article

An adaptive cryptographic engine for internet protocol security architectures

Authors:

Andreas Dandalis,

Viktor K. PrasannaAuthors Info & Claims

ACM Transactions on Design Automation of Electronic Systems (TODAES), Volume 9, Issue 3

Pages 333 - 353

https://doi.org/10.1145/1013948.1013952

Published: 01 July 2004 Publication History

Abstract

Architectures that implement the Internet Protocol Security (IPSec) standard have to meet the enormous computing demands of cryptographic algorithms. In addition, IPSec architectures have to be flexible enough to adapt to diverse security parameters. This article proposes an FPGA-based Adaptive Cryptographic Engine (ACE) for IPSec architectures. By taking advantage of FPGA technology, ACE can adapt to diverse security parameters on the fly while providing superior performance compared with software-based solutions. In this paper, we focus on performance issues. A diverse set of private-key cryptographic algorithms is utilized to demonstrate the applicability of the proposed cryptographic engine. The time performance metrics are throughput and key-setup latency. The latency metric is the most important measure for IPSec where a small amount of data is processed per key and key context switching occurs repeatedly. We are not aware of any published results that include extensive key-setup latency results.

References

[1]

AES. Advanced encryption standard. http://csrc.nist.gov/encryption/aes/.]]

[2]

Anderson, R., Biham, E., and Knudsen, L. 1998. Serpent: A proposal for the advanced encryption standard. Tech. rep., NIST AES Proposal (June).]]

[3]

Aoki, K. and Lipmaa, H. 2000. Fast implementations of aes candidates. In Proceedings of the 3rd AES Candidate Conference.]]

[4]

Bassham L. E. III. 2000. Efficiency testing of ANSI C implementations of round 2 candidate algorithms for the advanced encryption standard. In Proceedings of the 3rd AES Candidate Conference.]]

[5]

Brown, S. and Rose, J. 1996. FPGA and CPLD architectures: A tutorial. In Proceedings of the IEEE Design & Test of Computers.]]

[6]

Burwick, C. et al. 1999. Mars---A candidate cipher for AES. Tech. Rep., NIST AES Proposal (Aug.).]]

[7]

Chu, Y. J. and Liu, T. H. 1965. On the shortest arborescence of a directed graph. Sci. Sin. 14, 1396--1400.]]

[8]

Cisco Systems, Inc. IPSEC. http://www.cisco.com/public/products_tech.shtml.]]

[9]

Daemen, J. and Rijmen, V. 1999. The rijndael block cipher. Tech. Rep., NIST AES Proposal (Sept.).]]

[10]

Dandalis, A. 2001. Dynamic logic synthesis for reconfigurable hardware. Ph.D. dissertation, Dept. of Electrical Engineering, University of Southern California.]]

[11]

Dandalis, A., Mei, A., and Prasanna, V. K. 1999. Domain specific mapping for solving graph problems on reconfigurable devices. In Proceedings of the Reconfigurable Architectures Workshop.]]

[12]

Dandalis, A. and Prasanna, V. K. 2001. Configuration compression for FPGA-based embedded systems. In Proceedings of the International Symposium on Field-Programmable Gate Arrays.]]

[13]

Dowd, P. and McHenry, J. T. 1998. Network security: It's time to take it seriously. IEEE Computer 31, 9 (Sept.), 24--28.]]

[14]

Edmonds, J. 1967. Optimum branchings. J. Res. N&S 71(B), 233--240.]]

[15]

Elbirt, A. J., Yip, W., Chetwynd, B., and Paar, C. 2000. An FPGA implementation and performance evaluation of the aes block cipher candidate algorithm finalists. In Proceedings of the 3rd AES Candidate Conference.]]

[16]

Farrahi, A. and Sarrafzadeh, M. 1994. Complexity of the lookup-table minimization problem for fpga technology mapping. IEEE Trans. Comput. Aid. Des. 13, 11 (Nov.), 1319--1332.]]

[17]

Fowler, D. 1999. Virtual Private Networks: Making the Right Connection. Morgan-Kaufmann, San Francisco, Calif.]]

[18]

Gaj, K. and Chodowiec, P. 2000. Comparison of the hardware performance of the AES candidates using reconfigurable hardware. In Proceedings of the 3rd AES Candidate Conference.]]

[19]

Gokhale, M. and Gomersall, E. 1997. High level compilation for fine grained fpgas. In Proceedings of the IEEE Symposium on Field-Programmable Custom Computing Machines.]]

