Σχεδίαση & υλοποίηση reconfingurable αρχιτεκτονικής των secure hash algorithms σε FPGA

Φρέσκος, Ευάγγελος

11 January 2011

Στα πλαίσια αυτής της διπλωματικής εργασίας μελετήσαμε τους Secure Hash Algorithms, σχεδιάσαμε μια υλοποίηση αυτών με Reconfigurable αρχιτεκτονική και το συνθέσαμε σε ένα FPGA board. Η εργασία ξεκίνησε με μελέτη των προτύπων του SHA-160/224/256/384/512 και ιδιαίτερα των μαθηματικών συναρτήσεων υπολογισμού και των χαρακτηριστικών μεγεθών του κάθε αλγόριθμου. Επικεντρωθήκαμε στην εύρεση των κοινών σημείων και στα χαρακτηριστικά μεγέθη και στις συναρτήσεις και στο πως θα μπορούσαμε να εκμεταλλευτούμε αυτά για να πετύχουμε μια υλοποίηση και των πέντε αλγορίθμων χωρίς να γίνονται περιττοί υπολογισμοί και επαναχρησιμοποίηση area. Η υλοποίηση μας θα έπρεπε επίσης να έχεις τέσσερα μπλοκ διαφορετικών μηνυμάτων ταυτόχρονα προς επεξεργασία χωρίζοντας την σε τέσσερα ανεξάρτητα στάδια με pipeline τεχνική για την βελτίωση της απόδοσης. Επίσης κάθε μήνυμα μπορεί να χρησιμοποιεί οποιοδήποτε από τους αλγόριθμους SHA-160/224/256/384/512. Εφόσον η αρχική υλοποίηση μας πιστοποιήθηκε ότι παράγει το σωστό αποτέλεσμα σύμφωνα με τα test vector των προτύπων χρησιμοποιήσαμε την τεχνική του partial unrolling operations για να μειώσουμε τα απαιτούμε clock για τον υπολογισμό των hash τιμών των μηνυμάτων. Τέλος, με την χρήση Modelsim και Precision Physical, υλοποιήσαμε και συνθέσαμε και τις δυο αρχιτεκτονικές μας συγκρίνοντας τα αποτελέσματα και προτείνοντας μελλοντικές βελτιώσεις και προσθήκες στο σύστημά μας. / In this thesis we studied the Secure Hash Algorithms, designed a Reconfiguble Implementation of them and synthesized it on an FPGA board. The work started with the study of the SHA-160/224/256/384/512 prototypes and especially with the mathematical equations and the algorithm sizes. We focused on finding the common points between the algorithm sizes and the mathematical equations along with how we could take advantage of them so we could achieve an implementation of the five SHA algorithms without doing any not necessary computations and area reuse. The implementation must, also, have four different blog messages at the same time for computation in the processor unit, leading to a pipeline distinction of four autonomous parts and improved performance. Moreover the message chooses the algorithm that will be used for encryption. After we validated the original reconfigurable architecture by using the test vectors of the prototypes, we used the partial unrolling of operations technique to decrease the needed number of clocks for the computation of the message digest. Finally, by using Modelsim and Precision Physical we implemented and synthesized both proposed architectures, compared the results and proposed future improvements and additions in our system.

Υλοποίηση αλγορίθμων

005.82

SHA-1

SHA-2

FPGA

VHDL

Reconfingurable implementation

Secure hash algorithms

Performance Evaluation of Cryptographic Algorithms on ESP32 with Cryptographic Hardware Acceleration Feature

