1 / 19

Design Driver : Network Security Processor

Design Driver : Network Security Processor. Cheng-Wen Wu August 2004. Outlines. Overall Architecture of NSP Architecture of Crypto-Processor Current Status. Network Security Processor. Applications: IPSec, SSL, VPN, etc. Functionalities: Public key: RSA Private key: AES HMAC

lora
Download Presentation

Design Driver : Network Security Processor

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Design Driver :Network Security Processor Cheng-Wen Wu August 2004

  2. Outlines • Overall Architecture of NSP • Architecture of Crypto-Processor • Current Status

  3. Network Security Processor • Applications: IPSec, SSL, VPN, etc. • Functionalities: • Public key: RSA • Private key: AES • HMAC • Truly random number generator • Target technology: 0.25m to 0.18m • Clock rate: 200MHz or higher (internal) • 32-bit data and instruction word • Throughput: 10Gbps (OC192) • Power: 1 to 10mW/MHz at 3V (LP to HP) • Die size: 50mm2 • On-chip bus: AMBA

  4. NSP Architecture Local SRAM Local SRAM RAM Status Registers CPU CP AMBA B R I D G E APB AHB AHB Arbiter AHB Decoder MUXes External Memory Interface DMA Controller Test Controller BIST

  5. AMBA • Advanced Microcontroller Bus Architecture • Standard system bus for ARM-based chip • Open standard for SOC on-chip bus • Flexible and suitable for a wide range of SOC applications

  6. Crypto-Processor Architecture

  7. Encryption Modules • AES core • Supports AES (ECB, CBCmode) encryption and decryption with128-, 192-, and 256-bit keys • On-the-fly key scheduling • AHB slave interface • RSA core • New engine based on Montgomery algorithm • AHB slave interface; 12k bit local RAM • HMAC core • Supports HMAC-SHA-1 and HMAC-MD5 algorithms with shared data-path • AHB slave interface

  8. AES Core • Reduce hardware complexity of S-Box based on composite field arithmetic • 4-stage pipelined encryption/decryption datapath

  9. Technology 0.25 μm CMOS Package 128 CQFP μ Core Size 1,279 x 1,271 m 2 Gate Count 63.4 K Max. Freq. 250 MHz 2.977 Gbps (128 - bit key) Throughput 2.510 Gbps (196 - bit key) 2.169 Gbps (256 - bit key) Silicon Prototype

  10. RSA Core • Based on an improved word-based Montgomery’s modular multiplication algorithm • Supports both GF(p) and GF(2^n) multiplications • Scalable architecture for different key length

  11. Silicon Prototype

  12. HMAC Core • Hashing: the mapping from an arbitrary length message to a fixed length hash value • A security engine for IPSec/SSL applications • An HMAC core supports both SHA-1 and MD-5 algorithms • Hardware is shared by SHA-1 and MD-5 • Supports various security requirements • Reduces hardware cost • For high performance and low power applications

  13. HMAC Architecture Counter Data Length Register Padding Logic DATA 32 32 Controller Constants Word Expansion Unit AHB Wrapper tj 32 Mj 32 Integrated SHA-1/MD5 Unit 160 160 Message Digest Register

  14. Silicon Prototype

  15. Status • Crypto-Processor (CP) • CP-1 (August 2003) • Descriptor-based controller • RSA, AES • CP-2 (June 2004) • RSA, AES, HMAC, RNG • Parallel architecture • Low power technique • Network security processor (NSP) • ARM + CP + AMBA • Architecture evaluation • Performance/power analysis

  16. CP2 Tape-Out (June 2004) • CP2 • Dynamic Voltage Generator

  17. Logic Module Cryptographic Processor AHB Bridge AHB GPIF-AHB Wrapper Memory NSP Prototyping Platform CM920T ARM Integrator PC USB 2.0 Development Board

  18. Future Test Chips Tape-Out • Multiple-clock domain (September 2004) • ARM + CP2 (Winter 2004) • Low-power (Winter 2004)

  19. Thank You

More Related