TY - GEN
T1 - A parallel architecture for secure FPGA symmetric encryption
AU - Swankoski, E. J.
AU - Brooks, R. R.
AU - Narayanan, V.
AU - Kandemir, M.
AU - Irwin, M. J.
PY - 2004
Y1 - 2004
N2 - Cryptographic algorithms are at the heart of secure systems worldwide, providing encryption for millions of sensitive financial, government, and private transactions daily. Reconfigurable computing platforms like FPGAs provide a relatively low-cost, high-performance method of implementing cryptographic primitives. Several standard algorithms are used: the DES, 3DES, and AES algorithms. Conventional high-performance architectures utilize loop-unrolled approaches where internal hardware functions are duplicated. We propose a parallel architecture in which internal hardware functionality is not duplicated but reused. This creates a reasonably compact single block, which is ideal for duplication. This allows multiple users to share the same hardware, as spatial isolation is achieved by the physical separation of individual encryption blocks. Also, this allows for a greater degree of scalability, and system throughput becomes limited only by available physical resources and available I/O resources. We conclude that this parallel encryption architecture allows for comparable performance compared to conventional pipelined architectures with greater flexibility and hardware efficiency. We show that a pipelined encryption system cannot be used in a physically secure environment as it does not protect the keys adequately. Temporal isolation of the key is achieved using the parallel architecture. Indirect key storage is accomplished using principles of controlled physical random functions, which make all key values fully transient and never hardware-resident. Thus the parallel architecture achieves a high level of physical and design security within the FPGA, protecting the key from both invasive and non-invasive physical attacks.
AB - Cryptographic algorithms are at the heart of secure systems worldwide, providing encryption for millions of sensitive financial, government, and private transactions daily. Reconfigurable computing platforms like FPGAs provide a relatively low-cost, high-performance method of implementing cryptographic primitives. Several standard algorithms are used: the DES, 3DES, and AES algorithms. Conventional high-performance architectures utilize loop-unrolled approaches where internal hardware functions are duplicated. We propose a parallel architecture in which internal hardware functionality is not duplicated but reused. This creates a reasonably compact single block, which is ideal for duplication. This allows multiple users to share the same hardware, as spatial isolation is achieved by the physical separation of individual encryption blocks. Also, this allows for a greater degree of scalability, and system throughput becomes limited only by available physical resources and available I/O resources. We conclude that this parallel encryption architecture allows for comparable performance compared to conventional pipelined architectures with greater flexibility and hardware efficiency. We show that a pipelined encryption system cannot be used in a physically secure environment as it does not protect the keys adequately. Temporal isolation of the key is achieved using the parallel architecture. Indirect key storage is accomplished using principles of controlled physical random functions, which make all key values fully transient and never hardware-resident. Thus the parallel architecture achieves a high level of physical and design security within the FPGA, protecting the key from both invasive and non-invasive physical attacks.
UR - http://www.scopus.com/inward/record.url?scp=12444292161&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=12444292161&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:12444292161
SN - 0769521320
SN - 9780769521329
T3 - Proceedings - International Parallel and Distributed Processing Symposium, IPDPS 2004 (Abstracts and CD-ROM)
SP - 1803
EP - 1810
BT - Proceedings - 18th International Parallel and Distributed Processing Symposium, IPDPS 2004 (Abstracts and CD-ROM)
T2 - Proceedings - 18th International Parallel and Distributed Processing Symposium, IPDPS 2004 (Abstracts and CD-ROM)
Y2 - 26 April 2004 through 30 April 2004
ER -