Haixin Wang,Guoqiang Bai,Hongyi Chen

DOI: https://doi.org/10.1007/s11265-009-0371-2

2009-01-01

Journal of Signal Processing Systems

Abstract:This paper presents a high performance Network Security Processor (NSP) system architecture implementation intended for both Internet Protocol Security (IPSec) and Secure Socket Layer (SSL) protocol acceleration, which are widely employed in Virtual Private Network (VPN) and e-commerce applications. The efficient data transfer skeleton and optimized integration scheme of the parallel crypto engine arrays lead to a Gbps rate NSP, which is programmable with domain specific descriptor-based instructions for Gbps throughput IPSec and SSL applications. The descriptor-based control flow fragments large data packets and distributes them to the parallel crypto engine arrays, which fully utilizes the computation resources and improves the overall system data throughput. A prototyping platform for this NSP design is implemented with Xilinx XC3S5000 based FPGA chip set. Results show that the design gives a peak throughput for the IPSec ESP tunnel mode of 1.851 Gbps with over 1600 full SSL handshakes per second at a clock rate of 150 MHz.

ZHOU Zhou,HE Yi-fan,SHEN Hai-bin,ZHAO Xu-xin

DOI: https://doi.org/10.3969/j.issn.1005-9490.2007.04.089

2007-01-01

Abstract:SMS4 algorithm is the domestic encryption standard released for WLAN use.An inner-round pipelined,high-speed engine is proposed after analyzing the features of this algorithm.By using pipelined or parallel multi-engines,throughput and hardware cost can be easily adjusted according to different applications.Compared with the 32-stage pipelined structure,hardware cost is much lower under the same throughput.Moreover,the SMS4 encryption/decryption system can easily fit in a low-cost Spartan II XC2S50 FPGA in a single-engine implementation.

王海欣,白国强,陈弘毅

DOI: https://doi.org/10.16511/j.cnki.qhdxxb.2010.01.034

2010-01-01

Abstract:This paper presents a high performance Network Security Processor (NSP) system architecture implementation intended for both IPSec and SSL protocol acceleration. The efficient data transfer skeleton and optimized integration scheme of the parallel crypto engine arrays lead to a Gb/s rate NSP, which is programmable with domain specific descriptor-based instructions. The descriptor-based control flow fragments large data packets and distributes them to the parallel crypto engine arrays to fully utilize the computation resources and improve the overall system data throughput. The design synthesized with SMIC 0.13 μm CMOS technology gives a peak throughput for the IPSec ESP tunnel mode of 1.651 Gb/s with over 1000 s-1 full SSL handshakes at a clock rate of 200 MHz.

Haixin Wang,Guoqiang Bai,Hongyi Chen

DOI: https://doi.org/10.1109/asap.2008.4580160

2010-01-01

International Journal of Electronics

Abstract:The last few years have seen many significant progresses in the field of application-specific processors. One exemplar is Network Security Processors (NSPs) that perform various cryptographic operations specified by network security protocols and help to offload the computation intensive burdens from Network Processors (NPs). This paper proposes a high-performance NSP intended for both IPSec and SSL protocols acceleration. With a programmable descriptor-based instruction set architecture, the novel design of system architecture leads to a Gbps rate NSP named Zodiac, which is programmable with domain specific instructions for Gbps throughput IPSec and SSL applications. Synthesized with a 0.18 mum CMOS technology, the peak throughput of IPSec ESP tunnel mode can reach up to 1.651 Gbps and over 1000 full SSL handshakes per second are attainable.

