Chiffrement authentifié sur FPGAs de la partie reconfigurable à la partie static

Communication systems need to access, store, manipulate, or communicate sensitive information. Therefore, cryptographic primitives such as hash functions and block ciphers are deployed to provide encryption and authentication. Recently, techniques have been invented to combine encryption and authentication into a single algorithm which is called Authenticated Encryption (AE). Combining these two security services in hardware produces better performance compared to two separated algorithms since authentication and encryption can share a part of the computation. Because of combining the programmability with the performance ofcustom hardware, FPGAs become more common as an implementation target for such algorithms. The first part of this thesis is devoted to efficient and high-speed FPGA-based architectures of AE algorithms, AES-GCM and AEGIS-128, in order to be used in the reconfigurable part of FPGAs to support security services of communication systems. Our focus on the state of the art leads to the introduction of high-speed architectures for slow changing keys applications like Virtual Private Networks (VPNs). Furthermore, we present an efficient method for implementing the GF(2¹²⁸) multiplier, which is responsible for the authentication task in AES-GCM, to support high-speed applications. Additionally, an efficient AEGIS-128is also implemented using only five AES rounds. Our hardware implementations were evaluated using Virtex-5 and Virtex-4 FPGAs. The performance of the presented architectures (Thr./Slices) outperforms the previously reported ones.The second part of the thesis presents techniques for low cost solutions in order to secure the reconfiguration of FPGAs. We present different ranges of low cost implementations of AES-GCM, AES-CCM, and AEGIS-128, which are used in the static part of the FPGA in order to decrypt and authenticate the FPGA bitstream. Presented ASIC architectures were evaluated using 90 and 65 nm technologies and they present better performance compared to the previous work.Les systèmes de communication ont besoin d'accéder, stocker, manipuler, ou de communiquer des informations sensibles. Par conséquent, les primitives cryptographiques tels que les fonctions de hachage et le chiffrement par blocs sont déployés pour fournir le cryptage et l'authentification. Récemment, des techniques ont été inventés pour combiner cryptage et d'authentification en un seul algorithme qui est appelé authentifiés Encryption (AE). La combinaison de ces deux services de sécurité dans le matériel de meilleures performances par rapport aux deux algorithmes séparés puisque l'authentification et le cryptage peuvent partager une partie du calcul. En raison de la combinaison de la programmation de l'exécution de matériel personnalisé, FPGA deviennent plus communs comme cible d'une mise en œuvre de ces algorithmes. La première partie de cette thèse est consacrée aux architectures d'algorithmes AE, AES-GCM et AEGIS-128 à base de FPGA efficaces et à grande vitesse, afin d'être utilisé dans la partie reconfigurable FPGA pour soutenir les services de sécurité des systèmes de communication. Notre focalisation sur l'état de l'art conduit à la mise en place d'architectures à haute vitesse pour les applications lentes touches changeantes comme les réseaux privés virtuels (VPN). En outre, nous présentons un procédé efficace pour mettre en œuvre le GF(2¹²⁸) multiplicateur, qui est responsable de la tâche d'authentification en AES-GCM, pour supporter les applications à grande vitesse. En outre, un système efficace AEGIS-128 est également mis en œuvre en utilisant seulement cinq tours AES. Nos réalisations matérielles ont été évaluées à l'aide Virtex-5 et Virtex-4 FPGA. La performance des architectures présentées (Thr. / Parts) surpasse ceux signalés précédemment. La deuxième partie de la thèse présente des techniques pour des solutions à faible coût afin de garantir la reconfiguration du FPGA. Nous présentons différentes gammes de mises en œuvre à faible coût de AES-GCM, AES-CCM, et AEGIS-128, qui sont utilisés dans la partie statique du FPGA afin de décrypter et authentifier le bitstream FPGA. Architectures ASIC présentées ont été évaluées à l'aide de 90 et 65 technologies nm et présentent de meilleures performances par rapport aux travaux antérieurs

Design and analysis of an FPGA-based, multi-processor HW-SW system for SCC applications

