Swankoski MAPLD 2005 / B103 1 Dynamic High-Performance Multi-Mode Architectures for AES Encryption Eric Swankoski Naval Research Lab Vijay Narayanan Penn.

Slides:



Advertisements
Similar presentations
International Data Encryption Algorithm
Advertisements

“Advanced Encryption Standard” & “Modes of Operation”
Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.
Modern Symmetric-Key Ciphers
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.
Cryptanalysis on FPGA Based Hardware
Maintaining Data Integrity in Programmable Logic in Atmospheric Environments through Error Detection Joel Seely Technical Marketing Manager Military &
Cryptography and Network Security Chapter 6. Chapter 6 – Block Cipher Operation Many savages at the present day regard their names as vital parts of themselves,
Cryptography1 CPSC 3730 Cryptography Chapter 6 Triple DES, Block Cipher Modes of Operation.
Advanced Encryption Standard
Exploring timing based side channel attacks against i CCMP Suman Jana, Sneha K. Kasera University of Utah Introduction
1 The AES block cipher Niels Ferguson. 2 What is it? Block cipher: encrypts fixed-size blocks. Design by two Belgians. Chosen from 15 entries in a competition.
This Lecture: AES Key Expansion Equivalent Inverse Cipher Rijndael performance summary.
Introduction to Modern Cryptography Lecture 2 Symmetric Encryption: Stream & Block Ciphers.
The Design of Improved Dynamic AES and Hardware Implementation Using FPGA 游精允.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering.
Team W1 Design Manager: Rebecca Miller 1. Bobby Colyer (W11) 2. Jeffrey Kuo (W12) 3. Myron Kwai (W13) 4. Shirlene Lim (W14) Stage II: 26 th January 2004.
Lecture 23 Symmetric Encryption
Encryption Schemes Second Pass Brice Toth 21 November 2001.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
RRB/STS ORNL Workshop Integrated Hardware/Software Security Support R. R. BrooksSam T. Sander Associate ProfessorAssistant Professor Holcombe Department.
Study of AES Encryption/Decription Optimizations Nathan Windels.
RUN-TIME RECONFIGURATION FOR AUTOMATIC HARDWARE/SOFTWARE PARTITIONING Tom Davidson, Karel Bruneel, Dirk Stroobandt Ghent University, Belgium Presenting:
Juanjo Noguera Xilinx Research Labs Dublin, Ireland Ahmed Al-Wattar Irwin O. Irwin O. Kennedy Alcatel-Lucent Dublin, Ireland.
Block Cipher Transmission Modes CSCI 5857: Encoding and Encryption.
Cryptography and Network Security
A Compact and Efficient FPGA Implementation of DES Algorithm Saqib, N.A et al. In:International Conference on Reconfigurable Computing and FPGAs, Sept.
Modes of Operation. Topics  Overview of Modes of Operation  EBC, CBC, CFB, OFB, CTR  Notes and Remarks on each modes.
Cryptography and Network Security Chapter 6. Multiple Encryption & DES  clear a replacement for DES was needed theoretical attacks that can break it.
AES Background and Mathematics CSCI 5857: Encoding and Encryption.
Chapter 20 Symmetric Encryption and Message Confidentiality.
Chapter 20 Symmetric Encryption and Message Confidentiality.
Cryptography Chapter 7 Part 2 Pages 781 to 812. Symmetric Cryptography Secret Key Figure 7-10 on page 782 Key distribution problem – Secure courier Many.
Multiple Encryption & DES  clearly a replacement for DES was needed Vulnerable to brute-force key search attacks Vulnerable to brute-force key search.
Chapter 9: Algorithms Types and Modes Dulal C. Kar Based on Schneier.
Modes of Operation INSTRUCTOR: DANIA ALOMAR. Modes of Operation A block cipher can be used in various methods for data encryption and decryption; these.
 Cryptography is the science of using mathematics to encrypt and decrypt data.  Cryptography enables you to store sensitive.
R ECONFIGURABLE H ARDWARE FOR H IGH - SECURITY /H IGH -P ERFORMANCE E MBEDDED S YSTEMS : T HE SAFES P ERSPECTIVE Guy Gogniat, Tilman Wolf, Wayne Burleson,
Lecture 23 Symmetric Encryption
Cryptography Lecture 17: Advanced Encryption Standard (AES) Piotr Faliszewski.
Fifth Edition by William Stallings
Privacy and Integrity: “ Two Essences of Network Security” Presenter Prosanta Gope Advisor Tzonelih Hwang Quantum Information and Network Security Lab,
Symmetric Encryption Lesson Introduction ●Block cipher primitives ●DES ●AES ●Encrypting large message ●Message integrity.
FPGA Implementation of RC6 including key schedule Hunar Qadir Fouad Ramia.
RTL Design Methodology Transition from Pseudocode & Interface
CERN, 18 december 2003Coincidence Matrix ASIC PRR Coincidence ASIC modifications E.Petrolo, R.Vari, S.Veneziano INFN-Rome.
Lecture5 – Introduction to Cryptography 3/ Implementation Rice ELEC 528/ COMP 538 Farinaz Koushanfar Spring 2009.
Encryption / Decryption on FPGA Final Presentation Written by: Daniel Farcovich ID Saar Vigodskey ID Advisor: Mony Orbach Summer.
Network Security. Three tools Hash Function Block Cipher Public Key / Private Key.
The Advanced Encryption Standard Part 2: Mathematical Background
Cipher Transmission and Storage Modes Part 2: Stream Cipher Modes CSCI 5857: Encoding and Encryption.
ECE 545 Project 1 Introduction & Specification Part I.
Block Cipher Modes Last Updated: Aug 25, ECB Mode Electronic Code Book Divide the plaintext into fixed-size blocks Encrypt/Decrypt each block independently.
Modes of Operation block ciphers encrypt fixed size blocks – eg. DES encrypts 64-bit blocks with 56-bit key need some way to en/decrypt arbitrary amounts.
Computer and Network Security
Network Security.
FPGA Implementation of Multicore AES 128/192/256
Maintaining Data Integrity in Programmable Logic in Atmospheric Environments through Error Detection Joel Seely Technical Marketing Manager Military &
Block Cipher Modes CS 465 Make a chart for the mode comparisons
Block cipher and modes of encryptions
Dynamic High-Performance Multi-Mode Architectures for AES Encryption
Block vs Stream Ciphers
ADVANCED ENCRYPTION STANDARDADVANCED ENCRYPTION STANDARD
Block Ciphers (Crypto 2)
International Data Encryption Algorithm
Counter Mode, Output Feedback Mode
Secret-Key Encryption
Presentation transcript:

Swankoski MAPLD 2005 / B103 1 Dynamic High-Performance Multi-Mode Architectures for AES Encryption Eric Swankoski Naval Research Lab Vijay Narayanan Penn State University

2 Swankoski MAPLD 2005 / B103 Background & Motivation Bandwidth and throughput capabilities of modern optical networks is skyrocketing Protecting transmitted data becoming more and more critical Current encryption architectures generally aren’t capable of keeping up with high-speed environments SEU effects rarely, if ever, considered

3 Swankoski MAPLD 2005 / B103 Plan of Attack: FPGA Encryption Algorithm: Advanced Encryption Standard (AES) – Supports multiple key lengths – Supports multiple encryption modes – Supports multiple levels of pipelining Target Architecture: Xilinx FPGAs – Can be adapted to ASIC devices – Virtex-II, Virtex-4 Target Performance: 60+ gigabits per second – Requires both inner-round and outer-round pipelining

4 Swankoski MAPLD 2005 / B103 The AES Algorithm 10 Rounds of Encryption for 128-bit operands Four basic operations: – SubBytes: 8-bit substitution (16 parallel operations per round) – ShiftRows: Byte reordering and rotation (4 parallel operations per round) – MixColumns: Polynomial multiplication (4 parallel operations per round) – AddRoundKey Simple 128-bit XOR

5 Swankoski MAPLD 2005 / B103 Optimizing for Performance Exploit all possible parallelism Alternative byte substitution methods – 1 cycle for a lookup-based substitution – 5 cycles for a mathematical transformation Utilize pipelining – Outer-Round: 1 cycle per round – Inner-Round: 4 cycles per round (lookup-based byte substitution) 8 cycles per round (pipelined byte substitution)

6 Swankoski MAPLD 2005 / B103 Combinatorial Byte Substitution Actual mathematical transformation Conventional implementation cannot be pipelined – Simple (atomic) 8x8 lookup table Smaller than lookup table Faster than lookup table – Utilizes five-stage pipeline All internal operands are four bits wide

7 Swankoski MAPLD 2005 / B103 Encryption Round Diagram Atomic S-Box: – 40 Pipeline Stages Combinatorial S-Box: – 76 Pipeline Stages – Needs a constant stream to be effective Parallel Key Scheduling – No performance penalty Offline Key Scheduling – Precomputed keys can be stored in registers