Yun Niu,Li-ji Wu,Yang Liu,Xiang-min Zhang,Hong-yi Chen

DOI: https://doi.org/10.1631/jzus.c1200370

2013-01-01

Journal of Zhejiang University SCIENCE C

Abstract:This paper deals with an in-line network security processor (NSP) design that implements the Internet Protocol Security (IPSec) protocol processing for the 10 Gbps Ethernet. The 10 Gbps high speed data transfer, the IPSec processing including the crypto-operation, the database query, and IPSec header processing are integrated in the design. The in-line NSP is implemented using 65 nm CMOS technology and the layout area is 2.5 mm×3 mm with 360 million gates. A configurable crossbar data transfer skeleton implementing an iSLIP scheduling algorithm is proposed, which enables simultaneous data transfer between the heterogeneous multiple cores. There are, in addition, a high speed input/output data buffering mechanism and design of high performance hardware structures for modules, wherein the transfer efficiency and the resource utilization are maximized and the IPSec protocol processing achieves 10 Gbps line speed. A high speed and low power hardware look-up method is proposed, which effectively reduces the area and power dissipation. The post simulation results demonstrate that the design gives a peak throughput for the Authentication Header (AH) transport mode of 10.06 Gbps with the average test packet length of 512 bytes under the clock rate of 250 MHz, and power dissipation less than 1 W is obtained. An FPGA prototype is constructed to verify the function of the design. A test bench is being set up for performance and function verification.

Wei Huang,Jun Han,Shuai Wang,Xiaoyang Zeng

DOI: https://doi.org/10.1109/ASSCC.2010.5716621

2010-01-01

Abstract:This paper presents a heterogeneous multi-core SoC platform to deal with intensive cryptography algorithms in different security protocols. And several cores are integrated in the proposed Platform, which are a MlPS-like general processor (GP), a dedicated package processor (PP) for fast data package, and multiple security processors (SP) for cryptography. The low-cost dedicated SPs can execute cryptography algorithms flexibly and efficiently, and the processing performance of this platform can be enhanced easily by exploiting algorithms parallelism on multiple cores. Moreover, a test chip is implemented in SEVIC 0.13μm standard CMOS technology, and its functionality and performance are well verified. It can achieve 565Mbps, 256Mbps, 19Kbps, and 16Kbps throughput for AES(128), SHA-1, RSA(1024), ECC(p192) respectively. Comparison results shows that it also has a low-complexity hardware cost but more flexibility.

Jie Bai,Liji Wu,Niu Yun,Yang Liu,Xiangmin Zhang

DOI: https://doi.org/10.1109/WOCC.2013.6676448

2013-01-01

Abstract:This paper presents design and verification of a 10Gbps in-line Network Security Processor (NSP) with a single 32-bit embedded CPU. This NSP is designed to process the IPSec protocol at line speed for the 10Gbps Ethernet. 10Gbps SerDes, IPSec protocol processing module, database query module, and a CPU are designed to be integrated on one chip to form a System on Chip (SOC). The CPU used is OR1200, a 32-bit open source general-purpose CPU with Harvard Microarchitecture. The CPU acts as the controller, bringing flexibility and scalability to the system. Virtex-5 XC5VXS95T FPGA board is used in the verification.

Yun Niu,Liji Wu,Xiangmin Zhang

DOI: https://doi.org/10.4304/jcp.8.2.319-325

2013-01-01

Journal of Computers

Abstract:The IP security protocol (IPSec) is an important and widely used security protocol in the IP layer. But the implementation of the IPSec is a computing intensive work which greatly limits the performance of the high speed network. In this paper, a high performance IPSec accelerator used in a 10Gbps in-line network security processor (NSP) is presented. The design integrates the protocol processing and the cryptographic processing; the transport/tunnel mode of the AH, ESP security protocols and the AES, HMAC-SHA-1 cryptographic algorithms are realized by hardware. An efficient partial crossbar data transfer skeleton with iSLIP scheduling algorithm is adopted to realize the maximum utilization of the computation resources in the accelerator. The number of AH, ESP, AES, HMAC-SHA-1 cores in the design can be configured to meet the different applications. By simulation, with 8 protocol IP-cores and 24 crypto IP-cores connected to the crossbar in the IPSec accelerator, the design gives a peak throughput for the AH protocol transport mode of 11.28Gbps at the average of 512 bytes packet length under a clock rate of 300MHz. The hardware verification is implemented on a Virtex-5 XC5VSX95T based FPGA board. Low power design methods are also used in the design to reduce the power dissipation.

r lu,xiaoyang zeng,jun han,yehua gu,lang mai

DOI: https://doi.org/10.1109/ICASIC.2007.4415768

2007-01-01

Abstract:The ASIP, which features the high efficiency of ASIC coprocessor and the flexibility of general purpose processor, has and will have popular application in Information security domain. This paper presents a new design and VLSI architecture of security ASIP for RSA/ECC of cryptographic algorithms. By adopting the special instructions and computing unit, the proposed 32-bit RISC processor achieves the goal of high-speed and low-cost. Based on TSMC 0.25 mum standard CMOS technology, the core circuit of this security ASIP has only about 28k gates, and a max frequency of 150 MHz , under which only 200 ms is required when the security ASIP excutes a 1024-bit RSA.