The last 30 years have seen an increase in the complexity of embedded systems from a collection of simple circuits to systems consisting of multiple processors managing a wide variety of devices. This ever increasing complexity frequently requires that high assurance, fail-safe and secure design techniques be applied to protect against possible failures and breaches. To facilitate the implementation of these embedded systems in an efficient way, the FPGA industry recently created new families of devices. New features added to these devices include anti-tamper monitoring, bit stream encryption, and optimized routing architectures for physical and functional logic partition isolation. These devices have high capacities and are capable of implementing processors using their reprogrammable logic structures. This allows for an unprecedented level of hardware and software interaction within a single FPGA chip. High assurance and fail-safe systems can now be implemented within the reconfigurable hardware fabric of an FPGA, enabling these systems to maintain flexibility and achieve high performance while providing a high level of data security. The objective of this thesis was to design and analyze an FPGA-based system containing two isolated, softcore Nios processors that share data through two crypto-engines. FPGA-based single-chip cryptographic (SCC) techniques were employed to ensure proper component isolation when the design is placed on a device supporting the appropriate security primitives. Each crypto-engine is an implementation of the Advanced Encryption Standard (AES), operating in Galois/Counter Mode (GCM) for both encryption and authentication. The features of the microprocessors and architectures of the AES crypto-engines were varied with the goal of determining combinations which best target high performance, minimal hardware usage, or a combination of the two

A Survey of Parallel Message Authentication and Hashing Methods

مقدمة: الإنترنت، وتبادل المعلومات، والتواصل الاجتماعي، وغيرها من الأنشطة التي ازدادت بشكل كبير في السنوات الأخيرة. لذلك، يتطلب الأمر زيادة السرية والخصوصية. في الأيام الأخيرة، كان الاحتيال عبر الإنترنت واحدًا من العوائق الرئيسية لنشر استخدام تطبيقات الأعمال. وبالتالي، تحدث الثلاث مخاوف الأمنية الهامة بشكل يومي في عالم الأزياء الشفافة لدينا، وهي: الهوية، والمصادقة، والترخيص. التعرف هو إجراء يسمح بتحديد هوية كيان ما، والذي يمكن أن يكون شخصًا أو جهاز كمبيوتر أو أصل آخر مثل مبرمج برامج. طرق العمل: في أنظمة الأمان، المصادقة والترخيص هما إجراءان مكملان لتحديد من يمكنه الوصول إلى موارد المعلومات عبر الشبكة. تم تقديم العديد من الحلول في الأدبيات. وللحصول على أداء أفضل في خوارزميات المصادقة، استخدم الباحثون التوازي لزيادة الإنتاجية لخوارزمياتهم. من جهة، تم استخدام مجموعة من الطرق لزيادة مستوى الأمان في الأنظمة التشفيرية، بما في ذلك زيادة عدد الجولات، واستخدام جداول الاستبدال ودمج آليات الأمان الأخرى لتشفير الرسائل والمصادقة عليها. النتائج: أظهرت الدراسات الحديثة حول مصادقة الرسائل المتوازية وخوارزميات التجزئة أن وحدات معالجة الرسومات تتفوق في الأداء على الأنظمة الأساسية المتوازية الأخرى من حيث الأداء. الاستنتاجات: يقدم هذا العمل تنفيذًا متوازيًا لتقنيات مصادقة الرسائل على العديد من الأنظمة الأساسية. تدرس وتعرض الأعمال التي تناقش المصادقة والتجزئة وتنفيذها على منصة موازية كهدف رئيسي.Background: Currently, there are approximately 4.95 billion people who use the Internet. This massive audience desires internet shopping, information exchange, social networking, and other activities that have grown dramatically in recent years. Therefore, it creates the need for greater confidentiality and privacy. In recent days, fraud via the Internet has been one of the key impediments to the dissemination of the use of business apps. Therefore, the three important security concerns actually occur daily in our world of transparent fashion, more accurately: identity, authentication, and authorization. Identification is a procedure that permits the recognition of an entity, which may be a person, a computer, or another asset such as a software programmer. Materials and Methods: In security systems, authentication and authorization are two complementary procedures for deciding who may access the information resources across a network. Many solutions have been presented in the literature. To get more performance on the authentication algorithmic, researchers used parallelism to increase the throughput of their algorithms.  On the one hand, various approaches have been employed to enhance the security of cryptographic systems, including increasing the number of rounds, utilizing substitution tables, and integrating other security primitives for encryption and message authentication. Results: Recent studies on parallel message authentication and hashing algorithms have demonstrated that GPUs outperform other parallel platforms in terms of performance. Conclusion: This work presents a parallel implementation of message authentication techniques on several platforms. It is studying and demonstrating works which discuss authentication, hashing, and their implementation on a parallel platform as a main objective

