an encryption-enabled network protocol accelerator
Post on 11-Feb-2016
65 Views
Preview:
DESCRIPTION
TRANSCRIPT
IHPIm Technologiepark 2515236 Frankfurt (Oder)
Germany
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2008 - All rights reserved
An Encryption-Enabled Network Protocol Accelerator
Steffen Peter, Mario Zessack, Frank Vater, Goran Panic, Horst Frankenfeldt, and Michael Methfessel
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2008 - All rights reserved
Outline
• Motivation
• TCP
• General Hardware Design
• Cryptographic Accelerators
• Implementation
• Conclusions
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2008 - All rights reserved
Motivation
Wireless sensor network
Tiny sensor nodesCluster head
Internet
• standard TCP • high data rates• security• low energy
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2008 - All rights reserved
Motivation
• Increasing amount of data • even in mobile and ubiquitous scenarios • need for good transport performance
• Low cost• Small silicon area• Energy efficient
• Need for security• Secrecy, Integrity, Reliability
• Support of standard protocols• TCP (transport)• AES (data encryption)• ECC/ECDSA (signature, key agreement)
Is dedicated hardware the solution?
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2008 - All rights reserved
TCP
• Standard transport protocol of the Internet• Connection-based protocol
- Three-way handshake- Complicated connection tear-down
• Basic data integrity mechanism- Checksum
• Error correction mechanisms- Fast retransmit, slow (re-)start, many others
• Flow control- Buffer and congestion control
• No actual security mechanisms
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2008 - All rights reserved
TCP – Profiling Results
Transmit Receive
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2008 - All rights reserved
TCP Profiling – Implications
• Copying data consumes most time and energy• Reduce copy operations as much as possible
• Protocol handling needs merely 1/5th of the total computation• Is it worth hard-wiring the TCP state machines in hardware?• Trade-off performance flexibility
• Checksum is the most expensive computation• The obvious dedicated hardware unit• How to integrate in the data flow?
• Memory allocation needs more than 5 percent of time• Can a dedicated unit help here?
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2008 - All rights reserved
TCP Profiling – Our Answers• One copy architecture
• Data is copied directly from the peripheral handler to the right memory location (assigned by CPU)
• During this one copy operation other operational blocks (checksum, encryption) listen on the bus and do their work
• MIPS CPU performs complicated (but low effort) TCP logic• Connection build-up/tear-down, error handling, congestion control• Software handling allows protocol variations and debugging
• Dedicated checksum-block• checksum block computes checksum during the one copy operation
• No dedicated memory manager unit• Hard-wired memory manager reduces time by 77 percent (from 5%1%)• BUT high hardware costs (300 flip-flops) and lack of flexibility
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2008 - All rights reserved
General Design
CPU
Host interface handler
to Host
SRAM
RF Data I/O
to MAC/PHY
Checksum
System Bus
• MIPS CPU handles complex protocols.
• CPU never touches payload
• Internal 32 kByte SRAM stores packets.
• AMBA bus connects system components.
• Standard bus system allows modular approach.• Periperhal bus (APB) connects GPIO, UART, SPI ports.
• System concept: interacting independent units.• Units exchange commands and status using register file.• General-purpose formalism for command/status syntax.
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2008 - All rights reserved
• Packet received and Checksum ok?
General Design - Flow
CPU
Host interface handler
to Host
SRAM
RF Data I/O
to MAC/PHY
Check-sum
System Bus
• Incoming packet
• Basic header processing• Select memory slot for packet
Sleeps
Wakeup
• Full header processing• Window update• Alloc memory slot for next packet• Signal application
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2008 - All rights reserved
Results (Performance and power consumption)
• Simulation results: split power among different entities.• Maximal data rate in pure software on MIPS is 20.7 Mbit/sec.• Hardware accelerators reduce load on CPU and save 50% of power.• Maximal data rate with hardware accelerators is 40 Mbit/sec.
Case Rate CPU CPU AMBA Reg- Card- EPP/ Total (Mb/sec) active bus file bus UA powerSW 20.7 100% 60 14 7 4 4 89 mWHW 20.7 15% 9 14 7 4 12 46 mWHW 40.0 31% 18 14 7 4 12 55 mW
• Measured power consumption is 2.5 times simulated power. • Measured power includes pads.• Consumed power varies for different production runs.
