An adaptive cryptographic engine for internet protocol security architectures

Architectures that implement the Internet Protocol Security (IPSec) standard have to meet the enormous computing demands of cryptographic algorithms. In addition, IPSec architectures have to be flexible enough to adapt to diverse security parameters. This article proposes an FPGA-based Adaptive Cryptographic Engine (ACE) for IPSec architectures. By taking advantage of FPGA technology, ACE can adapt to diverse security parameters on the fly while providing superior performance compared with software-based solutions. In this paper, we focus on performance issues. A diverse set of private-key cryptographic algorithms is utilized to demonstrate the applicability of the proposed cryptographic engine. The time performance metrics are throughput and key-setup latency. The latency metric is the most important measure for IPSec where a small amount of data is processed per key and key context switching occurs repeatedly. We are not aware of any published results that include extensive key-setup latency results.

[1]  Peter M. Athanas,et al.  A run-time reconfigurable engine for image interpolation , 1998, Proceedings. IEEE Symposium on FPGAs for Custom Computing Machines (Cat. No.98TB100251).

[2]  Bryan Weeks,et al.  Hardware Performance Simulations of Round 2 Advanced Encryption Standard Algorithms , 2000, AES Candidate Conference.

[3]  Peter M. Athanas,et al.  A stream-based configurable computing radio testbed , 1998, Proceedings. IEEE Symposium on FPGAs for Custom Computing Machines (Cat. No.98TB100251).

[4]  Arun K. Somani,et al.  A reconfigurable multi-function computing cache architecture , 2000, FPGA '00.

[5]  Patrick W. Dowd,et al.  Network Security: It's Time to Take It Seriously (Guest Editors' Introduction) , 1998, Computer.

[6]  Jonathan Rose,et al.  FPGA and CPLD Architectures: A Tutorial , 1996, IEEE Des. Test Comput..

[7]  A. El Gamal,et al.  Architecture of field-programmable gate arrays , 1993, Proc. IEEE.

[8]  Dennis Fowler Virtual Private Networks: Making the Right Connection , 1999 .

[9]  Arun K. Somani,et al.  A reconfigurable multifunction computing cache architecture , 2001, IEEE Trans. Very Large Scale Integr. Syst..

[10]  Kris Gaj,et al.  Comparison of the Hardware Performance of the AES Candidates Using Reconfigurable Hardware , 2000, AES Candidate Conference.

[11]  염흥렬,et al.  [서평]「Applied Cryptography」 , 1997 .

[12]  Viktor K. Prasanna,et al.  Configuration compression for FPGA-based embedded systems , 2005, IEEE Trans. Very Large Scale Integr. Syst..

[13]  Patrick W. Dowd,et al.  An FPGA-based coprocessor for ATM firewalls , 1997, Proceedings. The 5th Annual IEEE Symposium on Field-Programmable Custom Computing Machines Cat. No.97TB100186).

[14]  Kazumaro Aoki,et al.  Fast Implementations of AES Candidates , 2000, AES Candidate Conference.

[15]  Viktor K. Prasanna,et al.  Configuration compression for FPGA-based embedded systems , 2001, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[16]  Christof Paar,et al.  An FPGA implementation and performance evaluation of the Serpent block cipher , 2000, FPGA '00.

[17]  Seth Copen Goldstein,et al.  A High-Performance Flexible Architecture for Cryptography , 1999, CHES.

[18]  K PrasannaViktor,et al.  An adaptive cryptographic engine for internet protocol security architectures , 2004 .

[19]  Scott McMillan,et al.  JBitsTM Implementations of the Advanced Encryption Standard (Rijndael) , 2001, FPL.

[20]  Maya Gokhale,et al.  High level compilation for fine grained FPGAs , 1997, Proceedings. The 5th Annual IEEE Symposium on Field-Programmable Custom Computing Machines Cat. No.97TB100186).

[21]  Lawrence E. Bassham Efficiency Testing of ANSI C Implementations of Round 2 Candidate Algorithms for the Advanced Encryption Standard , 2000, AES Candidate Conference.

[22]  Ross Anderson,et al.  Serpent: A Proposal for the Advanced Encryption Standard , 1998 .

[23]  Viktor K. Prasanna,et al.  Domain Specific Mapping for Solving Graph Problems on Reconfigurable Devices , 1999, IPPS/SPDP Workshops.

[24]  Shai Halevi,et al.  MARS - a candidate cipher for AES , 1999 .

[25]  Vincent Rijmen,et al.  The Block Cipher BKSQ , 1998, CARDIS.

[26]  Majid Sarrafzadeh,et al.  Complexity of the lookup-table minimization problem for FPGA technology mapping , 1994, IEEE Trans. Comput. Aided Des. Integr. Circuits Syst..

[27]  M. Klimesh,et al.  Hardware Implementation of a Lossless Image Compression Algorithm Using a Field Programmable Gate Array , 2000 .

[28]  Christof Paar,et al.  An FPGA Implementation and Performance Evaluation of the AES Block Cipher Candidate Algorithm Finalists , 2000, AES Candidate Conference.

[29]  Brad L. Hutchings,et al.  Design methodologies for partially reconfigured systems , 1995, Proceedings IEEE Symposium on FPGAs for Custom Computing Machines.