[20]

Hadley, J. D. and Hutchings, B. L. 1995. Design methodologies for partially reconfigured systems. In Proceedings of the IEEE Symposium on Field-Programmable Custom Computing Machines.]]

[21]

Hudson, R. D., Lehn, D. I., and Athanas, P. 1998. A run-time reconfigurable engine for image interpolation. In Proceedings of the IEEE Symposium on Field-Programmable Custom Computing Machines.]]

[22]

Kim, H., Somani, A. K., and Tyagi, A. 2001. A reconfigurable multi-function computing cache architecture. In Proceedings of the IEEE Trans. VSLI Syst. 9, 4 (Aug.), 509--523.]]

[23]

Klimesh, M., Stanton, V., and Watola, D. 2001. Hardware implementation of a lossless image compression algorithm using a field programmable gate array. Tech. Rep., Jet Propulsion Laboratory, California Institute of Technology: The Telecommunications and Mission Operations Progress Report (Feb.).]]

[24]

McHenry, J. T., Dowd, P. W., Pellegrino, F. A., Carrozzi, T. M., and Cocks, W. B. 1997. An fpga-based coprocessor for ATM firewalls. In Proceedings of the IEEE Symposium on Field-Programmable Custom Computing Machines.]]

[25]

McMillan, S. and Patterson, C. 2001. Jbits implementations of the advanced encryption standard (rijndael). In Proceedings of the International Conference on Field Programmable Logic and Applications.]]

[26]

Periyayacheri, S., Nayak, A., Jones, A., Shenoy, N., Choudhary, A., and Banerjee, P. 1999. Library functions in reconfigurable hardware for matrix and signal processing operations in matlab. In Proceedings of the Parallel and Distributed Computing and Systems Conference.]]

[27]

Rivest, R. L., Robshaw, M. J. B., Sidney, R., and Yin, T. L. 1998. The RC6 block cipher. Tech. Rep., NIST AES Proposal (June).]]

[28]

Rose, J., Gamal, A., and Sangiovanni-Vincentelli, A. 1993. Architecture of field programmable gate arrays. Proc. IEEE.]]

[29]

Schneier, B. 1996. Applied Cryptography, 2nd ed. Willey, New York.]]

[30]

Schneier B. et al. 1998. Twofish: A 128-bit block cipher. Tech. Rep., NIST AES Proposal (June).]]

[31]

Swanchara, S., Harper, S., and Athanas, P. 1998. A stream-based configurable computing radio testbed. In Proceedings of the IEEE Symposium on Field-Programmable Custom Computing Machines.]]

[32]

Taylor, R. R. and Goldstein, S. C. 1999. A high-performance flexible architecture for cryptography. In Proceedings of the Workshop on Cryptographic Hardware and Embedded Systems.]]

[33]

Villasenor, J. and Mangione-Smith, W. H. 1997. Configurable computing. Sci. Amer., 66--71.]]

[34]

Weeks, B., Bean, M., Rozylowicz, T., and Ficke, C. 2000. Hardware performance simulations of round 2 advanced encryption standard algorithms. In Proceedings of the 3rd AES Candidate Conference.]]

[35]

Xilinx. Xilinx virtex series fpgas. http://www.xilinx.com/products/virtex.htm.]]

[36]

Xilinx JBits. Xilinx jbits sdk. http://www.xilinx.com/products/jbits.]]

Cited By

Farooq UAslam M(2017)Comparative analysis of different AES implementation techniques for efficient resource usage and better performance of an FPGAJournal of King Saud University - Computer and Information Sciences10.1016/j.jksuci.2016.01.00429:3(295-302)Online publication date: Jul-2017
https://doi.org/10.1016/j.jksuci.2016.01.004
Park JJung WJo GLee ILee JWeippl EKatzenbeisser SKruegel CMyers AHalevi S(2016)PIPSEAProceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security10.1145/2976749.2978329(1255-1267)Online publication date: 24-Oct-2016
https://dl.acm.org/doi/10.1145/2976749.2978329
Mang EMang IConstantin P(2012)Reconfigurable Computing—A New ParadigmComputer Technology and Computer Programming10.1201/b13124-8(111-124)Online publication date: 17-Oct-2012
https://doi.org/10.1201/b13124-8
Show More Cited By

Index Terms

An adaptive cryptographic engine for internet protocol security architectures
1. Hardware
  1. Integrated circuits
    1. Logic circuits
  2. Very large scale integration design
    1. Application-specific VLSI designs
      1. Application specific processors

Recommendations

Improving functional density using run-time circuit reconfiguration

The ability to provide flexibility and allow fine-grain circuit specialization make field programmable gate arrays (FPGA's) ideal candidates for computing elements within application-specific architectures. The benefits of gate-level specialization and ...
Run-time performance optimization of an FPGA-based deduction engine for SAT solvers

