Design of a Reconfigurable Hardware

1. Design of a Reconfigurable Hardware For Efficient Implementation of Secret Key and Public Key Cryptography

2. Presentation Outline Introduction & Motivation Related Work Design Methodology Design Description Algorithm Implementations Comparison with other Work Programming Paradigm Conclusion/Work in Progress

3. Motivating Factors Need for high speed cryptography Need for algorithm independence Need for more secure implementations Need for implementing both Symmetric and Asymmetric key encryption

4. Need for High Speed Implementations Software implementations cannot provide real time rates Hardware implementations essential for IPSec end points SSL servers VPN at rates exceeding ATM Algorithm implementation must be able to sustain the network bandwidth

5. Need for Algorithm Independence IPSec Cipher Algorithm Specified in Security Association (SA) SSL Transactions Algorithm Negotiable for both Key Exchange & Encryption Need for Both Secret Key and Public Key Encryption Session establishment - Large Number of transactions Dedicated hardware not cheap!

6. Hardware Implementation Benefits More secure implementations Implementing both algorithms in hardware removes bottleneck associated with slow computations in key establishment Single hardware implementation supporting both algorithms reduce costs of separate hardware

7. Advantages of Reconfigurable Hardware Implementations Algorithm Agility Algorithm Upload/Modification Architecture Efficiency/Throughput Cost Efficiency

8. Comparison of Different Approaches

9. FPGAs? Post Fabrication Customization Low Cost Design Cycle Fast turnaround time Potential for Parallelism Instruction-level – Multiple operations Data-level – Multiple blocks of data Task-level – Parallel tasks (e.g. secret key)

10. FPGA: The basics General purpose logic elements (LUTs) Very flexible interconnect Basically fine grained to support both data paths and random logic

11. FPGA: Disadvantages Too much flexible – inefficiencies Too fine grained – again inefficiencies Block ciphers primarily data flow oriented – implemented using a large number of small elements Ciphers have a well defined data flow – general purpose interconnect end up being slow and overkill in terms of area

12. FPGA vs. Specialized Reconfigurable Logic Coarse grained vs. Fine grained Specialized interconnect vs. generic interconnect Reduced reconfiguration times End result Faster performance with reduced area while maintaining enough flexibility to support the application domain

13. Issues in Reconfigurable Hardware Designs How much of what to support? How many functional units? What kinds of functional units? How much support for random logic? How much interconnect flexibility to allow? Programming/CAD tools What kind of programming model to target How to design efficient automated tools

14. Custom Reconfigurable Hardware Design- What’s involved? Looking for commonalities/overlaps as well as disjoint elements Identify crucial components Utilize potential overlap or partial reuse Generic enough but fast components Minimizing the differences in component types Balancing the resources Upper bounds/Lower bounds Logic units vs. memory blocks Determining exact number of each type of unit Make the common case fast- IMPORTANT ALWAYS!

15. Related Work Cavium Networks’ SSL & IPSEC Protocol Aware Security Processor USC Mark II ‘s Advanced Cryptographic Engine for IPsec Worcester Polytechnic Institute’s COBRA Architecture

16. SSL/IPsec Security Processor Support for both public key and secret key encryption Not Reconfigurable Dedicated hardware blocks for each operation