Yun Niu,Liji Wu,Li Wang,Xiangmin Zhang,Jun Xu

DOI: https://doi.org/10.1109/cis.2011.154

2011-01-01

Abstract:A configurable IPSec processor for a high performance in-line network security processor that integrates two embedded 32-bit CPU cores, and an IPSec protocol processor on a SoC is presented. The IPSec processor can implement the transport/tunnel mode AH and ESP protocol of the IPSec, and support AES-128/192/256, HMAC-SHA-1 algorithm. The number of AH, ESP, AES, HMAC-SHA-1 IP-cores in the design can be configured for different use such as 10 Gigabit Ethernet and Gigabit Ethernet, even for the next generation 40/100G Network. Low power is also considered in the design. In the IPSec processor, crossbar switch architecture for multi-core data transfer is adopted. With four parallel AH, ESP, AES, HMAC-SHA-1 IP-cores separately connected to an 8x8 crossbar switch in the IPSec processor, a throughput of 1.5Gbps at 200MHz is achieved and hardware verification is implemented by FPGA. By simulation, the IPSec protocol operation can achieve 10Gbps wire speed with 32 IPSec protocol IP-cores and cryptographic IP-cores configured in the IPSec processor.

Y Fan,XY Zeng,Z Zhang,A Chen,QL Zhang

DOI: https://doi.org/10.1109/isspa.2005.1580257

2006-01-01

Abstract:This paper proposes a novel architecture for highspeed RSA crypto-processor with reconfigurable architecture. Through analysing and comparing between the original algorithms with modified Modular exponentiation and Montgomery multiplication algorithm, a nested pipelined RSA crypto-processor architecture is presented. Based on this architecture, we can easily design a RSA crypto-processor with various speed & key length, it is very flexible to design an encrypt IP core in the SOC platform. As an example, a 1024-bit, 5Mbps RSA cryptoprocessor is implemented. The result shows that the architecture proposed by this paper is practical and efficient.

Khai-Minh Ma,Duc-Hung Le,Cong-Kha Pham,Trong-Thuc Hoang

DOI: https://doi.org/10.3390/fi15050186

2023-05-20

Future Internet

Abstract:The security of Internet of Things (IoTs) devices in recent years has created interest in developing implementations of lightweight cryptographic algorithms for such systems. Additionally, open-source hardware and field-programable gate arrays (FPGAs) are gaining traction via newly developed tools, frameworks, and HDLs. This enables new methods of creating hardware and systems faster, more simply, and more efficiently. In this paper, the implementation of a system-on-chip (SoC) based on a 32-bit RISC-V processor with lightweight cryptographic accelerator cores in FPGA and an open-source integrating framework is presented. The system consists of a 32-bit VexRiscv processor, written in SpinalHDL, and lightweight cryptographic accelerator cores for the PRINCE block cipher, the PRESENT-80 block cipher, the ChaCha stream cipher, and the SHA3-512 hash function, written in Verilog HDL and optimized for low latency with fewer clock cycles. The primary aim of this work was to develop a customized SoC platform with a register-controlled bus suitable for integrating lightweight cryptographic cores to become compact embedded systems that require encryption functionalities. Additionally, custom firmware was developed to verify the functionality of the SoC with all integrated accelerator cores, and to evaluate the speed of cryptographic processing. The proposed system was successfully implemented in a Xilinx Nexys4 DDR FPGA development board. The resources of the system in the FPGA were low with 11,830 LUTs and 9552 FFs. The proposed system can be applicable to enhancing the security of Internet of Things systems.

