RT Journal Article
A1 Rourab Paul
A1 Sandeep Shukla

PB iet
T1 Partitioned security processor architecture on FPGA platform
JN IET Computers & Digital Techniques
VO 12
IS 5
SP 216
OP 226
AB Internet protocol security (IPSec), secure sockets layer (SSL)/transport layer security (TLS) and other security protocols necessitate high throughput hardware implementation of cryptographic functions. In recent literature, cryptographic functions implemented in software, application specific integrated circuit (ASIC) and field programmable gate array (FPGA). They are not necessarily optimized for throughput. Due to the various side-channel based attacks on cache and memory, and various malware based exfiltration of security keys and other sensitive information, cryptographic enclave processors are implemented which isolates the cryptographically sensitive information like keys. We propose a partitioned enclave architecture targeting IPSec, TLS and SSL where the partitioned area ensures that the processor data-path is completely isolated from the secret-key memory. The security processor consists of a Trivium random number generator, Rivest–Shamir–Adleman (RSA), advanced encryption standard (AES) and KECCAK cryptos. We implement three different optimized KECCAK architectures. The processing element (PE) handles all communication interfaces, data paths, and control hazards of network security processor. The memory of KECCAK and AES communication is done via a direct memory access controller to reduce the PE overhead. The whole system is demonstrated by FPGA implementation using Vivado 2015.2 on Artix-7 (XC7A100T, CSG324). The performances of the implemented KECCAKs are better in terms of security, throughput and resource than the existing literature.
K1 partitioned security processor architecture
K1 cryptographic functions
K1 cryptographic enclave processors
K1 advanced encryption standard
K1 AES core communication
K1 Vivado 2015.2
K1 PE overhead reduction
K1 KECCAK crypto blocks
K1 Internet protocol security
K1 direct memory access controller
K1 field programmable gate array
K1 malware based exfiltration
K1 FPGA platform
K1 Artix-7 FPGA platform
K1 partitioned enclave architecture
K1 security keys
K1 secret key memory
K1 Trivium random number generator
K1 transport layer security
K1 processing element
K1 RSA
K1 ASIC
K1 control signal hazards
K1 application specific integrated circuit
K1 side channel based attacks
K1 optimised architectures
K1 IPsec
K1 TLS
K1 secure sockets layer
K1 FPGA
K1 processor data path
K1 KECCAK coprocessor
K1 sensitive information
K1 processor data-path
K1 SSL security protocols
K1 network security protocols
K1 communication interfaces
DO https://doi.org/10.1049/iet-cdt.2017.0178
UL https://digital-library.theiet.org/;jsessionid=2oy3a5evo1f2s.x-iet-live-01content/journals/10.1049/iet-cdt.2017.0178
LA English
SN 1751-8601
YR 2018
OL EN