Enhancing an Embedded Processor Core with a Cryptographic Unit for Performance and Security

We present a set of low-cost architectural enhancements to accelerate the execution of certain arithmetic operations common in cryptographic applications on an extensible embedded processor core. The proposed enhancements are generic in the sense that they can be beneficially applied in almost any RISC processor. We implemented the enhancements in form of a cryptographic unit (CU) that offers the programmer an extended instruction set. The CU features a 128-bit wide register file and datapath, which enables it to process 128-bit words and perform 128-bit loads/stores. We analyze the speed-up factors for some arithmetic operations and public-key cryptographic algorithms obtained through these enhancements. In addition, we evaluate the hardware overhead (i.e. silicon area) of integrating the CU into an embedded RISC processor. Our experimental results show that the proposed architectural enhancements allow for a significant performance gain for both RSA and ECC at the expense of an acceptable increase in silicon area. We also demonstrate that the proposed enhancements facilitate the protection of cryptographic algorithms against certain types of side-channel attacks and present an AES implementation hardened against cache-based attacks as a case study

Design and realization of an embedded processor for cryptographic applications

Architectural enhancements are a set of modifications in a general-purpose processor to improve the processing of a given workload such as multimedia applications and cryptographic operations. Employing faster/enhanced arithmetic units for the existing instruction set architecture (ISA), introducing application-specific instructions to the ISA, and adding a new set of registers are common practices employed as architectural enhancements. In this thesis, we introduce and implement a set of relatively low-cost enhancement techniques to accelerate certain arithmetic operations common in cryptographic applications on a configurable and extensible embedded processor core. The proposed enhancements are generic in the sense that they can profitably be applied in many RISC processors. These enhancements are organized into, what we prefer to call as, cryptographic unit (CU) that offers an extended ISA to the programmer. We then present the speedup values obtained for various arithmetic operations and public key cryptography algorithms through these enhancements. Furthermore, hardware overhead of introducing the enhancements to the embedded extensible processor is provided in terms of chip area. Our experimental results show that the proposed architectural enhancements provides significant amount of speedup (up to one order of magnitude) in elliptic curve cryptography and RSA with a conservative increase in hardware. Last but not the least, we demonstrate that the proposed enhancements facilitate protection of cryptographic algorithms against certain side-channel attacks by reporting our case study of AES implementation hardened against cache-based attacks

Design and analysis of privacy-preserving medical cloud computing systems

Thesis (Ph. D.)--University of Rochester. Department of Electrical and Computer Engineering, 2016.Current financial and regulatory pressure has provided strong incentives to institute better disease prevention, improved patient monitoring, and push U.S. healthcare into the digital era. Outsourcing medical applications to a cloud operator helps healthcare organizations (HCO) to provide better patient care without increasing the associated costs. Despite these advantages, the adoption of medical cloud computing by HCO’s has been slow due to the strict regulations on the privacy of Personal Health Information (PHI) dictated by The Health Insurance Portability and Accountability Act (HIPAA). In this dissertation, we propose a novel privacy-preserving medical cloud computing system with an emphasis on “secure computation.” The proposed system enables monitoring patients remotely outside the HCO using ECG signals. To eliminate privacy concerns associated with the public cloud providers, we utilize Fully Homomorphic Encryption (FHE) to enable computations on encrypted PHI data. Despite well-known performance penalties associated with FHE, we propose two methods for an efficient implementation. Specifically, we model our applications using two computational models: circuit and branching program, and propose optimizations to improve run-time performance. We compare our FHE-based solution with conventional and Attribute Based Encryption schemes for secure a) storage, b) computation, and c) sharing of the medical data. We show that despite the overhead compared to existing encryption schemes, our system can be implemented with a reasonable budget with major public cloud service providers. With the recent advances on FHE coupled with the decreasing costs of cloud services, we argue that our study is a novel step towards privacy-preserving cloud-based health monitoring that can improve the diagnosis of cardiac diseases, which are responsible for the highest percentage of deaths in the United States