No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
A Review and Application of Integrity Techniques for Securing FPGA-based Designs
The security implications of the emerging world of smart devices brought about by the Internet of things' recent rise are enormous. IoT devices typically have restricted resources, such as minimal memory, low processing power, and a short battery life, in addition to their stated security level. In the context of IoT, lightweight cryptographic primitives are presented taking into account the trade-off between speed and security assurance. In this research, we proposed lightweight cryptographic hash methods and optimized hardware for devices with limitations. The size, speed, efficiency, and power consumption of our suggested solutions are examined on FPGA systems. Bit permutation, linear transformation, and S-Box functionality are used in the suggested design. To analyze large data sets and Internet of Things applications, conventional hash algorithms need memory and time. Thus, the demand arises for a lightweight cryptographic protocol that is both rapid and safe. This technique offers the necessary security criteria of conventional hash functions and the parameters for lightweight cryptographic protocols. The proposed architecture is tested and validated based on three key criteria: memory, speed, and power consumption, which are important factors in determining its lightweight nature. Based on the findings, the proposed architecture outperforms other lightweight protocols regarding memory usage, performance, and power consumption. For an appropriate FPGA-based application deployment, a thorough comparison of our suggested designs is detailed on various FPGA families.
Cyclic Redundancy Check (CRC) is an essential component in various integrated circuits of the electronics industry. This paper is a CRC comprehensive guide that explores various approaches for CRC implementations in hardware, and demonstrates synthesis estimation results for understanding their impact. Finally, it assists the designer to customize and optimize his CRC implementation to meet different project requirements.
In this short note, we describe a new hardware implementa-tion of Shabal. Our results outperform the state-of-the-art. In particular, Shabal can achieve a high throughput, and can also be implemented with very low area. In this section, we summarize the algorithm specifications of Shabal. It uses a sequential iterative hash construction to process messages in blocks of 512 bits (see Figure 1). Shabal operates with 32-bit words, so each 512-bit input block Mi is partitioned into 16 words. Its internal state consists of the three components A (384 bits), B and C (both 512 bits). W stores a 64-bit message-block counter. In Figure 1, the boxed plus sign (represents a 32-bit addition (modulo 2 32), and the boxed minus sign (represents a 32-bit subtraction (modulo 2 32). Circled plus sign (⊕) represents a bit-by-bit XOR operation.
Field Programmable Gate Arrays (FPGAs) are becoming increasingly popular for use within high integrity and safety critical systems. One commonly used coding language for their configuration is the VHSIC Hardware Description Language (VHDL). Whilst VHDL is used for hardware description, it is developed in a similar way to traditional software, and many safety critical software certification standards require the use of coding subsets and style guidance in order to ensure known language vulnerabilities are avoided. At present there is no recognized, public domain guidance for VHDL. This paper draws together many different sources to provide a starting discussion for a VHDL subset.
Hash functions are widely used in, and form an important part of many cryptographic protocols. Currently, a public competition is underway to find a new hash algorithm(s) for inclusion in the NIST Secure Hash Standard (SHA-3). Computational efficiency of the algorithms in hardware will form one of the evaluation criteria. In this paper, we focus on five of these candidate algorithms, namely CubeHash, Grostl, Lane, Shabal and Spectral Hash. Using Xilinx Spartan-3 and Virtex-5 FPGAs, we present architectures for each of these hash functions, and explore area-speed trade-offs in each design. The efficiency of various architectures for the five hash functions is compared in terms of throughput per unit area. To the best of the authors' knowledge, this is the first such comparison of these SHA-3 candidates in the literature.
Since their inception, field-programmable gate arrays (FPGAs) have grown in capacity and complexity so that now FPGAs include millions of gates of logic, megabytes of memory, high-speed transceivers, analog interfaces, and whole multicore processors. Applications running in the FPGA include communications infrastructure, digital cinema, sensitive database access, critical industrial control, and high-performance signal processing. As the value of the applications and the data they handle have grown, so has the need to protect those applications and data. Motivated by specific threats, this paper describes FPGA security primitives from multiple FPGA vendors and gives examples of those primitives in use in applications.