Jin, Qiao

January 2022

The rise of the Internet of Things (IoT) and autonomous robots/vehicles comes with a lot of embedded electronic systems. Small printed circuit boards with microcomputers will be embedded almost everywhere. Therefore, the security and data protection of those systems will be a significant challenge to take into consideration for the future development of IoT devices. Cryptographic algorithms can be used to provide confidentiality and integrity for data transmitted between those embedded devices. It is important to know what kind of algorithm is the most suitable for the specified task and the selected embedded device.  In this thesis, several commonly used cryptographic algorithms are evaluated and an EPS32 based IoT device is chosen as the evaluation platform. ESP32 is a series of low cost and low power System-on-Chip microcontrollers with integrated Wi-Fi and dual-mode Bluetooth. Additionally, ESP32 has the hardware acceleration feature for commonly used cryptographic algorithms. The goal of this thesis is to evaluate the performances of different cryptographic algorithms on the ESP32 with and without using the hardware acceleration feature. The execution times of different cryptographic algorithms processing data with varying sizes are collected, and the performance of each cryptographic algorithm is then evaluated.  A data logging scenario is evaluated as a case study where the ESP32 periodically sends data to a remote database. Under different configurations of the ESP32, the transmission time of encrypted and non-encrypted communications via Hypertext Transfer Protocol Secure (HTTPS) and Hypertext Transfer Protocol (HTTP) will be compared.  The results can be used to simplify the calculation of performance/protection trade-offs for specific algorithms. It also shows that the built-in hardware acceleration has a significant impact on increasing those algorithms’ performances. For Advanced Encryption Standard (AES), the throughput for encryption increased by 257.8%, and for decryption 222.7%. For Secure Hash Algorithm (SHA-2), the throughput increased by 165.2%. For Rivest-Shamir-Adleman (RSA), the encryption throughput has a decrease of 40.7%, and decryption has an increase of 184%. Furthermore, the results can also aid the design and development of a secure IoT system incorporating devices built with ESP32. / Uppkomsten av Internet of Things (IoT) och autonoma robotar / fordon kommer med många inbyggda elektroniska system. Små kretskort med mikrodatorer kommer att vara inbäddade nästan överallt. Därför kommer säkerheten och dataskyddet för dessa system att vara en betydande utmaning att ta hänsyn till för den framtida utvecklingen av IoT-enheter. Kryptografiska algoritmer kan användas för att ge sekretess och integritet för data som överförs mellan de inbäddade enheterna. Det är viktigt att veta vilken typ av algoritm som är bäst lämpad för den angivna uppgiften och den valda inbäddade enheten.  I denna avhandling utvärderas flera vanliga kryptografiska algoritmer och en EPS32-baserad IoT-enhet väljs som utvärderingsplattform. ESP32 är en serie av låga och lågeffektiva system-on-chip-mikrokontroller med integrerat Wi-Fi och dual-mode Bluetooth. Dessutom har ESP32 hårdvaruaccelereringsfunktionen för vanliga kryptografiska algoritmer. Målet med denna avhandling är att utvärdera prestanda för olika kryptografiska algoritmer på ESP32 med och utan att använda hårdvaruaccelereringsfunktionen. Exekveringstiderna för olika kryptografiska algoritmer som behandlar data med olika storlekar samlas in och prestanda för varje kryptografisk algoritm utvärderas sedan.  Ett dataloggningsscenario utvärderas som en fallstudie där ESP32 regelbundet skickar data till en fjärrdatabas. Under olika konfigurationer av ESP32 jämförs överföringstiden för krypterad och icke-krypterad kommunikation via Hypertext Transfer Protocol Secure (HTTPS) och Hypertext Transfer Protocol (HTTP).  Resultaten kan användas för att förenkla beräkningen av prestanda / skydda avvägningar för specifika algoritmer. Det visar också att den inbyggda hårdvaruaccelerationen har en betydande inverkan på att öka dessa algoritmers prestanda. För Advanced Encryption Standard (AES) ökade genomströmningen för kryptering med 257,8% och för dekryptering 222,7%. För Secure Hash Algorithm (SHA-2) ökade kapaciteten med 165,2%. För Rivest-Shamir-Adleman (RSA) har krypteringsflödet minskat med 40,7% och dekryptering har ökat med 184%. Dessutom kan resultaten också hjälpa till att utforma och utveckla ett säkert IoT-system som innehåller enheter byggda med ESP32.

