Presentation is loading. Please wait.

Presentation is loading. Please wait.

Swankoski MAPLD 2005 / B103 1 Dynamic High-Performance Multi-Mode Architectures for AES Encryption Eric Swankoski Naval Research Lab Vijay Narayanan Penn.

Published byGarry Gray Modified over 8 years ago

Similar presentations

Presentation on theme: "Swankoski MAPLD 2005 / B103 1 Dynamic High-Performance Multi-Mode Architectures for AES Encryption Eric Swankoski Naval Research Lab Vijay Narayanan Penn."— Presentation transcript:

1 Swankoski MAPLD 2005 / B103 1 Dynamic High-Performance Multi-Mode Architectures for AES Encryption Eric Swankoski Naval Research Lab Vijay Narayanan Penn State University

2 2 Swankoski MAPLD 2005 / B103 Background & Motivation Bandwidth and throughput capabilities of modern optical networks is skyrocketing Protecting transmitted data becoming more and more critical Current encryption architectures generally aren’t capable of keeping up with high-speed environments SEU effects rarely, if ever, considered

3 3 Swankoski MAPLD 2005 / B103 Plan of Attack: FPGA Encryption Algorithm: Advanced Encryption Standard (AES) – Supports multiple key lengths – Supports multiple encryption modes – Supports multiple levels of pipelining Target Architecture: Xilinx FPGAs – Can be adapted to ASIC devices – Virtex-II, Virtex-4 Target Performance: 60+ gigabits per second – Requires both inner-round and outer-round pipelining

4 4 Swankoski MAPLD 2005 / B103 The AES Algorithm 10 Rounds of Encryption for 128-bit operands Four basic operations: – SubBytes: 8-bit substitution (16 parallel operations per round) – ShiftRows: Byte reordering and rotation (4 parallel operations per round) – MixColumns: Polynomial multiplication (4 parallel operations per round) – AddRoundKey Simple 128-bit XOR

5 5 Swankoski MAPLD 2005 / B103 Optimizing for Performance Exploit all possible parallelism Alternative byte substitution methods – 1 cycle for a lookup-based substitution – 5 cycles for a mathematical transformation Utilize pipelining – Outer-Round: 1 cycle per round – Inner-Round: 4 cycles per round (lookup-based byte substitution) 8 cycles per round (pipelined byte substitution)

6 6 Swankoski MAPLD 2005 / B103 Combinatorial Byte Substitution Actual mathematical transformation Conventional implementation cannot be pipelined – Simple (atomic) 8x8 lookup table Smaller than lookup table Faster than lookup table – Utilizes five-stage pipeline All internal operands are four bits wide

7 7 Swankoski MAPLD 2005 / B103 Encryption Round Diagram Atomic S-Box: – 40 Pipeline Stages Combinatorial S-Box: – 76 Pipeline Stages – Needs a constant stream to be effective Parallel Key Scheduling – No performance penalty Offline Key Scheduling – Precomputed keys can be stored in registers

8 8 Swankoski MAPLD 2005 / B103 Counter (CTR) Mode Effectively converts AES into a stream cipher High security – similar to CBC Supports inner-round and outer-round pipelining No error propagation – errors are completely isolated

9 9 Swankoski MAPLD 2005 / B103 Cipher Block Chaining (CBC) Mode Most secure – no patterns are observed Cannot be pipelined 100% downstream corruption resulting from data loss or single- event upsets (SEUs) during encryption – Errors are isolated during decryption

10 10 Swankoski MAPLD 2005 / B103 Electronic Codebook (ECB) Mode Supports full pipelining No error propagation – errors are completely isolated Least secure – identical input gives identical output – Patterns observable in video and image data

11 11 Swankoski MAPLD 2005 / B103 Staggered CBC Mode Pipelined with Output Feedback Each encrypted block n depends on itself and the block (n – x) where x is the latency of the pipeline Maintains security while mitigating some error propagation problems

12 12 Swankoski MAPLD 2005 / B103 More Challenges Error-Tolerant Encryption Maintaining High Security Maintaining High Performance

13 13 Swankoski MAPLD 2005 / B103 Error-Tolerant Encryption Are errors acceptable? – Possibly, but better to assume not How do the multiple modes of encryption deal with upsets? Is there a benefit to triple modular redundancy (TMR)? – Is it what we expect?

14 14 Swankoski MAPLD 2005 / B103 Error-Tolerant Encryption CTR and ECB encryption isolate errors – Transmission integrity largely preserved even without SEU mitigation TMR can ensure 100% transmission integrity – TMR REQUIRED for CBC encryption

15 15 Swankoski MAPLD 2005 / B103 Error-Tolerant Encryption Image 1: Error-Free Plaintext Image – Before Encryption / After Decryption – CTR, ECB, or CBC with mitigation Image 2: Decrypted Plaintext Image – One corrupted block – CTR or ECB without mitigation Image 3: Decrypted Plaintext Image – One block corrupted during encryption – CBC without mitigation

16 16 Swankoski MAPLD 2005 / B103 Maintaining High Security How do the multiple modes of encryption affect security? Is physical protection of the key necessary? – Depends on the environment How is throughput affected by increased security? – Hopefully, not at all…

17 17 Swankoski MAPLD 2005 / B103 Maintaining High Security ECB-encrypted image has observable patterns CTR/CBC/SCBC encryption looks like random noise

18 18 Swankoski MAPLD 2005 / B103 Maintaining High Security Physical Key Protection – Not required in aerospace applications Power Analysis / Soft Attacks – Countermeasures not mode specific Throughput Effects – ECB & CTR far outperform CBC – Why is CBC an official mode?