LU Rong-hua,ZENG Xiao-yang,HAN Jun,GU Ye-hua,MAI Lang

DOI: https://doi.org/10.3969/j.issn.1000-1220.2007.09.036

2007-01-01

Abstract:The ASIP, which features the high efficiency of ASIC co-processor and the flexibility of General Purpose Processor, has and will have popular application in information security domain. This paper presents a new design and VLSI architecture of Security ASIP for RSA/ECC of cryptographic algorithms. By adopting the special intruction set and computing unit, the proposed 32-bit RISC processor achieves the goal of high-speed and low-cost. Based on TSMC 0.25μm standard CMOS technology, the core circuit of this Security ASIP has about 28k gates, and a max frequency of 150MHz , under which only 200 ms is required when the Security ASIP excutes a 1024-bit RSA algorithm.

Wei Huang,Jun Han,Shuai Wang,Xiaoyang Zeng

DOI: https://doi.org/10.1109/ICSICT.2010.5667841

2010-01-01

Abstract:This paper presents a mobile security SoC to deal with intensive cryptography algorithms for different security protocols. A MIPS-like general processor, a dedicated package processor for fast data package, and multiple security processors for cryptography are integrated in the SoC. Moreover, the performance can be greatly enhanced by the well-designed DTU (Data Transfer Unit), memory architecture and synchronization units. With the help of our MIPS, software of the processors could be programmed flexibly to fulfill the requirements of the different security protocols. A test chip is implemented in SMIC 0.13μm standard CMOS technology, and its functionality and performance are well verified. It can achieve 565Mbps, 256Mbps, 19Kbps and 16Kbps throughput for AES (128), SHA-1, RSA (1024), ECC (192) respectively.

T. Nagalaxmi,E. Sreenivasa Rao,P. ChandraSekhar

DOI: https://doi.org/10.1007/s10470-024-02290-z

IF: 1.321

2024-09-16

Analog Integrated Circuits and Signal Processing

Abstract:Networks on Chip (NoCs) are a crucial component in modern System on Chips (SoCs), which provide the communication infrastructure for various processing elements such as CPUs, GPUs, DSPs, and other IPs. As a result, security is a critical aspect of NoCs, and it is essential to protect them from various security threats such as information leakage, denial of service attacks, and unauthorized access. The communication over NoCs carries sensitive and confidential information, which needs to be protected from unauthorized access, interception, or tampering. A Hybrid Secure technique is proposed in this research paper to protect the data during NoC transmission. The Noekeon and RSA algorithms are combined to create the hybrid secure algorithm for NoC architecture. The Noekeon algorithm provides a high level of security, efficiency, flexibility, and resistance to side-channel attacks, making it an ideal choice for securing communication in NoC and other applications. The RSA encryption algorithm is modified to minimize the number of calculations. The proposed hybrid secure algorithm is tested on 4 × 4 2D mesh NoC architecture. The average throughput of the proposed algorithm is increased to 64% and 51% latency is reduced when compared to existing research work.

engineering, electrical & electronic,computer science, hardware & architecture

WANG Shuai,HAN Jun,LI Yang,ZENG Xiao-yang

DOI: https://doi.org/10.3969/j.issn.1000-3428.2012.21.065

2012-01-01

Abstract:Security protocols and cryptography algorithms(ciphers) are widely used to protect the sensitive digital information in computer systems and communication networks.How to process these computation-intensive protocols and algorithms has become a crucial issue.This paper presents a Network on Chip(NoC) architecture for Wireless Local Area Network(WLAN) security domain.Four MIPS-like RISC processors and twelve security-oriented ASIPs fabricate the proposed 4×4 mesh NoC architecture.In each ASIP,the Parallel Look-Up Table(PLUT) method is implemented to accelerate Advanced Encryption Standard(AES) encryption.Moreover,task parallelism in Counter CBC-MAC Protocol(CCMP) is exploited,thus high throughput is obtained.The proposed architecture is synthesized under SMIC 0.13 μm CMOS technology and costs 3083 k-gates.Experimental results show that the system achieves a throughput of 787 Mb/s at 84 MHz.