Low-Cost Concurrent Error Detection for GCM and CCM

In many applications, encryption alone does not provide enough security. To enhance security, dedicated authenticated encryption (AE) mode are invented. Galios Counter Mode (GCM) and Counter with CBC-MAC mode (CCM) are the AE modes recommended by the National Institute of Standards and Technology. To support high data rates, AE modes are usually implemented in hardware. However, natural faults reduce its reliability and may undermine both its encryption and authentication capability. We present a low-cost concurrent error detection (CED) scheme for 7 AE architectures. The proposed technique explores idle cycles of the AE mode architectures. Experimental results shows that the performance overhead can be lower than 100% for all architectures depending on the workload. FPGA implementation results show that the hardware overhead in the 0.1-23.3% range and the power overhead is in the 0.2-23.2% range. ASIC implementation results show that the hardware overhead in the 0.1-22.8% range and the power overhead is in the 0.3-12.6% range. The underlying block cipher and hash module need not have CED built in. Thus, it allows system designers to integrate block cipher and hash function intellectual property from different vendors

Trade-Off Approach for GHASH Computation Based on a Block-Merging Strategy

In the Galois counter mode (GCM) of encryption an authentication tag is computed with a sequence of multiplications and additions in F 2 m. In this paper we focus on multiply-and-add architecture with a suquadratic space complexity multiplier in F 2 m. We propose a recom-bination of the architecture of P. Patel (Master Thesis, U. Waterloo, ON. Canada, 2008) which is based on a subquadratic space complexity Toeplitz matrix vector product. We merge some blocks of the recombined architecture in order to reduce the critical path delay. We obtain an architecture with a subquadratic space complexity of O(log 2 (m)m log 2 (m)) and a reduced delay of (1.59 log 2 (m) + log 2 (δ))D X + D A where δ is a small constant. To the best of our knowledge, this is the first multiply-and-add architecture with subquadratic space complexity and delay smaller than 2 log 2 (m)D X

An Architecture for the AES-GCM Security Standard

The forth recommendation of symmetric block cipher mode of operation SP800-38D, Galois/Counter Mode of Operation (GCM) was developed by David A McGrew and John Viega. GCM uses an approved symmetric key block cipher with a block size of 128 bits and a universal hashing over a binary Galois field to provide confidentiality and authentication. It is built specifically to support very high data rates as it can take advantage of pipelining and parallel processing techniques. Before GCM, SP800-38A only provided confidentiality and SP800-38B provided authentication. SP800-38C provided confidentiality using the counter mode and authentication. However the authentication technique in SP800-38C was not parallelizable and slowed down the throughput of the cipher. Hence, none of these three recommendations were suitable for high speed network and computer system applications. With the advent of GCM, authenticated encryption at data rates of several Gbps is now practical, permitting high grade encryption and authentication on systems which previously could not be fully protected. However there have not yet been any published results on actual architectures for this standard based on FPGA technology. This thesis presents a fully pipelined and parallelized hardware architecture for AES-GCM which is GCM running under symmetric block cipher AES on a FPGA multi-core platform corresponding to the IPsec ESP data flow. The results from this thesis show that the round transformations of confidentiality and hash operations of authentication in AES-GCM can cooperate very efficiently within this pipelined architecture. Furthermore, this AES-GCM hardware architecture never unnecessarily stalls data pipelines. For the first time this thesis provides a complete FPGA-based high speed architecture for the AES-GCM standard, suitable for high speed embedded applications

Bus Encryption and Authentication Unit for Symmetric Shared Memory Multiprocessor Sytem Using GCM-AES

Hardware security mechanisms in uniprocessor and multiprocessor systems have been proposed to safeguard information more efficiently. This work presents a secure architecture model for a symmetric shared memory multiprocessor (SMP) to safeguard the cache-to-cache transfers. This work proposes a hardware security mechanism, which employs Galois Counter Mode (GCM) of advanced encryption standard (AES) and modifies it to work in an SMP environment. The work focuses on why GCM is a better choice over cipher block chaining mode (CBC) which is used in current state of the art systems. It estimates the storage required by the additional hardware unit in both modes of operation. A full system SMP simulation quantifies the performance overhead introduced by the additional hardware unit in both schemes to safeguard the cache-to-cache transfers. The impact of increasing cache line sizes and the effect of varying throughput of the AES units in both the schemes is studied. Results show that a performance gain in the range of 4X-9X over the CBC scheme is achieved by using GCM mode of operation. The work shows that the throughput of the AES design has a greater impact on the performance of the CBC scheme. The performance loss is very high in CBC scheme with a lower throughput of the AES design compared to GCM. The performance in CBC scheme varies according to the authentication interval while authentication interval does not affect the GCM scheme, thus providing higher security. The presented work using GCM consumes less space on chip providing the same level of security as in the CBC scheme.School of Electrical & Computer Engineerin

FPGA Implementation using VHDL of the AES-GCM 256-bit Authenticated Encryption Algorithm

