High-throughput programmable cryptocoprocessor

A. Hodjat, I. Verbauwhede
2004 IEEE Micro  
High-speed Internet Protocol security (IPsec) applications require high throughput and flexible security engines. Virtual private networks, for example, require a throughput of over 2 gigabits per second. IPsec uses the Advanced Encryption Standard 1 algorithm in various operation modes. 2 Most security applications combine AES and block ciphers in general with different operation modes because the straightforward electronic code book (ECB) mode is vulnerable to statistical attacks. 3 The US
more » ... ional Institute of Standards and Technology recommends block cipher modes of operation, 4 which, in addition to ECB, include cipher block chaining (CBC), counter, cipher feedback (CFB), output feedback (OFB), and CCM, a new mode that combines the counter and CBC-MAC (message authentication code) modes. CCM only requires the encryption algorithm and can generate encrypted and authenticated data simultaneously. 5 As the "Related Work on Programmable Security Engines" sidebar mentions, no current systems support all four modes: ECB, CBC, counter, and CCM. Recent Internet Society Request for Comments (RFC) efforts propose combining AES with block cipher modes, such as AES in counter mode with IPsec 6 and AES in XCBC-MAC with IPsec. 7 Other researchers use AES in counter and CCM modes for IPsec. 8 Standard proposals tend to change, but these changes are usually limited to initialization, setup, key management, and so on. Combining programmability with high throughput supports a wide range of current and future standards for security applications. A high-speed CPU is one way to implement security primitives. However, factors such as memory bandwidth and cache misses prevent the CPU from achieving multi-Gbps throughput. The "AES/Rijndael: Speed" Web site (http://www.tcs.hut.fi/~helger/aes/ rijndael.html) reports AES throughput on various CPUs at over 1 GHz. Optimized C code compiled with gcc (GNU Compiler Collection) 3.0.2 achieves only 861 Mbps on a 2.25-
doi:10.1109/mm.2004.11 fatcat:z46xetlq2re65hojayvlm3daoa