1,382 research outputs found
An Energy-Efficient Reconfigurable DTLS Cryptographic Engine for End-to-End Security in IoT Applications
This paper presents a reconfigurable cryptographic engine that implements the
DTLS protocol to enable end-to-end security for IoT. This implementation of the
DTLS engine demonstrates 10x reduction in code size and 438x improvement in
energy-efficiency over software. Our ECC primitive is 237x and 9x more
energy-efficient compared to software and state-of-the-art hardware
respectively. Pairing the DTLS engine with an on-chip RISC-V allows us to
demonstrate applications beyond DTLS with up to 2 orders of magnitude energy
savings.Comment: Published in 2018 IEEE International Solid-State Circuits Conference
(ISSCC
An Energy-Efficient Reconfigurable DTLS Cryptographic Engine for End-to-End Security in IoT Applications
This paper presents a reconfigurable cryptographic engine that implements the
DTLS protocol to enable end-to-end security for IoT. This implementation of the
DTLS engine demonstrates 10x reduction in code size and 438x improvement in
energy-efficiency over software. Our ECC primitive is 237x and 9x more
energy-efficient compared to software and state-of-the-art hardware
respectively. Pairing the DTLS engine with an on-chip RISC-V allows us to
demonstrate applications beyond DTLS with up to 2 orders of magnitude energy
savings.Comment: Published in 2018 IEEE International Solid-State Circuits Conference
(ISSCC
Constructing cluster of simple FPGA boards for cryptologic computations
In this paper, we propose an FPGA cluster infrastructure, which can be utilized in implementing cryptanalytic attacks and accelerating cryptographic operations. The cluster can be formed using simple and inexpensive, off-the-shelf FPGA boards featuring an FPGA device, local storage, CPLD, and network connection. Forming the cluster is simple and no effort for the hardware development is needed except for the hardware design for the actual computation. Using a softcore processor on FPGA, we are able to configure FPGA devices dynamically and change their configuration on the fly from a remote computer. The softcore on FPGA can execute relatively complicated programs for mundane tasks unworthy of FPGA resources. Finally, we propose and implement a fast and efficient dynamic configuration switch technique that is shown to be useful especially in cryptanalytic applications. Our infrastructure provides a cost-effective alternative for formerly proposed cryptanalytic engines based on FPGA devices
Sphinx: A Secure Architecture Based on Binary Code Diversification and Execution Obfuscation
Sphinx, a hardware-software co-design architecture for binary code and
runtime obfuscation. The Sphinx architecture uses binary code diversification
and self-reconfigurable processing elements to maintain application
functionality while obfuscating the binary code and architecture states to
attackers. This approach dramatically reduces an attacker's ability to exploit
information gained from one deployment to attack another deployment. Our
results show that the Sphinx is able to decouple the program's execution time,
power and memory and I/O activities from its functionality. It is also
practical in the sense that the system (both software and hardware) overheads
are minimal.Comment: Boston Area Architecture 2018 Workshop (BARC18
Sphinx: a secure architecture based on binary code diversification and execution obfuscation
Sphinx, a hardware-software co-design architecture for binary code and runtime obfuscation. The Sphinx architecture uses binary code diversification and self-reconfigurable processing elements to maintain application functionality while obfuscating the binary code and architecture states to attackers. This approach dramatically reduces an attacker’s ability to exploit information gained from one deployment to attack another deployment. Our results show that the Sphinx is able to decouple the program’s execution time, power and memory and I/O activities from its functionality. It is also practical in the sense that the system (both software and hardware) overheads are minimal.Published versio
Parametric, Secure and Compact Implementation of RSA on FPGA
We present a fast, efficient, and parameterized modular multiplier and a secure exponentiation circuit especially intended for FPGAs on the low end of the price range. The design utilizes dedicated block multipliers as the main functional unit and Block-RAM as storage unit for the operands. The adopted design methodology allows adjusting the number of multipliers, the radix used in the multipliers, and number of words to meet the system requirements such as