Η επίτευξη υψηλών ταχυτήτων μετάδοσης δεδομένων στα τηλεπικοινωνιακά δίκτυα μαζί με την ανάγκη για αξιόπιστη και ασφαλή μετάδοση των πληροφοριών ήταν πάντα μια πρόκληση. Η ανάγκη για επικοινωνία μέσο δημόσιων δικτύων με ασφαλή τρόπο, οδήγησε στην χρήση αλγόριθμων κρυπτογράφηση ασύμμετρου κλειδιού, οπού ένας μηχανισμός «χειραψίας» εξασφαλίζει την ασφαλή μετάδοση δεδομένων και την ακεραιότητα αυτών. Παρόλο που μαθηματικά δεν έχει αποδειχτεί ότι αυτοί οι αλγόριθμοι είναι άτρωτοι σε κρυπτογραφικές επιθέσεις, υπάρχουν ισχυρές ενδείξεις ότι είναι ανθεκτικοί στις περισσότερες κάνοντας την επίθεση ωμής βίας (bruteforce) την μόνη που έχει 100% πιθανότητα επιτυχίας δεδομένης τεράστιας υπολογιστικής ισχύος. Ενώ οι αλγόριθμοι ασύμμετρου κλειδιού ήταν η λύση για τις δημόσιες επικοινωνίες, η συνεχής απαίτηση για μεγαλύτερο εύρος ζώνης, έκανε την χρήση τους μη αποδοτική λόγο του υψηλού κόστους που απαιτούν σε υπολογιστική ισχύ. Η λύση στο πρόβλημα ήρθε με την υβριδική χρήση αλγορίθμων συμμετρικού και ασύμμετρου κλειδιού, έτσι ώστε να διατηρείτε ασφαλή μεταφορά δεδομένων αλλά η ταχύτητα επεξεργασίας των δεδομένων να αυξηθεί σημαντικά. Η ανάλυση στους συμμετρικούς αλγόριθμους οδήγησε στην δημιουργία του αλγορίθμου κρυπτογράφησης Advanced Encryption Standard (AES) που δημοσιεύτηκε από τον οργανισμό NIST το 2001, ως διάδοχο του DES. Η ανάγκη για αυθεντικοποίηση των δεδομένων οδήγησε στην δημιουργίας του αλγορίθμου GCM όπου μπορεί να αυθεντικοποιήσει μια ροή δεδομένων με αξιόπιστο και αποδοτικό τρόπο. Και οι δύο αλγόριθμοι έχουν το πλεονέκτημα ότι μπορεί να υλοποιηθούν εύκολα τόσο σε λογισμικό όσο και σε υλικό. Με την ζήτηση για υψηλές ταχύτητες να είναι μεγάλη, η υλοποίηση σε υλικό γίνεται μια όλο και πιο ελκυστική επιλογή. Οι πυρήνες IP με βάση την τεχνολογία FPGA μπορούν να υλοποιήσουν αυτούς τους αλγόριθμους με την χρήση γλωσσών περιγραφής υλικού όπως η VHDL,και να προσφέρουν αξιόπιστη και υψηλών ταχυτήτων επεξεργασία δεδομένων. Σε αυτή την εργασία σχεδιάσαμε χρησιμοποιώντας την γλώσσα VHDL και υλοποιήσαμε στο FPGA Virtex 5 XC5VFX130T της Xilinx, τον αλγόριθμό κρυπτογράφησης AES με το πρωτόκολλο αυθεντικοποίησης GCM, με μέγεθος κλειδιού στα 256 bits. Η υλοποίηση μας βασίζεται σε μια μη σωληνομένη εκδοχή του αλγορίθμου AES που μπορεί να κρυπτογραφήσει ένα μπλοκ 128 bits σε 15 κύκλους. Η αυθεντικοποίηση του μηνύματος μπορεί να επιτευχθεί σε 16 κύκλους. Η υλοποίηση μας με IV = 96 bits και παράλληλο πολλαπλασιαστή χρειάζεται 5% από τα slices και 1% από τα BRAMs του Virtex-5 XC5VFX130T FPGA. Η μέγιστη δυνατή συχνότητα είναι 227.690 MHz.Achieving high-speed network performance along with data integrity and security was always a challenge. The necessity to communicate through public channels securely led to the use of asymmetric key cryptography algorithms that commonly use a “hand-shake” mechanism allowing the implementation of a “trust” system that could quarantine the security of the transaction and the integrity of the data as long as the algorithm could provide strong resistance to cryptographic attacks. Although, there is no mathematical proof that these algorithms are invulnerable to attacks there is strong indication that they are highly resistant to most of them, making brute force the only attack that can have a 100% success rate which is countered by the huge computational power someone needs to succeed. While asymmetric key cryptography algorithms where the solution to public communication, the ongoing demand for higher bandwidth made the use of them inefficient, because the complexity of the algorithms demanded a processing cost that were creating latency gaps. A solution to this problem was the use of symmetric key algorithms for data transactions were the processing cost is much lower, so that the transaction security was intact but the bottleneck on the encryption/decryption speed limit was increased. The analysis in symmetric cryptographic algorithms resulted in the creation of the Advanced Encryption Standard (AES) published by NIST in 2001. Also the need of authentication and integrity of information transmitted, resulted in the creation of the AES-GCM mode which can authenticate a stream of data (up to 68Gb) with reliable and efficient way. Both algorithms have the advantage to be easily implemented in both software and hardware. With the demand of high speed interaction between networks and systems, it became clear that hardware solutions were the leading option to cover this demand. FPGA-based IP cores can implement those algorithms, with the use of hardware description language like VHDL, and provide accurate, reliable and high speed data process. In this thesis, we have designed in VHDL and implemented in Xilinx Virtex-5 FPGA technology an AES-GCM algorithm that performs authenticated encryption with an encryption key of 256 bits. Our AES-GCM implementation utilizes a non-pipelined version of the AES core and needs 15 cycles to encrypt 128-bits of plaintext, which is the minimum encryption duration supported without pipelining. Concerning the authentication process, our IP core can complete the authenticate process in 16 cycles. Our implementation of the AES-GCM algorithm with AES key = 256 bit, initialization vector (IV) vector = 96 bit, and a full parallel GHASH multiplier on a Xilinx’s Virtex-5 XC5VFX130T FPGA that is pin-to-pin compatible with the Space-grade Xilinx’s Virtex-5QV FPGA requires 5% of slices and 1% of BRAMs. The maximum achievable clock frequency is 227.690 MHz

