Abstract
Architectures that implement the Internet Protocol Security (IPSec) standard have to meet the enormous computing demands of cryptographic algorithms. In addition, IPSec architectures have to be flexible enough to adapt to diverse security parameters. This article proposes an FPGA-based Adaptive Cryptographic Engine (ACE) for IPSec architectures. By taking advantage of FPGA technology, ACE can adapt to diverse security parameters on the fly while providing superior performance compared with software-based solutions. In this paper, we focus on performance issues. A diverse set of private-key cryptographic algorithms is utilized to demonstrate the applicability of the proposed cryptographic engine. The time performance metrics are throughput and key-setup latency. The latency metric is the most important measure for IPSec where a small amount of data is processed per key and key context switching occurs repeatedly. We are not aware of any published results that include extensive key-setup latency results.
- AES. Advanced encryption standard. http://csrc.nist.gov/encryption/aes/.]]Google Scholar
- Anderson, R., Biham, E., and Knudsen, L. 1998. Serpent: A proposal for the advanced encryption standard. Tech. rep., NIST AES Proposal (June).]]Google Scholar
- Aoki, K. and Lipmaa, H. 2000. Fast implementations of aes candidates. In Proceedings of the 3rd AES Candidate Conference.]]Google Scholar
- Bassham L. E. III. 2000. Efficiency testing of ANSI C implementations of round 2 candidate algorithms for the advanced encryption standard. In Proceedings of the 3rd AES Candidate Conference.]]Google Scholar
- Brown, S. and Rose, J. 1996. FPGA and CPLD architectures: A tutorial. In Proceedings of the IEEE Design & Test of Computers.]] Google Scholar
- Burwick, C. et al. 1999. Mars---A candidate cipher for AES. Tech. Rep., NIST AES Proposal (Aug.).]]Google Scholar
- Chu, Y. J. and Liu, T. H. 1965. On the shortest arborescence of a directed graph. Sci. Sin. 14, 1396--1400.]]Google Scholar
- Cisco Systems, Inc. IPSEC. http://www.cisco.com/public/products_tech.shtml.]]Google Scholar
- Daemen, J. and Rijmen, V. 1999. The rijndael block cipher. Tech. Rep., NIST AES Proposal (Sept.).]]Google Scholar
- Dandalis, A. 2001. Dynamic logic synthesis for reconfigurable hardware. Ph.D. dissertation, Dept. of Electrical Engineering, University of Southern California.]]Google Scholar
- Dandalis, A., Mei, A., and Prasanna, V. K. 1999. Domain specific mapping for solving graph problems on reconfigurable devices. In Proceedings of the Reconfigurable Architectures Workshop.]] Google Scholar
- Dandalis, A. and Prasanna, V. K. 2001. Configuration compression for FPGA-based embedded systems. In Proceedings of the International Symposium on Field-Programmable Gate Arrays.]] Google Scholar
- Dowd, P. and McHenry, J. T. 1998. Network security: It's time to take it seriously. IEEE Computer 31, 9 (Sept.), 24--28.]] Google Scholar
- Edmonds, J. 1967. Optimum branchings. J. Res. N&S 71(B), 233--240.]]Google Scholar
- Elbirt, A. J., Yip, W., Chetwynd, B., and Paar, C. 2000. An FPGA implementation and performance evaluation of the aes block cipher candidate algorithm finalists. In Proceedings of the 3rd AES Candidate Conference.]] Google Scholar
- Farrahi, A. and Sarrafzadeh, M. 1994. Complexity of the lookup-table minimization problem for fpga technology mapping. IEEE Trans. Comput. Aid. Des. 13, 11 (Nov.), 1319--1332.]]Google Scholar
- Fowler, D. 1999. Virtual Private Networks: Making the Right Connection. Morgan-Kaufmann, San Francisco, Calif.]] Google Scholar
- Gaj, K. and Chodowiec, P. 2000. Comparison of the hardware performance of the AES candidates using reconfigurable hardware. In Proceedings of the 3rd AES Candidate Conference.]]Google Scholar
- Gokhale, M. and Gomersall, E. 1997. High level compilation for fine grained fpgas. In Proceedings of the IEEE Symposium on Field-Programmable Custom Computing Machines.]] Google Scholar
