FPGA Based AES Encryption Processor
ECE 253 Embedded Systems Design
Brett Brotherton
Nick Callegari
Literature Survey
FPGA Based AES Encryption Processor Literature Survey
With the use of more handheld wireless devices and increasing networking and wireless data transfer, the issue of security is being addressed from many different directions. The National Institute of Standards and Technology (NIST) selected the Rijndael algorithm as a new Advanced Encryption Standard (AES) [1] in 2001. This standard was first developed for secure data encryption/decryption for high-end applications.
Since the standardization of the encryption protocol, successful attempts by [2] have been made in incorporating this protocol into reprogrammable flash memory, such as the FPGA chip in use in small, low end devices such as PDAs . The articles argument is that there is a need to adapt the standard because of the need for secure electronic data transfer by these devices. In their attempt, the article first analyzed the device to find the constraints in which the encryption had to operate. It addressed that the throughput of the AES would have to be as fast as the throughput of the standardized network communication, as well as the need for it to be inexpensive and have low power consumption to make it viable to incorporate in future handheld PDA devices. The article provided evidence that they created an AES implementation for a FPGA that exceeded normal wireless network throughput of 60Mbps with their AES encryption/ decryption providing speeds of 150 Mbps. It was also cost effective proving that their implementation can easily be flashed on a Xilinx FPGA Spartan II XC2S30, which costs $10 per unit and only 50% of the logic resources are needed.
Article [3] argues that Field-Programmable Gate Arrays (FPGA) technology is becoming a popular target for designing cryptographic ciphers, as witnessed by the wealth of research [4][5][6][7][8] and commercial [9] implementation. The articles explains the FPGA is a desired because these main points;
From this article in conjunction with [2] shows that there is great research in this direction of using not only the AES cryptography standard, but also using programmable logic such as FPGA’s to provide security to embedded system. Not only does these articles prove that it is a desired direction to solve incorporating cryptography into embedded systems and wireless devices, but they also prove that they successfully solve the issue of throughput, size and cost in being able to incorporate them in FPGA’s. They show that it is a viable direction in which we plan to take this research further.
In using the same techniques that we plan to incorporate from [2] we are planning on completing platform in which we can incorporate other security architecture research work. We are proposing to develop a FPGA based AES encryption core. We are going to incorporate elements similar to [2] such as a Dual-Port RAM and the Rijndael Algorithm from an AES core provided by [10] and [11]. These elements should prove to provide a fast and effective implementation of an AES encryption core.
The heart of our design is going to differ in which we use a a Xilinx Virtex-4 field programmable gate array (FPGA). The Virtex-4 pro FPGA allows us to custom configure a MicroBlaze softcore processor to serve as the basis for our design. The Xilinx EDK development environment allows us to develop applications for the Microblaze and to add custom peripherals and to tune various features on the processor such as cache and memory size. We will use the EDK to add an AES Encryption core that will interface with the Microblaze processor. There will also be an interface to off chip SDRAM and a serial interface to allow communication between the system and a PC.
Our main goal is to develop a solid platform that can be used to demonstrate our various security techniques. With the increasing use of FPGAs especially in security related functions as described above it is important to develop a set of tools and standards that we can use to ensure make them more secure. Once we have completed the basic functioning system we can try to incorporate more features into it, giving us a valuable platform for the testing and demonstration of the security techniques and standards which we develop. First, we would like to partition the design using “motes,” and then analyze it with our route tracing tool[12]. This however may not be possible since Jbits does not currently support Virtex-4 FPGAs and it looks like there is little chance of future support. This design is a good example of a system that we would want to use motes and drawbridges. We are dealing with encryption which we want to ensure is isolated so that there is no way for an attacker to obtain the key(s) or unencrypted data. We are also dealing with a third party core which we have downloaded from open cores. This is a great example of a system where you would want to isolate a core with a moat in this case we would want to isolate the AES encryption core. Also discussed in [12] is a TDMA secure bus architecture. Our design would serve as a good platform for developing the protocol for this architecture. It would allow for performance testing to see if this architecture can perform fast enough and analyze the tradeoffs of the architecture.