19 19 Swankoski MAPLD 2005 / B103 System-Level Diagram Supports ECB, CTR, CBC, and SCBC modes Supports two types of TMR – System: triplicates all control, key hardware, and mode logic – Encryption: triplicates only encryption and key scheduling hardware

20 20 Swankoski MAPLD 2005 / B103 Performance Results – Virtex-4 Key Scheduling – Offline uses precomputed and stored keys (compile or design time) – Online uses dynamically computed keys (run time) Significant performance improvement for combinatorial byte substitution in pipelined mode Virtex-II Pro performs better with ROM implementation (56.42 & 60.35 Gbps) Better CBC performance achieved through other architectures Byte Substitution Key Scheduling AreaFrequency Throughput (CTR, ECB, SCBC) Throughput (CBC) ROMOnline3588339.5 MHz43.5 Gbps1.088 Gbps ROMOffline2827446.8 MHz57.2 Gbps1.430 Gbps CombinatorialOnline13651519.2 MHz66.5 Gbps700.0 Mbps CombinatorialOffline10912519.2 MHz66.5 Gbps700.0 Mbps

21 21 Swankoski MAPLD 2005 / B103 Lessons Learned Don’t try to over-optimize FPGA code – Returns diminish quickly – Sometimes less is more Know your synthesis tool – Now why did it do THAT? Check your system’s memory – RAM does fail at inopportune times… ESPECIALLY if it has a lifetime warranty

22 22 Swankoski MAPLD 2005 / B103 Lessons Learned Over-optimization – In a highly pipelined FPGA design, routing plays a MAJOR role in the clock frequency 70%-80% of the total delay – What would work in an ASIC (or in theory, or on paper…) might actually make things worse – Manual floorplanning and P&R might help, but usually provides minimal (if any) improvement – Moral? – Try reducing the pipeline depth as well as increasing it, it just might help!

Download ppt "Swankoski MAPLD 2005 / B103 1 Dynamic High-Performance Multi-Mode Architectures for AES Encryption Eric Swankoski Naval Research Lab Vijay Narayanan Penn."

Similar presentations

International Data Encryption Algorithm

International Data Encryption Algorithm
“Advanced Encryption Standard” & “Modes of Operation”

“Advanced Encryption Standard” & “Modes of Operation”
Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.

Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.
Modern Symmetric-Key Ciphers

Modern Symmetric-Key Ciphers
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.

TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.
Cryptanalysis on FPGA Based Hardware

Cryptanalysis on FPGA Based Hardware
Maintaining Data Integrity in Programmable Logic in Atmospheric Environments through Error Detection Joel Seely Technical Marketing Manager Military &

Maintaining Data Integrity in Programmable Logic in Atmospheric Environments through Error Detection Joel Seely Technical Marketing Manager Military &
Cryptography and Network Security Chapter 6. Chapter 6 – Block Cipher Operation Many savages at the present day regard their names as vital parts of themselves,

Cryptography and Network Security Chapter 6. Chapter 6 – Block Cipher Operation Many savages at the present day regard their names as vital parts of themselves,
Cryptography1 CPSC 3730 Cryptography Chapter 6 Triple DES, Block Cipher Modes of Operation.

Cryptography1 CPSC 3730 Cryptography Chapter 6 Triple DES, Block Cipher Modes of Operation.
Advanced Encryption Standard

Advanced Encryption Standard
Exploring timing based side channel attacks against 802.11i CCMP Suman Jana, Sneha K. Kasera University of Utah Introduction

Exploring timing based side channel attacks against i CCMP Suman Jana, Sneha K. Kasera University of Utah Introduction
1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition.

1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition.
This Lecture: AES Key Expansion Equivalent Inverse Cipher Rijndael performance summary.

This Lecture: AES Key Expansion Equivalent Inverse Cipher Rijndael performance summary.
Introduction to Modern Cryptography Lecture 2 Symmetric Encryption: Stream & Block Ciphers.

Introduction to Modern Cryptography Lecture 2 Symmetric Encryption: Stream & Block Ciphers.
The Design of Improved Dynamic AES and Hardware Implementation Using FPGA 89321032 游精允.

The Design of Improved Dynamic AES and Hardware Implementation Using FPGA 游精允.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering.
Team W1 Design Manager: Rebecca Miller 1. Bobby Colyer (W11) 2. Jeffrey Kuo (W12) 3. Myron Kwai (W13) 4. Shirlene Lim (W14) Stage II: 26 th January 2004.

Team W1 Design Manager: Rebecca Miller 1. Bobby Colyer (W11) 2. Jeffrey Kuo (W12) 3. Myron Kwai (W13) 4. Shirlene Lim (W14) Stage II: 26 th January 2004.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
Encryption Schemes Second Pass Brice Toth 21 November 2001.

Encryption Schemes Second Pass Brice Toth 21 November 2001.

Similar presentations

Ads by Google