Anand Raghunathan

Transcription

1 ECE 695R: SYSTEM-ON-CHIP DESIGN Module 2: HW/SW Partitioning Lecture 2.26: Example: Hardware Architecture Anand Raghunathan ECE 695R: System-on-Chip Design, Fall 2014 Fall 2014, ME 1052, T Th 12:00PM-1:15PM 2014 Anand Raghunathan 1

2 HW Architecture Scratchpad & memory & I/O Extensible up core Custom Instruction Unit INTR I/F Debug I/F 32bit Inst. RAM Inst. ROM Data RAM Data ROM I/O 32bit 16bit or 32bit Interrupt Control Coprocessor Control Debug Control Control Unit Instruction Queue Program Control System Registers Program Registers Operation Unit Multiplier ALU Coprocessor I/F Local Registers Coeff-table Hard-Wired- Logic Execution Unit Cache (I,D) Scratchpad (ROM RAM) Extensible RISC core Symmetric Hash Public-key DES/3DES AES RC4 SHA1 MD5 RSA ECC SHA256 DH AES-OMAC DSA/DSS custom instructions accelerate a wide range of cryptographic algorithms Configurable: Easy to add/remove algorithm support Scratchpad provides secure on-chip storage for code and data.

3 Performance (Stand-alone) Cryptographic Algorithm Processing speed (Mbps) Speedup over SW on RISC CPU 3DES Mbps X AES Mbps X Area: Base processor: ~40Kgates Co-processor: ~ Kgates MD5 491 Mbps 134X SHA Mbps 330X RSA (2048) 311 ms 13.2X Power (NEC 130nm technology): 0.19 mw/mhz () vs mw/mhz (ARM926) (1) speeds are based on measured data from prototype (4KB I-cache, 4KB D-cache) at 100MHz clock frequency (2) Speeds do not include the overhead of communication with the host CPU. In-system data rates will be lower due to these overheads

4 Application-visible performance Full-system measurement with complete SW stack and applications ttcp TCP IP IPSEC MV Linux Round trip time ttcp ping Redhat Linux Native IPSec LAN

5 Performance (application-visible) Processing Rate (Mbps) Application-visible data rates Measured in-system at the level of the crypto library API on the host CPU Includes all I/O, communication, and software overheads DES-ECB 3DES-ECB AES-ECB DES-CBC 3DES-CBC AES-CBC DES-OFB 3DES-OFB Algorithm In-system speeds 5-10X slower than stand-alone speeds! DES-CFB 3DES-CFB SHA1 MD5 Cryptographic Algorithm 3DES 10.8X AES 3.1X MD5 4.8X SHA1 5.5X Speedup (vs. ARM946@200MHz) (1) Data measured on chip (@100MHz, ARM@200MHz) (2) Based on 4KB data blocks

6 Bottleneck: Crypto-offloading SW Architecture Crypto-offloading SW architecture fills the gap from applications on the host processor to Hardware abstraction Mutual exclusion Synchronization & data transfer Workload & resource management User OS Application Crypto. MT - CGX stub stub HW IPC MT - Crypto. CGX server server System call MSE driver Linux OS OS ARM Application Crypto. CGX stub stub Interrupt, Shared mem. Crypto. Library CGX Backend Comm. Driver Crypto-offloading SW architecture SW HW Application Crypto. server Driver Driver Crypto. server Application Semaphore + context switch System call (device I/O) Interrupt (ARM to ) Interrupt ( to ARM) System call return (device I/O) Sequence of events involved in crypto-offloading Semaphore + context switch

7 Efficient Crypto-offloading SW Architecture Re-partitioning of functions between user-space and kernel-space Eliminate 2 context switches per round-trip Asynchronous crypto-offloading Eliminate synchronization overhead (semaphore / mutex) User App1 App2 User-level stub User-level stub OS Async API KMCO Thread App3 Driver Crypto server Crypto Library SW Kernel-level stub Comm.driver HW ARM HW

8 Impact of Efficient Crypto-offloading SW Architecture Benefit of asynchronous offload vs. synchronous offload (IPSec, ESP-3DES-SHA1) Data Rate (KBps) Data Rate w/ MSE - User-mode IPSec Data Rate - No MSE - User-mode IPSec Data Rate w/ MSE - Kernel-mode IPSec Speedup - User-mode IPSec Speedup - Kernelmode IPSec Speedup (Crypto-offloaded vs. Software crypto-based) Packet Size (bytes)

9 Limits of Acceleration: SSL (Secure Sockets Layer) Protocol Authentication, Key exchange Application data SSL Handshake SSL Change Cipher SSL Record Protocol TCP IP Privacy, Integrity SSL Alert Fragment Compressed Fragment Encrypted data MAC trailer Padding Compression Message Integrity Padding Encryption SSL record SSL header SSL Record Assembly

10 2014 Anand Raghunathan main SSL_read des_ed3_cbc_encrypt des_decrypt3 des_encrypt3 BN_mod_exp_mont BN_mod_mul_montgomery exchange_data SSL_connect initialize_ctx block_host_order block_data_order SHA1_Update MD5_Update des_encrypt2 SSL function call graph Secure Embedded System Design

11 Breakdown of Total Time Maximum vs. Actual Speedup for SSL 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% Other Encrypt (3DES) Hash (SHA1) Packet size (B) True cost of programmability/flexibility is small! Maximum speedup possible is 5.3X (Amdahl s law) achieves 4.5X

12 Performance: Application Level has been evaluated in the context of SSL, IPSec, and DRM applications running on NEC s mobile platforms Applications OpenSSL: 4.5X data rate Secure Browsing, e-commerce SSL IPSec: 10.6X data rate, 5X latency VPN, Secure VoIP DRM agent: 2.5X data rate Media Players, Games IPSec S/MIME DRM Trusted OS Trusted Boot User data protection Secure Storage Theft prevention IMEI Core Functions Cryptographic processing Key Management Secure Boot Memory Protection Trusted Platform Module

13 Summary Inefficient SW can easily mask blazingly fast HW! Efficient SW architecture critical for good performance Stand-alone vs. in-system performance Acceleration options that seem very different may have negligible difference at the system level ECE 695R: System-on-Chip Design, Fall