FPGAs are a promising technology for accelerating SAT solvers. Besides their high density, fine granularity, and massive parallelism, FPGAs provide the opportunity for run-time customization of the hardware based on the given SAT instance. In this ...
High-performance automatic target recognition through data-specific VLSI

Under the Mojave configurable computing project, we have developed a system for achieving high performance on an automatic target recognition (ATR) application through the use of configurable computing technology. The ATR system studied here involves ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Design Automation of Electronic Systems

ACM Transactions on Design Automation of Electronic Systems Volume 9, Issue 3

July 2004

112 pages

ISSN:1084-4309

EISSN:1557-7309

DOI:10.1145/1013948

Issue’s Table of Contents

Copyright © 2004 ACM.

Publisher

Association for Computing Machinery

New York, NY, United States

Journal Family

ACM Journals for the Design of Smart and Connected Systems

Publication History

Published: 01 July 2004

Published in TODAES Volume 9, Issue 3

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

16
Total Citations
View Citations
1,533
Total Downloads

Downloads (Last 12 months)9
Downloads (Last 6 weeks)0

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Farooq UAslam M(2017)Comparative analysis of different AES implementation techniques for efficient resource usage and better performance of an FPGAJournal of King Saud University - Computer and Information Sciences10.1016/j.jksuci.2016.01.00429:3(295-302)Online publication date: Jul-2017
https://doi.org/10.1016/j.jksuci.2016.01.004
Park JJung WJo GLee ILee JWeippl EKatzenbeisser SKruegel CMyers AHalevi S(2016)PIPSEAProceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security10.1145/2976749.2978329(1255-1267)Online publication date: 24-Oct-2016
https://dl.acm.org/doi/10.1145/2976749.2978329
Mang EMang IConstantin P(2012)Reconfigurable Computing—A New ParadigmComputer Technology and Computer Programming10.1201/b13124-8(111-124)Online publication date: 17-Oct-2012
https://doi.org/10.1201/b13124-8
Battistello PGarcia-Alfaro JDeléTré C(2012)Transaction-based authentication and key agreement protocol for inter-domain VoIPJournal of Network and Computer Applications10.1016/j.jnca.2012.02.01035:5(1579-1597)Online publication date: 1-Sep-2012
https://dl.acm.org/doi/10.1016/j.jnca.2012.02.010
MICHAIL HSCHINIANAKIS DGOUTIS CKAKAROUNTAS ASELIMIS G(2011)CIPHER BLOCK BASED AUTHENTICATION MODULE: A HARDWARE DESIGN PERSPECTIVEJournal of Circuits, Systems and Computers10.1142/S021812661100718920:02(163-184)Online publication date: Apr-2011
https://doi.org/10.1142/S0218126611007189
Wanderley EVaslin RCrenne JCotret PGogniat GDiguet JDanger JMaurine PFischer VBadrignans BBarthe LBenoit PTorres L(2011)Security FPGA AnalysisSecurity Trends for FPGAS10.1007/978-94-007-1338-3_2(7-46)Online publication date: 2011
https://doi.org/10.1007/978-94-007-1338-3_2
Michail HGregoriades AKelefouras VKotsiolis APapagianopoulou DGoutis C(2010)HW/SW Co-design Integrating High-Speed Authentication Module for IPSec/IPv6Proceedings of the 2010 Fifth International Conference on Digital Telecommunications10.1109/ICDT.2010.33(138-142)Online publication date: 13-Jun-2010
https://dl.acm.org/doi/10.1109/ICDT.2010.33
Young CLin YChia C(2009)Software and hardware design of a multi-cipher cryptosystemTENCON 2009 - 2009 IEEE Region 10 Conference10.1109/TENCON.2009.5396161(1-5)Online publication date: Nov-2009
https://doi.org/10.1109/TENCON.2009.5396161
Michail HKakarountas AMilidonis AGoutis C(2009)A Top-Down Design Methodology for Ultrahigh-Performance Hashing CoresIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2008.156:4(255-268)Online publication date: 1-Oct-2009
https://dl.acm.org/doi/10.1109/TDSC.2008.15
Farouk H(2008)Design of a novel hardware data structure for cryptographic applicationsProceedings of the WSEAS International Conference on Applied Computing Conference10.5555/1415804.1415840(194-198)Online publication date: 27-May-2008
https://dl.acm.org/doi/10.5555/1415804.1415840
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Issue’s Table of Contents