Self-Partial and Dynamic Reconfiguration Implementation for AES using FPGA

This paper addresses efficient hardware/software implementation approaches for the AES (Advanced Encryption Standard) algorithm and describes the design and performance testing algorithm for embedded system. Also, with the spread of reconfigurable hardware such as FPGAs (Field Programmable Gate Array) embedded cryptographic hardware became cost-effective. Nevertheless, it is worthy to note that nowadays, even hardwired cryptographic algorithms are not so safe. From another side, the self-reconfiguring platform is reported that enables an FPGA to dynamically reconfigure itself under the control of an embedded microprocessor. Hardware acceleration significantly increases the performance of embedded systems built on programmable logic. Allowing a FPGA-based MicroBlaze processor to self-select the coprocessors uses can help reduce area requirements and increase a system's versatility. The architecture proposed in this paper is an optimal hardware implementation algorithm and takes dynamic partially reconfigurable of FPGA. This implementation is good solution to preserve confidentiality and accessibility to the information in the numeric communication

Microprocessor fault-tolerance via on-the-fly partial reconfiguration

This paper presents a novel approach to exploit FPGA dynamic partial reconfiguration to improve the fault tolerance of complex microprocessor-based systems, with no need to statically reserve area to host redundant components. The proposed method not only improves the survivability of the system by allowing the online replacement of defective key parts of the processor, but also provides performance graceful degradation by executing in software the tasks that were executed in hardware before a fault and the subsequent reconfiguration happened. The advantage of the proposed approach is that thanks to a hardware hypervisor, the CPU is totally unaware of the reconfiguration happening in real-time, and there's no dependency on the CPU to perform it. As proof of concept a design using this idea has been developed, using the LEON3 open-source processor, synthesized on a Virtex 4 FPG

FPGA based remote code integrity verification of programs in distributed embedded systems

The explosive growth of networked embedded systems has made ubiquitous and pervasive computing a reality. However, there are still a number of new challenges to its widespread adoption that include scalability, availability, and, especially, security of software. Among the different challenges in software security, the problem of remote-code integrity verification is still waiting for efficient solutions. This paper proposes the use of reconfigurable computing to build a consistent architecture for generation of attestations (proofs) of code integrity for an executing program as well as to deliver them to the designated verification entity. Remote dynamic update of reconfigurable devices is also exploited to increase the complexity of mounting attacks in a real-word environment. The proposed solution perfectly fits embedded devices that are nowadays commonly equipped with reconfigurable hardware components that are exploited to solve different computational problems

Secure Remote Control and Configuration of FPX Platform in Gigabit Ethernet Environment

Because of its flexibility and high performance, reconfigurable logic functions implemented on the Field-programmable Port Extender (FPX ) are well suited for implementing network processing such as packet classification, filtering and intrusion detection functions. This project focuses on two key aspects of the FPX system. One is providing a Gigabit Ethernet interface by designing logic for a FPGA which is located on a line card. Address Resolution Protocol (ARP) packets are handled in hardware and Ethernet frames are processed and transformed into cells suitable for standard FPX application. The other effort is to provide a secure channel to enable remote control and configuration of the FPX system through public internet. A suite of security hardware cores were implemented that include the Advanced Encryption Standard (AES), Triple Data Encryption Standard (3DES), Hashed Message Authentication Code (HMAC), Message Digest Version 5 (MD5) and Secure Hash Algorithm (SHA-1). An architecture and an associated protocol have been developed which provide a secure communication channel between a control console and a hardware-based reconfigurable network node. This solution is unique in that it does not require a software process to run on the network stack, so that it has both higher performance and prevents the node from being hacked using traditional vulnerabilities found in common operating systems. The mechanism can be applied to the design and implementation of re-motely managed FPX systems. A hardware module called the Secure Control Packet Processor (SCPP) has been designed for a FPX based firewall. It utilizes AES or 3DES in Error Propagation Block Chaining (EPBC) mode to ensure data confidentiality and data integrity. There is also an authenticated engine that uses HMAC. to generate the acknowledgments. The system can protect the FPX system against attacks that may be sent over the control and configuration channel. Based on this infrastructure, an enhanced protocol is addressed that provides higher efficiency and can defend against replay attack. To support that, a control cell encryption module was designed and tested in the FPX system

Hardware Design and Implementation of Role-Based Cryptography

Traditional public key cryptographic methods provide access control to sensitive data by allowing the message sender to grant a single recipient permission to read the encrypted message. The Need2Know® system (N2K) improves upon these methods by providing role-based access control. N2K defines data access permissions similar to those of a multi-user file system, but N2K strictly enforces access through cryptographic standards. Since custom hardware can efficiently implement many cryptographic algorithms and can provide additional security, N2K stands to benefit greatly from a hardware implementation. To this end, the main N2K algorithm, the Key Protection Module (KPM), is being specified in VHDL. The design is being built and tested incrementally: this first phase implements the core control logic of the KPM without integrating its cryptographic sub-modules. Both RTL simulation and formal verification are used to test the design. This is the first N2K implementation in hardware, and it promises to provide an accelerated and secured alternative to the software-based system. A hardware implementation is a necessary step toward highly secure and flexible deployments of the N2K system

Enhancing System Security Using Dynamic Hardware

Within the ever-advancing field of computing, there is significant research into the many facets of cyber security. However, there is very little research to support the concept of using a Field Programmable Gate Array (FPGA) to increase the security of a system. While its most common use is to provide efficiency and speedup of processes, this research considers the use of an FPGA to mitigate vulnerabilities in both software and hardware. This paper proposes circuit variance within an FPGA as a method of Moving Target Defense (MTD) and investigates its effect on side-channels. We hypothesize that although the functionality of native and variant circuits is the same, their subsequent side-channel characterizations will differ thus creating unique electromagnetic signatures. The investigation and observations of the study include circuit variant construction, side channel attacks and analyses, and subsequent comparisons of electromagnetic signatures. We found that in the analysis of variant DES implementations, there are small but present differences in side channel depictions from native to variant

High-Speed Area-Efficient Implementation of AES Algorithm on Reconfigurable Platform

Nowadays, digital information is very easy to process, but it allows unauthorized users to access to this information. To protect this information from unauthorized access, cryptography is one of the most powerful and commonly used techniques. There are various cryptographic algorithms out of which advanced encryption standard (AES) is one of the most frequently used symmetric key cryptographic algorithms. The main objective of this chapter is to implement fast, secure, and area-efficient AES algorithm on a reconfigurable platform. In this chapter, AES algorithm is designed using Xilinx system generator, implemented on Nexys-4 DDR FPGA development board and simulated using MATLAB Simulink. Synthesis results show that the implementation consumes 121 slice registers, and its maximum operating frequency is 1102.536 MHz. Throughput achieved by this implementation is 14.1125 Gbps

FPGAS and Database Engines Integration

This work focuses on the integration of an FPGA with a database engine. The purpose is to design and implement hardware-accelerated algorithms that are useful for the real-time work demands of modern databases in the world of data science and “Big Data” analysis. The work proposes an integration architecture of a commercial FPGA and an open source database. As an example of application, it is proposed the encryption and decryption of data using these services implemented in an FPGA. The algorithm used is the well-known 128-bit Advanced Encryption Standard (AES). The hardware-accelerated algorithm is used within the MySQL open-source database engine by using a UDF function in the API provided by the engine to test the algorithms implemented in hardware for processing large amounts of data. The FPGA is a commercial version of the manufacturer Xilinx.Consejo Nacional de Ciencia y Tecnologí