One interesting thing about our design is that the microprocessor and encryption core communicate solely through a shared memory block. Since this memory block is connected to the microprocessors shared bus we would like to be able to ensure that access to it can be regulated since it will contain sensitive information such as keys and unencrypted data. The memory reference monitor described in [14] is one such way this could be accomplished. It could allow us to control the what portions of the shared memory each device on the bus could read and write to. We could even completely disable reading of the keys and unencrypted data by everyone except the AES core. Combining the reference monitor with the secure bus as described in [12] would allow for a very secure communication protocol in which covert channels would be greatly reduced or eliminated. Our platform will serve as a basis for developing and working out the quirks of these different protocols. They will also allow us to analyze how they all work together and see what sort of effect the really have on performance in a modern FPGA based system.
1. National Institute of Standards and Technology: FIPS 197: Advanced Encryption
Standard, November 2001
2. Chodowlec, P. and Gaj, K.: Very Compact FPGA Implementation of the AES
Algorithm George Mason University, MS1G5, 4400 University Drive, Fairfax, VA
22030, USA
3. Zambreno J. and Nguyen D. and Choudhary A. : Exploring Area/Delay Tradeoffs in
an AES FPGA Implementation Department of Electrical and Computer Engineering,
Northwestern University, Evanston, IL 60208, USA
4. A. Elbirt, W. Yip, B. Chetwynd, and C. Paar. An FPGA implementation and
performance evaluation of the AES block cipher candidate algorithm finalists. In
Proc. of the Third Advanced Encryption Standard (AES3) Candidate Conference,
pages 13–27, 2000.
5. G. P. Saggese, A. Mazzeo, N. Mazzoca, and A. G. M. Strollo. An FPGA-based
performance analysis of the unrolling, tiling, and pipelining of the AES algorithm.
In Proc. of the 13th Int’l Conference on Field-Programmable Logic and its
Applications (FPL), pages 292–302, 2003.
6. J-P. Kaps and C. Paar. Fast DES implementation for FPGAs and its application to
a universal key-search machine. In Proc. of the 5th Annual Workshop on Selected
Areas in Cryptography (SAC), pages 234–247, 1998.
7. I. Gonzalez, S. Lopez-Budeo, F. J. Gomez, and J. Martinez. Using partial
Reconfiguration in cryptographic applications: an implementation of the IDEA
algorithm. In Proc. of the 13th Int’l Conference on Field-Programmable Logic and
its Applications (FPL), pages 194–203, 2003.
8. K. U. J¨arvinen, M. T. Tommiska, and J. O. Skytt¨a. A fully pipelined memoryless
17.8 Gbps AES-128 encryptor. In Proc. of the Int’l Symposium on Field
Programmable Gate Arrays (FPGA), pages 207–215, 2003.
9. Helion Technology, Inc. AES Xilinx FPGA core data sheet. available at
http://www.heliontech.com, 2003.
10. OpenCores. AES128_Crypto_core
http://www.opencores.org/projects.cgi/web/aes_crypto_core/overview, 2004.
11. Xilinx Virtex-4 Multiplatform FPGA Overview w/spec sheet
http://www.xilinx.com/products/silicon_solutions/fpgas/virtex/virtex4/, 2007.
12. Motes and Drawbridges: An Isolation Primitive for Reconfigurable Hardware Based
Systems
13. Lu, C-C. and Tseng, S-Y.: Integrated Design of AES (Advanced Encryption
Standard) Encrypter and Decrypter. IEEE 2002.
14. Ted Huffmire, Shreyas Prasad, Tim Sherwood and Ryan Kastner. Policy-Driven
Memory Protection for Reconfigurable Hardware. Proceedings of the European
Symposium on Research in Computer Security (ESORICS), Hamburg, Germany,
September 2006.
Home Project Proposal Links Literature Survey Progress Report