The purpose of Handbook of FPGA Design Security is to provide a practical approach to managing security in FPGA designs for researchers and practitioners in the electronic design automation (EDA) and FPGA communities, including corporations, industrial and government research labs, and academics. Handbook of FPGA Design Security combines theoretical underpinnings with a practical design approach and worked examples for combating real world threats. To address the spectrum of lifecycle and operational threats against FPGA systems, a holistic view of FPGA security is presented, from formal top level specification to low level policy enforcement mechanisms. This perspective integrates recent advances in the fields of computer security theory, languages, compilers, and hardware. The net effect is a diverse set of static and runtime techniques that, working in cooperation, facilitate the composition of robust, dependable, and trustworthy systems using commodity components.
version 1.3, December 16, 2010 * This document is a revised version of the supporting documentation submitted to NIST on October 31, 2008. As such, it does not cite all relevant references published from that date. The hash functions specified are the "tweaked" versions, as submitted for the final of the SHA-3 competition. The original submitted functions were called BLAKE-28, BLAKE-32,BLAKE-48, and BLAKE-64; the tweaked versions are BLAKE-224, BLAKE-256, BLAKE-384, and BLAKE-512.
We propose compact architectures of the SHA-3 candidates BLAKE-32 and BLAKE-64 for several FPGA families. We harness the intrinsic parallelism of the algorithm to interleave the computation of four instances of the Gi function. This approach allows us to design an Arithmetic and Logic Unit with four pipeline stages, and to achieve high clock frequencies. With careful scheduling, we completely avoid pipeline bubbles. For the time being, the designs presented in this work are the most compact ones for any of the SHA-3 candidates. We show for instance that a fully autonomous implementation of BLAKE-32 on a Xilinx Virtex-5 device requires 56 slices and two memory blocks.
With Security in Computing Systems, Joachim Biskup introduces, surveys and assesses the fundamentals of security with respect to all activities that individuals or groups directly or indirectly perform by means of computers and computer networks. He has organized his comprehensive overview on multilateral security into four cross-referencing parts: challenges and basic approaches; fundamentals of information flow and inference control; security mechanisms with an emphasis on control and monitoring on the one hand and on cryptography on the other; and implementations. Besides presenting informal surveys and introductions to these topics, the book carefully elaborates the fundamental ideas by at least partially explaining the required precise formalizations and outlining the achieved mathematical verifications. Moreover, the need to employ the various security enforcement methods in a well-coordinated way is emphasized and thoroughly exemplified, and this includes case studies on UNIX, Oracle/SQL, CORBA, Kerberos, SPKI/SDSI and PGP. Overall, this monograph provides a broad and comprehensive description of computer security threats and countermeasures, ideal for graduate students or researchers in academia and industry who require an introduction to the state of the art in this field. In addition, it can be used as the basis for graduate courses on security issues in computing. © 2009 Springer-Verlag Berlin Heidelberg. All rights are reserved.
In this paper, we present an efficient FPGA implementation of the SHA-3 hash function candidate Shabal [7]. Targeted at the recent Xilinx Virtex-5 FPGA family, our design achieves a relatively high throughput of 2 Gbit/s at a cost of only 153 slices, yielding a throughput-vs.-area ratio of 13.4 Mbit/s per slice. Our work can also be ported to Xilinx Spartan-3 FPGAs, on which it supports a throughput of 800 Mbit/s for only 499 slices, or equivalently 1.6 Mbit/s per slice.
According to the SHA-3 Zoo website [1], this work is among the smallest reported FPGA implementations of SHA-3 candidates, and ranks first in terms of throughput per area.
Standardized 32-bit cyclic redundancy codes provide fewer bits of guaranteed error detection than they could, achieving a Hamming Distance (HD) of only 4 for maximum-length Ethernet messages, whereas HD=6 is possible. Although research has revealed improved codes, exploring the entire design space has previously been computationally intractable, even for special-purpose hardware. Moreover, no CRC polynomial has yet been found that satisfies an emerging need to attain both HD=6 for 12K bit messages and HD=4 for message lengths beyond 64 Kbits. This paper presents results from the first exhaustive search of the 32-bit CRC design space. Results from previous research are validated and extended to include identifying all polynomials achieving a better HD than the IEEE 802.3 CRC-32 polynomial. A new class of polynomials is identified that provides HD=6 up to nearly 16K bit and HD=4 up to 114K bit message lengths, providing the best achievable design point that maximizes error detection for both legacy and new applications, including potentially iSCSI and application-implemented error checks.
Reconfigurable computing in hardware security - a brief review and application
- F Bîrleanu
- N Bizon
Principles, Architectures and Challenges for Ensuring the Integrity, Internal Control and Security of Embedded Systems
- N Bîrleanu
- Bizon
Ensuring Design Integrity through Analysis of FPGA Bitstreams and IP Cores
- J P Graf
- S H Harper
- L W Lerner
The SHA-3 Family of Cryptographic Hash Functions and Extendable-Output Functions
- J L G Pardo