Crypto Hardware Design for

Transcription

1 Crypto Hardware Design for Embedded Applications Dr. Amlan Chakrabarti & Mr. Suman Sau Real Time EmbeddedSystem Research Group A.K.Choudhury School of Information Technology University of Calcutta l i i 1

2 Agenda Insight to Embedded Systems High Performance Embedded System Design Requirements Challenges Basic Concepts of Cryptography Public & Private Keys Hashing Digital Signature Block Cipher and Stream Cipher Crypto Hardware for Embedded Systems Requirements Challenges Reconfigurable Hardware Architectures Design examples Crypto Engine Design Prototype Design Using FPGA Example Conclusion 2

3 Insight to Embedded Systems An embedded system is nearly any computing system (other than a general purpose computer) with the following characteristics Single functioned Typically, is designed to perform predefined function Tightly constrained Tuned for low cost Single to fewer components based Performs functions fast enough Consumes minimum power Reactive and real time Must continually monitor the desired environment and react to changes Hardware and software co existence 3

4 Insight to Embedded Systems (2) 4

5 Insight to Embedded Systems (3) Typical embedded softwarecomponents: Embedded Application Code Device Drivers A Real Time Operating System (RTOS) Hardware abstraction layer(s) System initialization routines Amlan Chakrabarti, PHYSTENS Dec. 2012

6 High Performance Embedded Systems (4) Massive computational resources with requirements of Small size Low Weight Very low power consumption Need to employ innovative, advanced system architectures Architectures typically feature Multiple processor cores Tieredmemory structures with multi level level memory caching Multi layer bus structures. Super pipelining pipelining and/or super scalingscaling Amlan Chakrabarti, PHYSTENS Dec. 2012

7 High Performance Embedded Systems (6) Increasing software content The software content of embedded systems is increasing at a phenomenal rate software development and test often dominate the costs, timelines, and risks associated with today's embedded system designs. Amlan Chakrabarti, PHYSTENS Dec. 2012

8 Multi-Core Embedded Systems 8

9 9 Log(Pe erformanc ce) Superscalar Era Processor Memory Latency Memory Bandwidth 0% / year Single thread performance scaled at 50% per year Bandwidth increases much more slowly, but we could add additional bits or channels. Lack of diversity in architecture = lack of individual id ltuning Power wall has capped single thread performance

10 Why Multicore? It is reasonable to question whether multicore is worth this additional work, or whether it is possible to continue gaining improvements through single-core devices. Raising Clock Frequency Crank up the frequency But it has become all too apparent that pushing the frequency came at a price Frequency improvements penalize power consumption, which in turn generates heat that requires more advanced cooling, decreases reliability, and shortens the longevity of the device. Other issues Techniques such as parallelizing instructions, speculative execution, and pipelining cannot generally scale with the frequency 10

11 Multi-core embedded systems Need Increased computing demands from embedded system with constrained energy and power A 3G mobile handset s signal processing requires GOPS Constraints: power dissipation budget of 1W Performance efficiency required: 25 mw/gop or 25 pj/operation Multi-core embedded systems provide a promising solution to meet these performance and power constraints Multi-core embedded systems architecture Processor cores Caches Memory controllers Interconnection network 11

12 Multicore for Multiple Reasons Asynchronous multiprocessing (AMP) Minimizes i i overhead and synchronization issues Core 1 runs legacy OS, Core 2 runs RTOS, others do a variety of processing tasks (i.e. where applications can be optimized) Parallel pipelining Taking advantage of proximity The performance opportunity. APPLICATION Linux RTOS Thread1 Thread2 Thread3 Thread4 Threadn Video Compress Security 12

13 Different Types of Multicore Homogenous Describes a multicore environment in which cores are identical and execute the same instruction set Heterogeneous Describes a multicore environment in which cores are not identical and implement different instruction sets The current trend is to create homogeneous multicore devices, but a significant performance advantage can be obtained by using specialized cores and accelerators to offload the main cores. 13

14 Major Challenges for Multi Core Designs Communication Memory hierarchy Data allocation (you have a large shared L2/L3 now) Interconnection network Scalability Bus Bandwidth, how to get there? Power Performance P Win or lose? Borkar s multicore arguments 15% per core performance drop 50% power saving Giant, single core wastes power when task is small How about leakage? Process variation iti and yield ild Programming Model A. Chakrabarti and S. Sau, ICISS

15 Basic Concepts of Cryptography 15

16 Ciphers ==> ciphertext We start with plaintext. Something we can read We apply a mathematical algorithm to the plaintext The algorithm is the cipher The plaintext is turned in to ciphertext Almost all ciphers were secret until recently Creating a secure cipher is HARD 16

17 What it Looks Like 17

18 Symmetric Cipher Private Key/Symmetric Ciphers clear text K cipher text K clear text The same key is used to encrypt the document before sending and to decrypt it once it is received Examples: DES, 3DES, AES, Blowfish, IDEA 18

19 Public/Private Keys We generate a cipher key pair. One key is the private key, the other is the public key The private key remains secret and should be protected The public key is freely distributable. It is related mathematically to the private key, but you cannot (easily) reverse engineer the private key from the public key Use the public key to encrypt data Only someone with the private key can decrypt. 19

20 Example (Public/Private Key pair) clear text cipher text k 1 k 2 clear text (public key) (private key) One key is used to encrypt the document, a different key is used to decrypt it. This is a big deal! 20

21 Block Cipher and Stream Cipher Block cipher operates on fixed length groups of bits, called blocks unvarying transformation that is specified by a symmetric key widely used to implement encryption of bulk data Stream Cipher plaintext digits are combined witha pseudorandom cipher digit stream (key stream) each plaintext digit is encrypted one at a time with the corresponding digit of the key stream 21

