access icon free Hardware variant NSP with security-aware automated preferential algorithm

Efficient and cost-effective hardware design of network security processor (NSP) is of vital importance in the present era due to the increasing need of security infrastructure in a wide range of computing applications. Here, the authors propose an NSP in field programmable gate array (FPGA) platform where according to a strict power, throughput, resource, and security priorities, a proposed preferential algorithm chooses a cipher suite to program the hardware. The choice is based on a rank list of available cipher suites depending on efficient system index evaluated in terms of power, throughput, resource, and security data and their given weights by the user. Encryption, hash, and key exchange algorithm along with their architectural variants serve excellent hardware flexibility whose bit files are stored in secure digital memory. The proposed design used an isolated key memory where secret keys are stored in encrypted form along with the hash value. The design is implemented using ISE14.4 suite with ZYNQ7z020-clg484 FPGA platform. The performances of the variants architecture of the crypto algorithms are considerably better in terms of power, throughput, and resource than the existing works reported in the literature.

Inspec keywords: microprocessor chips; logic design; cryptography; field programmable gate arrays

Other keywords: field programmable gate array; security infrastructure; encryption; cost-effective hardware design; hash value; ZYNQ7z020-clg484 FPGA platform; key exchange algorithm; ISE14.4 suite; hardware variant NSP; cipher suites; security-aware automated preferential algorithm; secure digital memory; network security processor; crypto algorithms; security data; preferential algorithm; secret keys; architectural variants; system index

Subjects: Logic circuits; Digital circuit design, modelling and testing; Cryptography; Logic design methods; Security aspects of hardware; Microprocessors and microcomputers; Microprocessor chips; Logic and switching circuits

References

    1. 1)
      • 18. Chakrabarti, A., , Ghosh, R., Paul, R., Dey, H.: ‘Accelerating more secure rc4: implementation of seven fpga designs in stages upto 8 byte per clock’. volume abs/1609.01389, 2016.
    2. 2)
      • 26. Aumasson, J.-P., Dinur, I., Henzen, L., et al: ‘Efficient FPGA implementation of high-dimensional cube testers on the stream cipher grain-128’.
    3. 3)
      • 10. Isobe, T., Tsutsumi, S., Seto, K., et al: ‘10 gbps implementation of tls/ssl accelerator on fpga’. 2010 18th Int. Workshop on Quality of Service (IWQoS), June 2010, pp. 16.
    4. 4)
      • 21. Peeters, M., Bertoni, G., Daemen, J., et al: ‘Keccak software implementation’.
    5. 5)
      • 17. Maitra, S, Paul, G.: ‘Analysis of RC4 and proposal of additional layers for better security margin’ (Springer Berlin Heidelberg, Berlin, Heidelberg, 2008), pp. 2739.
    6. 6)
      • 5. Hifn 2008.hifn 7954 security accelerator data sheet.
    7. 7)
      • 16. Peeters, M., Bertoni, G., Daemen, J., et al: ‘Keccak sponge function family main document’. Available at http://keccak.noekeon.org, April 2009.
    8. 8)
      • 9. Karlton, P., Frier, A., Kocher, P.: ‘The ssl protocol version 3.0’, November 1996.
    9. 9)
      • 14. Bernstein, D.J., Lange, T., Schwabe, P.: ‘The security impact of a new cryptographic library’ (Springer Berlin Heidelberg, Berlin, Heidelberg, 2012), pp. 159176.
    10. 10)
      • 8. Kieselmann, O., Kopal, N., Wacker, A.: ‘Ranking cryptographic algorithms’ (Springer International Publishing, Cham, 2014), pp. 151171.
    11. 11)
      • 7. Paul, R., Chakrabarti, A., Ghosh, R.: ‘Multi core ssl/tls security processor architecture and its {FPGA} prototype design with automated preferential algorithm’, Microprocess. Microsyst., 2016, 40, pp. 124136.
    12. 12)
      • 6. Wang, H., Bai, G., Chen, H.: ‘A gbps ipsec ssl security processor design and implementation in an fpga prototyping platform’, J. Signal Process. Syst., 2010, 58, (3), pp. 311324.
    13. 13)
      • 11. United nations statistics division – pcs (2013).
    14. 14)
      • 13. Paul, R, Shukla, S.K.: ‘A high speed KECCAK coprocessor for partitioned NSP architecture on FPGA platform’ (Springer Singapore, Singapore, 2017), pp. 507518.
    15. 15)
      • 25. Gupta, S.S., Chattopadhyay, A., Sinha, K, et al: ‘High-performance hardware implementation for rc4 stream cipher’, IEEE Trans. Comput., 2013, 62, (4), pp. 730743.
    16. 16)
      • 1. Kim, H.W., Lee, S.: ‘Design and implementation of a private and public key crypto processor and its application to a security system’, IEEE Trans. Consum. Electron., 2004, 50, (1), pp. 214224.
    17. 17)
      • 22. Lu, J., Lockwood, J.: ‘Ipsec implementation on xilinx virtex-ii pro fpga and its application’. 2005. Proc. 19th IEEE Int. Parallel and Distributed Processing Symp., April 2005, p. 158b.
    18. 18)
      • 12. Barker, A.R.E.: ‘Transitions: recommendation for transitioning the use of cryptographic algorithms and key lengths’. volume abs/1609.01389, January 2011.
    19. 19)
      • 19. Paul, R., Saha, S., Pal, C., et al: ‘Novel architecture of modular exponent on reconfigurable system’. 2012 Students Conf. on Engineering and Systems (SCES), March 2012, pp. 16.
    20. 20)
      • 15. Hell, M., Johansson, T., Meier, W.: ‘Grain: a stream cipher for constrained environments’, Int. J. Wirel. Mobile Comput., 2007, 2, (1), pp. 8693.
    21. 21)
      • 2. Mpc 190 security processor fact sheet motorola 2003, publishers-freescale semiconductor. 2003.
    22. 22)
      • 23. McLoone, M., McCanny, J.V.: ‘A single-chip ipsec cryptographic processor’. IEEE Workshop on Signal Processing Systems, 2002. (SIPS ‘02), October 2002, pp. 133138.
    23. 23)
      • 20. ESTREAM. Grain software implementation.
    24. 24)
      • 4. Wang, C.-H., Lo, C.-Y., Lee, M.-S., et al: ‘A network security processor design based on an integrated soc design and test platform’. Design Automation Conf., 2006 43rd ACM/IEEE, 2006, pp. 490495.
    25. 25)
      • 3. BROADCOM. Broadcom (2004). bcm 5840 gigabit security processor.
    26. 26)
      • 24. Gupta, S.S., Sinha, K., Maitra, S., et al: ‘One byte per clock: a novel rc4 hardware’. InGong, G., Gupta, K. (Eds.): ‘Progress in cryptology – INDOCRYPT 2010, volume 6498 of Lecture Notes in Computer Science’ (Springer Berlin, Heidelberg, 2010), pp. 347363. 10.1007/978-3-642-17401-8_24.
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-cdt.2018.0006
Loading

Related content

content/journals/10.1049/iet-cdt.2018.0006
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading