An adaptive cryptographic engine for IPSec architectures

Architectures that implement the Internet Protocol Security (IPSec) standard have to meet the enormous computing demands of cryptographic algorithms. In addition, IPSec architectures have to be flexible enough to adapt to diverse security parameters. This paper proposes an FPGA-based Adaptive Cryptographic Engine (ACE) for IPSec architectures. By taking advantage of FPGA technology, ACE can adapt to diverse security parameters on the fly while providing superior performance compared with software-based approaches. For example, for the final candidate algorithms of the Advanced Encryption Standard (AES), our techniques lead to throughput speed-up of 4-20 while the key-setup latency time is reduced by a factor of 20-700 compared with software-based approaches. We also develop a compression technique that reduces the memory requirements of ACE without the need for dedicated hardware. Though data compression has been extensively studied before, we are not aware of any prior work that addresses the compression problem of FPGA-based embedded systems with respect to the implementation cost. Using our technique, we demonstrate up to 40% savings in memory for various configuration bit-streams.

[1]  Mark Nelson,et al.  The Data Compression Book , 1991 .

[2]  Viktor K. Prasanna,et al.  Domain Specific Mapping for Solving Graph Problems on Reconfigurable Devices , 1999, IPPS/SPDP Workshops.

[3]  Trevor N. Mudge,et al.  Improving code density using compression techniques , 1997, Proceedings of 30th Annual International Symposium on Microarchitecture.

[4]  Christof Paar,et al.  An FPGA implementation and performance evaluation of the Serpent block cipher , 2000, FPGA '00.

[5]  Scott Hauck,et al.  Runlength compression techniques for FPGA configurations , 1999, Seventh Annual IEEE Symposium on Field-Programmable Custom Computing Machines (Cat. No.PR00375).

[6]  Seth Copen Goldstein,et al.  A High-Performance Flexible Architecture for Cryptography , 1999, CHES.

[7]  Zhiyuan Li,et al.  Configuration compression for the Xilinx XC6200 FPGA , 1998, Proceedings. IEEE Symposium on FPGAs for Custom Computing Machines (Cat. No.98TB100251).

[8]  Dennis Fowler Virtual Private Networks: Making the Right Connection , 1999 .

[9]  Mark Nelson,et al.  The data compression book (2nd ed.) , 1995 .

[10]  염흥렬,et al.  [서평]「Applied Cryptography」 , 1997 .