22 Hashing One-Way Encryption clear text hashing function Fixed length hash or message digest Munging the document gives a short message digest (hash). h) Not possible to go back from the digest to the original document. 22

23 Protecting the Private Key symmetric k cipher 2 k 2 (encrypted on disk) key 2 ready for use Passphrase entered by user hash *Such as SHA-1 or SHA-2 K 2 = private key 23

24 Digital i Signatures Let's reverse the role of public and private keys. To create a digital signature on a document do: Munge a document. Encrypt thehash hash with your private key. Send the document plus the encrypted hash. On the other end munge the document and decrypt the encrypted message digest with the person's public key. If they match, the document is authenticated. 24

25 Digital Signatures Take a hash of the document and encrypt only that. An encrypted hash is called a "digital signature" hashh hashh digital signature COMPARE k k 2 (private) 1 k 1 (public) 25

26 Security Functions data confidentiality data integrity authentication ti ti 26

27 Embedded Security Pyramid 27

28 Design Challenges 28

29 Crypto Hardware design 29

30 Hardware Implementation Benefits More secure implementations Implementing both algorithms in hardware removes bottleneck associated with ih Single hardware implementation supporting both algorithms reduce costs of separate hardware 30

31 Architectures for Security Processing 31

32 Second- and third-generation security processing architectures Cryptographic Hardware Accelerators obtained through custom hardware implementations of cryptographic (asymmetric, symmetric, hash) algorithms Applications low-power mobile appliances and smartcards to high-performance network routers and application servers [Discretix; Safenet] Embedded Processor Enhancements Improving the security processing capabilities of general-purpose processors accelerating bitlevel arithmetic operations such as the permutations performed in crypto algorithms Examples Smart MIPS, ARM SecureCore family, MOSES security processor developed at NEC 32

33 Second- and third-generation security processing architectures contd. Security Protocol Engines Security protocol engines accelerate all or most of the functionality ypresent in a security yprotocol higher efficiency than cryptographic accelerators these protocol engines, if programmable, can be used to execute multiple l protocols efficiently i programmable security protocol engines are being used increasingly gy by embedded system designers when both flexibility and efficiency are required Examples 7811 security processor from HIFN can be used in VPNs to perform IPSec processing 33

34 HW-SW Codesign Support multiple algorithms and protocols 34

35 Implementation Platforms 35

36 Reconfigurable Hardware and Why Hardware? Cryptography Software Implementations are too slow for time critical applications Hardware implementations are intrinsically more secure Why Reconfigurable? 36

37 Reconfigurable Hardware and Cryptography (2) Advantages of reconfigurable platforms Algorithm agility Algorithm Upgradability Architecture Efficiency Resource Efficiency Algorithm Modification Throughput (Relative to software) Cost Efficiency (Relative to ASICs) 37

38 ASIC vs FPGA 38

39 Design With Reconfigurable Hardware Programmable Hardware: FPGA Re-Programmable Hardware Enables the development of nearly all digital circuits Leading vendors: Xilinx, Altera, MicroSemi Trend to heterogeneous multicore systems out of processors, DSPs, high-speed I/O and programmable logic Usually a rapid prototyping platform but increased exploitation as ASIC substitute 39

40 Advantages of FPGA Embedded Processor Systems Merge CPU and I/O functions onto a single board Flexible design template optimize power, data, and form factor to match application and I/O requirements Tightly coupled high speed logic and control system interface on a single chip versatile tradeoff between hardware and software task Advanced tools bridge software and logic development, provide BSP generation for Linux, VxWorks 40

41 Embedded Processors on FPGA Hard Core Embedded processor is a dedicated physical component of the chip, separate from the programmable logic E.g. Xilinx Virtex families w/ PowerPC 405 Soft Core Embedded processor is built out of the programmable logic on the chip E.g. Xilinx MicroBlaze, Altera NIOS 41

42 Hard Core vs. Soft Core Considerations Both cores utilize about the same % of total chip resources Hard core performance = 3-4x faster than fastest soft cores FPGAs with hard cores are more expensive Soft cores more flexible Multiple cores can be used in a single chip Can be used in a chip with a hard core 42

43 Architecture of the appl. specific FPGA 43

44 Application specific FPGA: Toolflow 44

45 Crypto Engine Design 45

46 What is crypto engine? Designed to implement the specific cipher need Implementation ti through a library of general purpose FPGA design blocks Can be also configured for multiple ciphers 46

47 Crypto Engine as a Coprocessor Customized co processor core as per the requirement of the algorithm Main processor can execute the other required application tasks concurrently Enables multi taskingtasking Communicates with the main processor core through h a bus 47

48 Co processor based Hardware Design on FPGA 48

49 Co processor using FSL bus(internal Architecture) 49

50 Example Design of AES Crypto Engine Internal Architecture of AES Core 50

51 AES Engine as coprocessor with Micro blaze core. 51

52 System Architecture 52

53 Research Issues Hardware design of latest crypto/hash algorithms Parallelization li i of cryptographic algorithms Higher throughput Low power design Hardware error dt detectionti 53

54 Conclusion Multi-core architecture presented provides a good trade-off between flexibility, performances and resource consumption Crypto-accelaretors and crypto-engines can be efficiently catered by multi-core based designs Synchronization is a great challenge Reconfigurable hardware provides new opportunities 54

55 Prof. Ranjan Ghosh, University of Calcutta Mr. Rourab Paul, Research Scholar, University of Calcutta Mr. Sangeet Saha, M.Tech. student, University of Calcutta 55

56 56