- Hadley, J. D. and Hutchings, B. L. 1995. Design methodologies for partially reconfigured systems. In Proceedings of the IEEE Symposium on Field-Programmable Custom Computing Machines.]] Google Scholar
- Hudson, R. D., Lehn, D. I., and Athanas, P. 1998. A run-time reconfigurable engine for image interpolation. In Proceedings of the IEEE Symposium on Field-Programmable Custom Computing Machines.]] Google Scholar
- Kim, H., Somani, A. K., and Tyagi, A. 2001. A reconfigurable multi-function computing cache architecture. In Proceedings of the IEEE Trans. VSLI Syst. 9, 4 (Aug.), 509--523.]] Google Scholar
- Klimesh, M., Stanton, V., and Watola, D. 2001. Hardware implementation of a lossless image compression algorithm using a field programmable gate array. Tech. Rep., Jet Propulsion Laboratory, California Institute of Technology: The Telecommunications and Mission Operations Progress Report (Feb.).]]Google Scholar
- McHenry, J. T., Dowd, P. W., Pellegrino, F. A., Carrozzi, T. M., and Cocks, W. B. 1997. An fpga-based coprocessor for ATM firewalls. In Proceedings of the IEEE Symposium on Field-Programmable Custom Computing Machines.]] Google Scholar
- McMillan, S. and Patterson, C. 2001. Jbits implementations of the advanced encryption standard (rijndael). In Proceedings of the International Conference on Field Programmable Logic and Applications.]] Google Scholar
- Periyayacheri, S., Nayak, A., Jones, A., Shenoy, N., Choudhary, A., and Banerjee, P. 1999. Library functions in reconfigurable hardware for matrix and signal processing operations in matlab. In Proceedings of the Parallel and Distributed Computing and Systems Conference.]]Google Scholar
- Rivest, R. L., Robshaw, M. J. B., Sidney, R., and Yin, T. L. 1998. The RC6 block cipher. Tech. Rep., NIST AES Proposal (June).]]Google Scholar
- Rose, J., Gamal, A., and Sangiovanni-Vincentelli, A. 1993. Architecture of field programmable gate arrays. Proc. IEEE.]]Google Scholar
- Schneier, B. 1996. Applied Cryptography, 2nd ed. Willey, New York.]]Google Scholar
- Schneier B. et al. 1998. Twofish: A 128-bit block cipher. Tech. Rep., NIST AES Proposal (June).]]Google Scholar
- Swanchara, S., Harper, S., and Athanas, P. 1998. A stream-based configurable computing radio testbed. In Proceedings of the IEEE Symposium on Field-Programmable Custom Computing Machines.]] Google Scholar
- Taylor, R. R. and Goldstein, S. C. 1999. A high-performance flexible architecture for cryptography. In Proceedings of the Workshop on Cryptographic Hardware and Embedded Systems.]] Google Scholar
- Villasenor, J. and Mangione-Smith, W. H. 1997. Configurable computing. Sci. Amer., 66--71.]]Google Scholar
- Weeks, B., Bean, M., Rozylowicz, T., and Ficke, C. 2000. Hardware performance simulations of round 2 advanced encryption standard algorithms. In Proceedings of the 3rd AES Candidate Conference.]]Google Scholar
- Xilinx. Xilinx virtex series fpgas. http://www.xilinx.com/products/virtex.htm.]]Google Scholar
- Xilinx JBits. Xilinx jbits sdk. http://www.xilinx.com/products/jbits.]]Google Scholar
Index Terms
- An adaptive cryptographic engine for internet protocol security architectures
Recommendations
Improving functional density using run-time circuit reconfiguration
The ability to provide flexibility and allow fine-grain circuit specialization make field programmable gate arrays (FPGA's) ideal candidates for computing elements within application-specific architectures. The benefits of gate-level specialization and ...
Run-time performance optimization of an FPGA-based deduction engine for SAT solvers
FPGAs are a promising technology for accelerating SAT solvers. Besides their high density, fine granularity, and massive parallelism, FPGAs provide the opportunity for run-time customization of the hardware based on the given SAT instance. In this ...
High-performance automatic target recognition through data-specific VLSI
Under the Mojave configurable computing project, we have developed a system for achieving high performance on an automatic target recognition (ATR) application through the use of configurable computing technology. The ATR system studied here involves ...
Comments