8 Swankoski MAPLD 2005 / B103 Counter (CTR) Mode Effectively converts AES into a stream cipher High security – similar to CBC Supports inner-round and outer-round pipelining No error propagation – errors are completely isolated

9 Swankoski MAPLD 2005 / B103 Cipher Block Chaining (CBC) Mode Most secure – no patterns are observed Cannot be pipelined 100% downstream corruption resulting from data loss or single- event upsets (SEUs) during encryption – Errors are isolated during decryption

10 Swankoski MAPLD 2005 / B103 Electronic Codebook (ECB) Mode Supports full pipelining No error propagation – errors are completely isolated Least secure – identical input gives identical output – Patterns observable in video and image data

11 Swankoski MAPLD 2005 / B103 Staggered CBC Mode Pipelined with Output Feedback Each encrypted block n depends on itself and the block (n – x) where x is the latency of the pipeline Maintains security while mitigating some error propagation problems

12 Swankoski MAPLD 2005 / B103 More Challenges Error-Tolerant Encryption Maintaining High Security Maintaining High Performance

13 Swankoski MAPLD 2005 / B103 Error-Tolerant Encryption Are errors acceptable? – Possibly, but better to assume not How do the multiple modes of encryption deal with upsets? Is there a benefit to triple modular redundancy (TMR)? – Is it what we expect?

14 Swankoski MAPLD 2005 / B103 Error-Tolerant Encryption CTR and ECB encryption isolate errors – Transmission integrity largely preserved even without SEU mitigation TMR can ensure 100% transmission integrity – TMR REQUIRED for CBC encryption

15 Swankoski MAPLD 2005 / B103 Error-Tolerant Encryption Image 1: Error-Free Plaintext Image – Before Encryption / After Decryption – CTR, ECB, or CBC with mitigation Image 2: Decrypted Plaintext Image – One corrupted block – CTR or ECB without mitigation Image 3: Decrypted Plaintext Image – One block corrupted during encryption – CBC without mitigation

16 Swankoski MAPLD 2005 / B103 Maintaining High Security How do the multiple modes of encryption affect security? Is physical protection of the key necessary? – Depends on the environment How is throughput affected by increased security? – Hopefully, not at all…

17 Swankoski MAPLD 2005 / B103 Maintaining High Security ECB-encrypted image has observable patterns CTR/CBC/SCBC encryption looks like random noise

18 Swankoski MAPLD 2005 / B103 Maintaining High Security Physical Key Protection – Not required in aerospace applications Power Analysis / Soft Attacks – Countermeasures not mode specific Throughput Effects – ECB & CTR far outperform CBC – Why is CBC an official mode?

19 Swankoski MAPLD 2005 / B103 System-Level Diagram Supports ECB, CTR, CBC, and SCBC modes Supports two types of TMR – System: triplicates all control, key hardware, and mode logic – Encryption: triplicates only encryption and key scheduling hardware

20 Swankoski MAPLD 2005 / B103 Performance Results – Virtex-4 Key Scheduling – Offline uses precomputed and stored keys (compile or design time) – Online uses dynamically computed keys (run time) Significant performance improvement for combinatorial byte substitution in pipelined mode Virtex-II Pro performs better with ROM implementation (56.42 & Gbps) Better CBC performance achieved through other architectures Byte Substitution Key Scheduling AreaFrequency Throughput (CTR, ECB, SCBC) Throughput (CBC) ROMOnline MHz43.5 Gbps1.088 Gbps ROMOffline MHz57.2 Gbps1.430 Gbps CombinatorialOnline MHz66.5 Gbps700.0 Mbps CombinatorialOffline MHz66.5 Gbps700.0 Mbps

21 Swankoski MAPLD 2005 / B103 Lessons Learned Don’t try to over-optimize FPGA code – Returns diminish quickly – Sometimes less is more Know your synthesis tool – Now why did it do THAT? Check your system’s memory – RAM does fail at inopportune times… ESPECIALLY if it has a lifetime warranty

22 Swankoski MAPLD 2005 / B103 Lessons Learned Over-optimization – In a highly pipelined FPGA design, routing plays a MAJOR role in the clock frequency 70%-80% of the total delay – What would work in an ASIC (or in theory, or on paper…) might actually make things worse – Manual floorplanning and P&R might help, but usually provides minimal (if any) improvement – Moral? – Try reducing the pipeline depth as well as increasing it, it just might help!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.