A Multiple Bit Parity Fault Detection Scheme for The Advanced Encryption Standard Galois/Counter Mode

The Advanced Encryption Standard (AES) is a symmetric-key block cipher for electronic data announced by the U.S. National Institute of Standards and Technology (NIST) in 2001. The encryption process is based on symmetric key (using the same key for both encryption and decryption) for block encryption of 128, 192, and 256 bits in size. AES and its standardized authentication Galois/Counter Mode (GCM) have been adopted in numerous security-based applications. GCM is a mode of operation for AES symmetric key cryptographic block ciphers, which has been selected for its high throughput rates in high speed communication channels. The GCM is an algorithm for authenticated encryption to provide both data authenticity and confidentiality that can be achieved with reasonable hardware resources. The hardware implementation of the AES-GCM demands tremendous amount of logic blocks and gates. Due to natural faults or intrusion attacks, faulty outputs in different logic blocks of the AES-GCM module results in erroneous output. There exist plenty of specific literature on methods of fault detection in the AES section of the AES-GCM. In this thesis, we consider a novel fault detection of the GCM section using parity prediction. For the purpose of fault detection in GCM, two independent methods are proposed. First, a new technique of fault detection using parity prediction for the entire GCM loop is presented. Then, matrix based CRC multiple-bit parity prediction schemes are developed and implemented. As a result, we achieve the fault coverage of about 99% with the longest path delay and area overhead of 23% and 10.9% respectively. The false alarm is 0.12% which can be ignored based on the number of injected faults

An Efficient Scheme to Provide Real-time Memory Integrity Protection

Memory integrity protection has been a longstanding issue in trusted system design. Most viruses and malware attack the system by modifying data that they are not authorized to access. With the development of the Internet, viruses and malware spread much faster than ever before. In this setting, protecting the memory becomes increasingly important. However, it is a hard problem to protect the dynamic memory. The data in the memory changes from time to time so that the schemes have to be fast enough to provide real-time protection while in the same time the schemes have to use slow crytographical functions to keep the security level. In this thesis, we propose a new fast authentication scheme for memory. As in previous proposals the scheme uses a Merkle tree to guarantee dynamic protection of memory. We use the universal hash function family NH for speed and couple it with an AES encryption in order to achieve a high level of security. The proposed scheme is much faster compared to similar schemes achieved by cryptographic hash functions such as SHA-1 due to the finer grain incremental hashing ability provided by NH. With a modified version of the proposed scheme, the system can access the data in memory without checking the integrity all the time and still keeps the same security level. This feature is mainly due to the incremental nature of NH. Moreover, we show that combining with caches and parallelism, we can achieve fast and simple software implementation