Publication detail

Hardware-Accelerated Encryption with Strong Authentication

MARTINÁSEK, Z. HAJNÝ, J. MALINA, L. MATOUŠEK, D.

Original Title

Hardware-Accelerated Encryption with Strong Authentication

English Title

Hardware-Accelerated Encryption with Strong Authentication

Type

conference paper

Language

en

Original Abstract

With the growing amount of data transferred over communication networks, the high-speed encryption systems are becoming a hot topic. The paper is focused on the design and implementation of a hardware-accelerated encryption system based on 100 Gbps FPGA (Field Programmable Gate Array) network cards. First, an AES (Advanced Encryption Standard)-based encryption system is designed and implemented on the FPGA platform using the VHDL (VHSIC Hardware Description Language). The AES core is implemented using the GCM (Galois/Counter Mode) so that both confidentiality and integrity of data are provided. The AES core is then integrated with a strong authentication subsystem based on programmable smart-cards used for storing sensitive cryptographic material. The authentication subsystem implements the IKE protocol using shared secrets. In contrast to existing implementations, the keys used for authentication never leave a tamper-proof device in our system, all cryptographic operations are implemented on the smart-cards. The use of smart-cards significantly increases the security of the system as the keys do not have to be stored on a shared vulnerable file system any more. The resulting system is compliant with IPsec specification and will be interoperable with existing implementations. The paper contains the description of the system, results of the implementation benchmarks on the NFB-40G2 (Xilinx, Virtex-7) cards and proposals for next development.

English abstract

With the growing amount of data transferred over communication networks, the high-speed encryption systems are becoming a hot topic. The paper is focused on the design and implementation of a hardware-accelerated encryption system based on 100 Gbps FPGA (Field Programmable Gate Array) network cards. First, an AES (Advanced Encryption Standard)-based encryption system is designed and implemented on the FPGA platform using the VHDL (VHSIC Hardware Description Language). The AES core is implemented using the GCM (Galois/Counter Mode) so that both confidentiality and integrity of data are provided. The AES core is then integrated with a strong authentication subsystem based on programmable smart-cards used for storing sensitive cryptographic material. The authentication subsystem implements the IKE protocol using shared secrets. In contrast to existing implementations, the keys used for authentication never leave a tamper-proof device in our system, all cryptographic operations are implemented on the smart-cards. The use of smart-cards significantly increases the security of the system as the keys do not have to be stored on a shared vulnerable file system any more. The resulting system is compliant with IPsec specification and will be interoperable with existing implementations. The paper contains the description of the system, results of the implementation benchmarks on the NFB-40G2 (Xilinx, Virtex-7) cards and proposals for next development.

Keywords

AES, Authentication, Encryption, IPsec, FPGA, GCM, Security, Smart card

Released

02.06.2017

ISBN

2336-5587

Periodical

Security and Protection of Information

Year of study

1

Number

1

State

CZ

Pages from

1

Pages to

10

Pages count

10

Documents

BibTex


@inproceedings{BUT136731,
  author="Zdeněk {Martinásek} and Jan {Hajný} and Lukáš {Malina} and Denis {Matoušek}",
  title="Hardware-Accelerated Encryption with Strong Authentication",
  annote="With the growing amount of data transferred over communication networks, the high-speed encryption systems are becoming a hot topic. The paper is focused on the design and implementation of a hardware-accelerated encryption system based on 100 Gbps FPGA (Field Programmable Gate Array) network cards. First, an AES (Advanced Encryption Standard)-based encryption system is designed and implemented on the FPGA platform using the VHDL (VHSIC Hardware Description Language). The AES core is implemented using the GCM (Galois/Counter Mode) so that both confidentiality and integrity of data are provided. The AES core is then integrated with a strong authentication subsystem based on programmable smart-cards used for storing sensitive cryptographic material. The authentication subsystem implements the IKE protocol using shared secrets. In contrast to existing implementations, the keys used for authentication never leave a tamper-proof device in our system, all cryptographic operations are implemented on the smart-cards. The use of smart-cards significantly increases the security of the system as the keys do not have to be stored on a shared vulnerable file system any more. The resulting system is compliant with IPsec specification and will be interoperable with existing implementations. The paper contains the description of the system, results of the implementation benchmarks on the NFB-40G2 (Xilinx, Virtex-7) cards and proposals for next development.",
  booktitle="Security and Protection of Information",
  chapter="136731",
  howpublished="online",
  number="1",
  year="2017",
  month="june",
  pages="1--10",
  type="conference paper"
}