skip to main content
research-article

Hardware Context Switch-based Cryptographic Accelerator for Handling Multiple Streams

Published:12 August 2021Publication History
Skip Abstract Section

Abstract

The confidentiality and integrity of a stream has become one of the biggest issues in telecommunication. The best available algorithm handling the confidentiality of a data stream is the symmetric key block cipher combined with a chaining mode of operation such as cipher block chaining (CBC) or counter mode (CTR). This scheme is difficult to accelerate using hardware when multiple streams coexist. This is caused by the computation time requirement and mainly by management of the streams. In most accelerators, computation is treated at the block-level rather than as a stream, making the management of multiple streams complex.

This article presents a solution combining CBC and CTR modes of operation with a hardware context switching. The hardware context switching allows the accelerator to treat the data as a stream. Each stream can have different parameters: key, initialization value, state of counter. Stream switching was managed by the hardware context switching mechanism. A high-level synthesis tool was used to generate the context switching circuit. The scheme was tested on three cryptographic algorithms: AES, DES, and BC3. The hardware context switching allowed the software to manage multiple streams easily, efficiently, and rapidly. The software was freed of the task of managing the stream state. Compared to the original algorithm, about 18%–38% additional logic elements were required to implement the CBC or CTR mode and the additional circuits to support context switching. Using this method, the performance overhead when treating multiple streams was low, and the performance was comparable to that of existing hardware accelerators not supporting multiple streams.