Computer and Information Sciences

Data- och informationsvetenskap

Fault Tolerant Cryptographic Primitives for Space Applications

Juliato, Marcio

January 2011

Spacecrafts are extensively used by public and private sectors to support a variety of services. Considering the cost and the strategic importance of these spacecrafts, there has been an increasing demand to utilize strong cryptographic primitives to assure their security. Moreover, it is of utmost importance to consider fault tolerance in their designs due to the harsh environment found in space, while keeping low area and power consumption. The problem of recovering spacecrafts from failures or attacks, and bringing them back to an operational and safe state is crucial for reliability. Despite the recent interest in incorporating on-board security, there is limited research in this area. This research proposes a trusted hardware module approach for recovering the spacecrafts subsystems and their cryptographic capabilities after an attack or a major failure has happened. The proposed fault tolerant trusted modules are capable of performing platform restoration as well as recovering the cryptographic capabilities of the spacecraft. This research also proposes efficient fault tolerant architectures for the secure hash (SHA-2) and message authentication code (HMAC) algorithms. The proposed architectures are the first in the literature to detect and correct errors by using Hamming codes to protect the main registers. Furthermore, a quantitative analysis of the probability of failure of the proposed fault tolerance mechanisms is introduced. Based upon an extensive set of experimental results along with probability of failure analysis, it was possible to show that the proposed fault tolerant scheme based on information redundancy leads to a better implementation and provides better SEU resistance than the traditional Triple Modular Redundancy (TMR). The fault tolerant cryptographic primitives introduced in this research are of crucial importance for the implementation of on-board security in spacecrafts.

Security

Cryptography

Fault Tolerance

Trusted Platform

Space Systems

Hash Functions

Secure Hash Algorithm

SHA-2

Keyed-Hash Message Authentication Code

HMAC

Hardware Implementation

FPGA

Application Specific Processor

Custom Instruction

HW/SW Partitioning

Electrical and Computer Engineering

Fault Tolerant Cryptographic Primitives for Space Applications

Juliato, Marcio

January 2011

Spacecrafts are extensively used by public and private sectors to support a variety of services. Considering the cost and the strategic importance of these spacecrafts, there has been an increasing demand to utilize strong cryptographic primitives to assure their security. Moreover, it is of utmost importance to consider fault tolerance in their designs due to the harsh environment found in space, while keeping low area and power consumption. The problem of recovering spacecrafts from failures or attacks, and bringing them back to an operational and safe state is crucial for reliability. Despite the recent interest in incorporating on-board security, there is limited research in this area. This research proposes a trusted hardware module approach for recovering the spacecrafts subsystems and their cryptographic capabilities after an attack or a major failure has happened. The proposed fault tolerant trusted modules are capable of performing platform restoration as well as recovering the cryptographic capabilities of the spacecraft. This research also proposes efficient fault tolerant architectures for the secure hash (SHA-2) and message authentication code (HMAC) algorithms. The proposed architectures are the first in the literature to detect and correct errors by using Hamming codes to protect the main registers. Furthermore, a quantitative analysis of the probability of failure of the proposed fault tolerance mechanisms is introduced. Based upon an extensive set of experimental results along with probability of failure analysis, it was possible to show that the proposed fault tolerant scheme based on information redundancy leads to a better implementation and provides better SEU resistance than the traditional Triple Modular Redundancy (TMR). The fault tolerant cryptographic primitives introduced in this research are of crucial importance for the implementation of on-board security in spacecrafts.

Security

Cryptography

Fault Tolerance

Trusted Platform

Space Systems

Hash Functions

Secure Hash Algorithm

SHA-2

Keyed-Hash Message Authentication Code

HMAC

Hardware Implementation

FPGA

Application Specific Processor

Custom Instruction

HW/SW Partitioning

Electrical and Computer Engineering