In Proceedings of the IEEE International Conference on Field-Programmable Technology. IEEE, 309–310.Google Scholar
- Leonel Sousa, Samuel Antao, and Paulo Martins. 2016. Combining residue arithmetic to design efficient cryptographic circuits and systems. IEEE Circ. Syst. Mag. 16, 4 (2016), 6–32.Google Scholar
Cross Ref
- M. Vaidehi and B. Justus Rabi. 2014. Design and analysis of AES-CBC mode for high security applications. In Second Proceedings of the International Conference on Current Trends In Engineering and Technology (ICCTET’14). IEEE, 499–502.Google Scholar
- Hoang-Gia Vu, Takashi Nakada, and Yasuhiko Nakashima. 2018. Efficient multitasking on fpga using hdl-based checkpointing. In Proceedings of the International Symposium on Applied Reconfigurable Computing. Springer, 590–602.Google Scholar
Cross Ref
- Chin Mun Wee, Peter R. Sutton, and Neil W. Bergmann. 2005. An FPGA network architecture for accelerating 3DES-CBC. In Proceedings of the International Conference on Field Programmable Logic and Applications. IEEE, 654–657.Google Scholar
- Timothy Wheeler, Paul Graham, Brent Nelson, and Brad Hutchings. 2001. Using design-level scan to improve FPGA design observability and controllability for functional verification. In Proceedings of the International Conference on Field Programmable Logic and Applications. Springer, 483–492. Google Scholar
Digital Library
- Arief Wicaksana, Alban Bourge, Olivier Muller, Arif Sasongko, and Frédéric Rousseau. 2017. Prototyping dynamic task migration on heterogeneous reconfigurable systems. In Proceedings of the International Symposium on Rapid System Prototyping (RSP’17). IEEE, 16–22. Google Scholar
Digital Library
- Dawen Xu, Rangding Wang, and Yun Q. Shi. 2014. Data hiding in encrypted H. 264/AVC video streams by codeword substitution. IEEE Trans. Info. Forensics Secur. 9, 4 (2014), 596–606. Google Scholar
Digital Library
- Ching-Chao Yang, Tian-Sheuan Chang, and Chien-Wei Jen. 1998. A new RSA cryptosystem hardware design based on Montgomery’s algorithm. IEEE Trans. Circ. Syst. II: Analog Digital Signal Process. 45, 7 (1998), 908–913.Google Scholar
Cross Ref
Index Terms
Hardware Context Switch-based Cryptographic Accelerator for Handling Multiple Streams
Recommendations
Automatic High-Level Hardware Checkpoint Selection for Reconfigurable Systems
FCCM '15: Proceedings of the 2015 IEEE 23rd Annual International Symposium on Field-Programmable Custom Computing MachinesModern FPGAs provide great computational power and flexibility but there is still room for improving their performances. For example multi-user approaches are particularly underdeveloped as they require specific mechanisms still to be automated. Sharing ...
FPGA-based hardware accelerator for high-performance data-stream processing
An approach to solving high-performance data-stream processing is proposed based on hardware solutions that use a field-programmable gate array. The described HDG hardware solution was successfully applied to video data streams. The computation capacity ...
A hardware-efficient computing engine for FPGA-based deep convolutional neural network accelerator
AbstractDeep convolutional neural networks (DCNNs) have recently emerged as a promising approach for computer vision tasks with many new DCNN architectures proposed to further improve their performance. However, the significant computation ...






Comments