References

  1. Altera. 2006. White Paper: FPGA Architecture. Technical Report WP-01003-1.0. Altera.Google ScholarGoogle Scholar
  2. American Bankers Association et al. 1985. American National Standard for Financial Institution Key Management (Wholesale).Google ScholarGoogle Scholar
  3. Armando Astarloa, Purificacion Saiz, Jesus Lazaro, Eduardo Jacob, and Unai Bidarte. 2006. Multi-architectural 128 bit AES-CBC core based on open-source hardware AES implementations for secure industrial communications. In Proceedings of the International Conference on Communication Technology. IEEE, 1–5.Google ScholarGoogle ScholarCross RefCross Ref
  4. Christopher Babecki, Wenchao Qian, Somnath Paul, Robert Karam, and Swarup Bhunia. 2015. An embedded memory-centric reconfigurable hardware accelerator for security applications. IEEE Trans. Comput. 65, 10 (2015), 3196–3202. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Alban Bourge, Olivier Muller, and Frédéric Rousseau. 2016. Generating efficient context-switch capable circuits through autonomous design flow. ACM Trans. Reconfigur. Technol. Syst. 10, 1 (2016), 1–23. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Charles C. Castello, Jeffrey Fan, Te-Shun Chou, and Hong-Ming Kuo. 2008. Integration and implementation of secured IP based surveillance networks. In Proceedings of the IEEE Asia-Pacific Services Computing Conference. IEEE, 117–122. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. ISO/IEC JTC 1/SC 27 Committee. 2011. ISO/IEC 9797:2011, information technology—security techniques—message authentication codes (MACs), November 2001. Retrieved from https://www.iso.org/standard/50375.html.Google ScholarGoogle Scholar
  8. Karima Dichou, Victor Tourtchine, and Faycal Rahmoune. 2015. Finding the best FPGA implementation of the DES algorithm to secure smart cards. In Proceedings of the 4th International Conference on Electrical Engineering (ICEE’15). IEEE, 1–4.Google ScholarGoogle ScholarCross RefCross Ref
  9. Morris Dworkin. 2001. Recommendation for block cipher modes of operation. methods and techniques. Technical Report. National Institute of Standards and Technology, Gaithersburg, MD, Computer Security Division. Google ScholarGoogle Scholar
  10. PUB FIPS. 2009. 197, Advanced Encryption Standard (AES), National Institute of Standards and Technology, U.S. Department of Commerce, November 2001. Retrieved from http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf.Google ScholarGoogle Scholar
  11. Xinming Huang and Wei Wang. 2015. A novel and efficient design for an RSA cryptosystem with a very large key size. IEEE Trans. Circ. Syst. II: Express Briefs 62, 10 (2015), 972–976.Google ScholarGoogle ScholarCross RefCross Ref
  12. Yi-Li Huang, Fang-Yie Leu, Jung-Chun Liu, Jing-Hao Yang, Chih-Wei Yu, Cheng-Chung Chu, and Chao-Tung Yang. 2013. Building a block cipher mode of operation with feedback keys. In Proceedings of the IEEE International Symposium on Industrial Electronics. IEEE, 1–4.Google ScholarGoogle ScholarCross RefCross Ref
  13. Hans Christoph Hudde. 2009. Building stream ciphers from block ciphers and their security. Seminararbeit Ruhr-Universität Bochum (2009).Google ScholarGoogle Scholar
  14. Kimmo Jarvinen and Jorma Skytta. 2008. On parallelization of high-speed processors for elliptic curve cryptography. IEEE Trans. Very Large Scale Integr. Syst. 16, 9 (2008), 1162–1175. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Krzysztof Jozwik, Hiroyuki Tomiyama, Masato Edahiro, Shinya Honda, and Hiroaki Takada. 2012. Comparison of preemption schemes for partially reconfigurable FPGAs. IEEE Embed. Syst. Lett. 4, 2 (2012), 45–48. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Robert R. Jueneman. 1983. Analysis of certain aspects of output feedback mode. In Advances in Cryptology. Springer, Berlin, 99–127.Google ScholarGoogle Scholar
  17. Dirk Koch, Christian Haubelt, and Jürgen Teich. 2007. Efficient hardware checkpointing: Concepts, overhead analysis, and implementation. In Proceedings of the ACM/SIGDA 15th International Symposium on Field Programmable Gate Arrays. 188–196. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. M. Kocheta, N. Sujatha, K. Sivakanya, R. Srikanth, Sridhar Shetty, and P. V. Ananda Mohan. 2013. A review of some recent stream ciphers. In Proceedings of the International conference on Circuits, Controls and Communications (CCUBE’13). IEEE, 1–6.Google ScholarGoogle Scholar
  19. Ma’Muri, Yusuf Kurniawan, and Sarwono Sutikno. 2017. Implementation of BC3 encryption algorithm on FPGA Zynq-7000. In Proceedings of the International Symposium on Electronics and Smart Devices (ISESD’17). IEEE, 329–334.Google ScholarGoogle Scholar
  20. Sanu Mathew, Farhana Sheikh, Amit Agarwal, Mike Kounavis, Steven Hsu, Himanshu Kaul, Mark Anders, and Ram Krishnamurthy. 2010. 53Gbps native GF () composite-field AES-encrypt/decrypt accelerator for content-protection in 45nm high-performance microprocessors. In Proceedings of the Symposium on VLSI Circuits. IEEE, 169–170.Google ScholarGoogle Scholar
  21. Kerry McKay, Lawrence Bassham, Meltem Sönmez Turan, and Nicky Mouha. 2016. Report on lightweight cryptography. Technical Report. National Institute of Standards and Technology.Google ScholarGoogle Scholar
  22. Christof Paar, Peter Fleischmann, and Pedro Soria-Rodriguez. 1999. Fast arithmetic for public-key algorithms in Galois fields with composite exponents. IEEE Trans. Comput. 48, 10 (1999), 1025–1034. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Wuqiong Pan, Fangyu Zheng, Yuan Zhao, Wen-Tao Zhu, and Jiwu Jing. 2016. An efficient elliptic curve cryptography signature server with GPU acceleration. IEEE Trans. Info. Forensics Secur. 12, 1 (2016), 111–122. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Simon Pontie, Alban Bourge, Adrien Prost-Boucle, Paolo Maistri, Olivier Muller, Régis Leveugle, and Frédéric Rousseau. 2016. HLS-based methodology for fast iterative development applied to Elliptic Curve arithmetic. In Proceedings of the Euromicro Conference on Digital System Design (DSD’16). IEEE, 511–518.Google ScholarGoogle ScholarCross RefCross Ref