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2008 - All rights reserved
Cryptographic Accelerators
• AES (Advanced Encryption Standard)• Symmetric stream cipher• Suitable for low-power high-throughput data streams• Standardized in November 2000
(NIST/National Institute for Standards and Technology; USA)• Input data length: 128 bit; key length: 128, 196, 256 bit• Assumed to be secure for the next 70 years
• ECC (Elliptic Curve Cryptography)• Asymmetric cryptography• Suitable signatures and key-establishment• Key length 160-571 bit (NIST standard)
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2008 - All rights reserved
Advanced Encryption Standard (AES)
• Huge design space• Sharing S-Boxes reduces performance but leads to smaller designs• Pipelining and Parallelism boost performance – but cost area and energy
Data
Key
xor S-Box Shiftrow
MixColumn
Calckey
Output data
10 Rounds
I H PM i c ro e l ec t r o
17
84 30 AE
97 38 AD 43
58 7A 0E
67 CF FE 80
CB
S E CR E TK E Y
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2008 - All rights reserved
AES - Results
• Throughput: ~52 MBit/s @33 Mhz (includes input and output of the data blocks)
• Size: 0.336mm² in 0.25 CMOS (8,450 equivalent gates)• 70 clock cycles per 128 bit data block for en-/decryption• 72 times faster than software implementation on MIPS (33 MHz)
and it requires 0.4% energy of the software solution
Company Size Gates
Clock cycles
Clock frequency
Throughput
Elliptic Semi: AES 8.000 +1.400 bit Memory
379 100 MHz 33,7 Mbit/s
IHP AES 8.450 70 66 MHz 108MBit/s
IAIK Graz 8.930 64 64 MHz 128MBit/s
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2008 - All rights reserved
Elliptic Curve Cryptography (ECC)
• Asymmetric cryptography• Basis for many key exchange and signature algorithms (ECDSA)
• Trapdoor : Elliptic Curve Point Multiplication• one can compute: Q = kP• it is infeasible to determine k for given Q and P
• Higher security with shorter key lengths• about 1/10th of RSA’s key size
• Still operations on Elliptic Curves are expensive• one 233 bit EC Point multiplication needs:
1200 additions, 1500 multiplications, 800 squarings, 1 division (233 bit each in the finite field)
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2008 - All rights reserved
ECC - Design
•Asymmetric cryptography
•Trapdoor : Elliptic Curve Point Multiplication– one can compute: Q = kP– it is infeasible to determine k for given Q and P
• Utilization 95%15%
50%• Area70%5%
20%
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2008 - All rights reserved
ECC – Implementation Results• Time for one ECPM (233 bit):
• MIPS: 410 ms• HW: 0.4 ms
• Energy for one ECPM (233 bit):• MIPS: 16 mWs• HW: 0.03 mWs
Company Size KGates
Energy mWs
Time/Opms
Technology used
Elliptic Semi: B-233 71 0.14 6.68 0.13µm
IBM B-163 117 - 0.19 0.13µm
IHP B-233 72-42 0.02-0.04 0.08-0.35 0.25µm
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2008 - All rights reserved
Implemented Chip (Design)
MIPSProcessor
Core
I-Cache(16 kB)
Brid
ge(M
aste
r)
SRAM (32 kB)
&
CardBus(Master)
UART
UART 0 (Master)
CardBus (Linux/Windows Host)
Sum1
AMBA AHB Bus
AES
SRAM
FlashD-SPRAM
(8 kB)
Memory Controller(AHB Slave)
Internal SRAM (32 kB)
Registers&
Control
Data I/O Control (Master)Packet Filter / Checksum
GPIO
Serial 1+2
CheckSum
CPU Control Bus
AES / MD5
Data I/O
UARTEPPECC
GPIOBrid
geEJTAG(Debug)
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2008 - All rights reserved
Implemented Chip (Chip Photo)
Size: 7.3 x 7.4 mm (54 mm²)Core: 44 mm² Pads: 219 in QFP256 packageTransistors: 4.8 M in 0.25μmPacket SRAM: 32 kByteInstruction cache: 16 kByteData scratchpad: 8 kByte
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2008 - All rights reserved
Implementation (Test Board)
Allows:
• Testing the implementation in practice
• Tests of interoperability• Performance tests• Energy measurements
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2008 - All rights reserved
Conclusions
• Profiling of TCP/IP code identified bottlenecks• TCP checksum and copying use 90% of power.• High data rate needs hardware accelerators.
• Chip is a hardware solution for TCP/IP handling• Takes care of middle protocol layers efficiently.
• AMBA-based bus as prototype for modular systems• Assemble different systems quickly.• Pre-tested components lead to reliability.
• Cryptographic components allow security for low-cost• Designs for AES and ECC improve performance and energy consumption
for security operations by three orders of magnitute.• TCP chip creates basis for further developments
• Extension to higher data rates (Gbit/sec).• Use as component of complex single-chip systems.
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2008 - All rights reserved
Thank You
Questions?
peter@ihp-microelectronics.com
top related