available resources, precision and timing constraints. The architecture, based on the Montgomery modular multiplication algorithm, utilizes a pipelining technique that allows concurrent operation of hardwired multipliers. Our
design completes 1020-bit and 2040-bit modular multiplications in 7.62 μs and 27.0 μs, respectively. The multiplier uses a moderate amount of system resources while achieving the best area-time product in literature. 2040-bit modular exponentiation engine can easily fit into Xilinx Spartan-3E 500; moreover the exponentiation circuit withstands known side channel attacks
Implementing a protected zone in a reconfigurable processor for isolated execution of cryptographic algorithms
We design and realize a protected zone inside a reconfigurable and extensible embedded RISC processor for isolated execution of cryptographic algorithms. The protected zone is a collection of processor subsystems such as functional units optimized for high-speed execution of integer operations, a small amount of local memory, and general and special-purpose registers. We outline the principles for secure software implementation of cryptographic algorithms
in a processor equipped with the protected zone. We also demonstrate the efficiency and effectiveness of the protected zone by implementing major cryptographic algorithms, namely RSA, elliptic curve cryptography, and AES in the protected zone. In terms of time efficiency, software implementations
of these three cryptographic algorithms outperform equivalent software implementations on similar processors reported in the literature. The protected zone is designed in such a modular fashion that it can easily be integrated into any RISC processor; its area overhead is considerably moderate in the sense that
it can be used in vast majority of embedded processors. The protected zone can also provide the necessary support to implement TPM functionality within the boundary of a processor
An Energy-Efficient Reconfigurable DTLS Cryptographic Engine for Securing Internet-of-Things Applications
This paper presents the first hardware implementation of the Datagram
Transport Layer Security (DTLS) protocol to enable end-to-end security for the
Internet of Things (IoT). A key component of this design is a reconfigurable
prime field elliptic curve cryptography (ECC) accelerator, which is 238x and 9x
more energy-efficient compared to software and state-of-the-art hardware
respectively. Our full hardware implementation of the DTLS 1.3 protocol
provides 438x improvement in energy-efficiency over software, along with code
size and data memory usage as low as 8 KB and 3 KB respectively. The
cryptographic accelerators are coupled with an on-chip low-power RISC-V
processor to benchmark applications beyond DTLS with up to two orders of
magnitude energy savings. The test chip, fabricated in 65 nm CMOS, demonstrates
hardware-accelerated DTLS sessions while consuming 44.08 uJ per handshake, and
0.89 nJ per byte of encrypted data at 16 MHz and 0.8 V.Comment: Published in IEEE Journal of Solid-State Circuits (JSSC
An IoT Endpoint System-on-Chip for Secure and Energy-Efficient Near-Sensor Analytics
Near-sensor data analytics is a promising direction for IoT endpoints, as it
minimizes energy spent on communication and reduces network load - but it also
poses security concerns, as valuable data is stored or sent over the network at
various stages of the analytics pipeline. Using encryption to protect sensitive
data at the boundary of the on-chip analytics engine is a way to address data
security issues. To cope with the combined workload of analytics and encryption
in a tight power envelope, we propose Fulmine, a System-on-Chip based on a
tightly-coupled multi-core cluster augmented with specialized blocks for
compute-intensive data processing and encryption functions, supporting software
programmability for regular computing tasks. The Fulmine SoC, fabricated in
65nm technology, consumes less than 20mW on average at 0.8V achieving an
efficiency of up to 70pJ/B in encryption, 50pJ/px in convolution, or up to
25MIPS/mW in software. As a strong argument for real-life flexible application
of our platform, we show experimental results for three secure analytics use
cases: secure autonomous aerial surveillance with a state-of-the-art deep CNN
consuming 3.16pJ per equivalent RISC op; local CNN-based face detection with
secured remote recognition in 5.74pJ/op; and seizure detection with encrypted
data collection from EEG within 12.7pJ/op.Comment: 15 pages, 12 figures, accepted for publication to the IEEE
Transactions on Circuits and Systems - I: Regular Paper
- …