Rourab Paul,Sangeet Saha,Suman Sau,Amlan Chakrabarti

DOI: https://doi.org/10.48550/arXiv.1205.2153

2012-05-10

Abstract:Security is the most important part in data communication system, where more randomization in secret keys increases the security as well as complexity of the cryptography algorithms. As a result in recent dates these algorithms are compensating with enormous memory spaces and large execution time on hardware platform. Field programmable gate arrays (FPGAs), provide one of the major alternative in hardware platform scenario due to its reconfiguration nature, low price and marketing speed. In FPGA based embedded system we can use embedded processor to execute particular algorithm with the inclusion of a real time operating System (RTOS), where threads may reduce resource utilization and time consumption. A process in the runtime is separated in different smaller tasks which are executed by the scheduler to meet the real time dead line using RTOS. In this paper we demonstrate the design and implementation of a 128-bit Advanced Encryption Standard (AES) both symmetric key encryption and decryption algorithm by developing suitable hardware and software design on Xilinx Spartan- 3E (XC3S500E-FG320) device using an Xilkernel RTOS, the implementation has been tested successfully The system is optimized in terms of execution speed and hardware utilization.

Hardware Architecture

Yang Liu,Liji Wu,Yun Niu,Xiangmin Zhang,Zhiqiang Gao

DOI: https://doi.org/10.1109/CIS.2012.60

2012-01-01

Abstract:10Gbps Ethernet Security Processor is very important in future network telecommunication. In order to meet the performance of ultra high throughput of 10Gbps ESP, An architecture of multiple SHA-1 IP cores paralleled based crossbar switch are proposed in this paper. Firstly, An ultra high throughput, low power consumption SHA-1 algorithm IP-core are designed, then, an effective scheduling architecture with SHA-1 IP cores are proposed in this paper. In our simulation with SMIC 65nm, the throughput of single IP core could reach to 4.27Gbps in the frequency of 400Mhz. Verification are based on Xilinx Virtex FPGA, 1943 slices LUTs are used for each SHA-1 IP core. By using this crossbar architecture, the number of SHA-1 IP cores used in 10Gbps Network Security Processor could decrease to four, which decrease the total area and power consumption of Network Security Processor significantly.

S. Madhavapandian,P. MaruthuPandi

DOI: https://doi.org/10.1007/s11277-019-06930-w

IF: 2.017

2019-11-19

Wireless Personal Communications

Abstract:The proposed system portrays the application space examination of a diverse cryptosystem processor with dynamic reconfiguration abilities. It is appropriate to a variety of signal processing application domains namely telecommunications, image processing, video coding and cryptographic processing. To differentiate between application spaces of the processor, the performance is correlated with cutting edge devices, taking ability to program, energy efficiency and computational potential as the important factors. In general the conventional method of computation is processed by means of Virtual Secure Circuit (VSC) on Advanced Encryption Standard (AES) and performance of the device Field Programmable Gate Array (FPGA) after implementation is analyzed in terms of delay and throughput. In the conventional method area overhead and power consumption are less where as the architecture lags in performance and throughput. It has been overcome through the fully parallel pipelined Architecture of the VSC on AES which outperforms the existing method in terms of performance and throughput. The energy efficiency and performance are considerably more important than processor that are used for general purpose, while still preserving a Convenient approach of programming that mainly bank on software oriented languages. The exploit of VSC based AES is to formulate the cryptographic processor held against Side Channel Attacks like attacks based on power supply and electromagnetic signals. Then the experimental result shows the promising outcomes when compared to previous methods.

telecommunications

Ting Li,Jinjiang Yang,Yin Zhou,Shaojun Wei

DOI: https://doi.org/10.1145/3672919.3673034

2024-01-01

Abstract:Cryptography is very important in the field of network security. In order to encrypt various types of data using different encryption algorithms, an efficient encryption hardware architecture must have both flexibility and high performance. However, current hardware often fails to balance encryption speed and flexibility. This is a question that researchers need to address. This paper proposes a reconfigurable cryptographic algorithm processing module RPU, which can support various publicly available block cipher, hashing algorithms and streaming algorithms, as well as user-defined algorithms. This module is integrated into the SOC system. In this paper, we also map AES and SM4 algorithms and conduct experiments to demonstrate that we achieve better performance and lower power consumption. Compared with other hardware implementations, our proposed architecture has an energy efficiency advantage of 12X to 102X. Additionally, this design also improves energy efficiency by 3.7X compared to other CGRA chips.