  25. Adrien Prost-Boucle, Olivier Muller, and Frédéric Rousseau. 2014. Fast and standalone design space exploration for high-level synthesis under resource constraints. J. Syst. Architect. 60, 1 (2014), 79–93. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Septafiansyah Dwi Putra, Mario Yudhiprawira, Sarwono Sutikno, Yusuf Kurniawan, and Adang Suwandi Ahmad. 2019. Power analysis attack against encryption devices: a comprehensive analysis of AES, DES, and BC3. Telkomnika 17, 3 (2019), 1282–1289.Google ScholarGoogle ScholarCross RefCross Ref
  27. Phillip Rogaway. 2002. Authenticated-encryption with associated-data. In Proceedings of the 9th ACM Conference on Computer and Communications Security. 98–107. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Vasco Santos, Joao Paulo Barraca, and Diogo Gomes. 2017. Secure decentralized IoT infrastructure. In Proceedings of the Wireless Days. IEEE, 173–175.Google ScholarGoogle ScholarCross RefCross Ref
  29. Arif Sasongko, Hidayat Hidayat, Yusuf Kurniawan, and Sarwono Sutikno. 2011. Architecture for the secret-key BC3 cryptography algorithm. J. ICT Res. Appl. 5, 2 (2011), 125–140.Google ScholarGoogle Scholar
  30. Zafar Shahid, Marc Chaumont, and William Puech. 2011. Fast protection of H. 264/AVC by selective encryption of CAVLC and CABAC for I and P frames. IEEE Trans. Circ. Syst. Video Technol. 21, 5 (2011), 565–576. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Weiwei Shan, Longxing Shi, Xingyuan Fu, Xiao Zhang, Chaoxuan Tian, Zhipeng Xu, Jun Yang, and Jie Li. 2014. A side-channel analysis resistant reconfigurable cryptographic coprocessor supporting multiple block cipher algorithms. In Proceedings of the 51st Annual Design Automation Conference. 1–6. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Chang Shu, Kris Gaj, and Tarek El-Ghazawi. 2005. Low latency elliptic curve cryptography accelerators for NIST curves over binary fields. In Proceedings of the IEEE International Conference on Field-Programmable Technology. IEEE, 309–310.Google ScholarGoogle Scholar
  33. Leonel Sousa, Samuel Antao, and Paulo Martins. 2016. Combining residue arithmetic to design efficient cryptographic circuits and systems. IEEE Circ. Syst. Mag. 16, 4 (2016), 6–32.Google ScholarGoogle ScholarCross RefCross Ref
  34. M. Vaidehi and B. Justus Rabi. 2014. Design and analysis of AES-CBC mode for high security applications. In Second Proceedings of the International Conference on Current Trends In Engineering and Technology (ICCTET’14). IEEE, 499–502.Google ScholarGoogle Scholar
  35. Hoang-Gia Vu, Takashi Nakada, and Yasuhiko Nakashima. 2018. Efficient multitasking on fpga using hdl-based checkpointing. In Proceedings of the International Symposium on Applied Reconfigurable Computing. Springer, 590–602.Google ScholarGoogle ScholarCross RefCross Ref
  36. Chin Mun Wee, Peter R. Sutton, and Neil W. Bergmann. 2005. An FPGA network architecture for accelerating 3DES-CBC. In Proceedings of the International Conference on Field Programmable Logic and Applications. IEEE, 654–657.Google ScholarGoogle Scholar
  37. Timothy Wheeler, Paul Graham, Brent Nelson, and Brad Hutchings. 2001. Using design-level scan to improve FPGA design observability and controllability for functional verification. In Proceedings of the International Conference on Field Programmable Logic and Applications. Springer, 483–492. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. Arief Wicaksana, Alban Bourge, Olivier Muller, Arif Sasongko, and Frédéric Rousseau. 2017. Prototyping dynamic task migration on heterogeneous reconfigurable systems. In Proceedings of the International Symposium on Rapid System Prototyping (RSP’17). IEEE, 16–22. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. Dawen Xu, Rangding Wang, and Yun Q. Shi. 2014. Data hiding in encrypted H. 264/AVC video streams by codeword substitution. IEEE Trans. Info. Forensics Secur. 9, 4 (2014), 596–606. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. Ching-Chao Yang, Tian-Sheuan Chang, and Chien-Wei Jen. 1998. A new RSA cryptosystem hardware design based on Montgomery’s algorithm. IEEE Trans. Circ. Syst. II: Analog Digital Signal Process. 45, 7 (1998), 908–913.Google ScholarGoogle ScholarCross RefCross Ref

Index Terms

  1. Hardware Context Switch-based Cryptographic Accelerator for Handling Multiple Streams

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        • Published in

          cover image ACM Transactions on Reconfigurable Technology and Systems
          ACM Transactions on Reconfigurable Technology and Systems  Volume 14, Issue 3
          September 2021
          137 pages
          ISSN:1936-7406
          EISSN:1936-7414
          DOI:10.1145/3472296
          • Editor:
          • Deming Chen
          Issue’s Table of Contents

          Copyright © 2021 Association for Computing Machinery.

          Publisher

          Association for Computing Machinery

          New York, NY, United States

          Publication History

          • Published: 12 August 2021
          • Accepted: 1 April 2021
          • Revised: 1 December 2020
          • Received: 1 September 2020
          Published in trets Volume 14, Issue 3

          Permissions

          Request permissions about this article.

          Request Permissions

          Check for updates

          Qualifiers

          • research-article
          • Refereed

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader

        HTML Format

        View this article in HTML Format .

        View HTML Format
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!