簡易檢索 / 詳目顯示

回結果列表
研究生: 賈證主
Chia, Chung-Chu
論文名稱: 為著現代資訊安全協定具有隨機組態設定與管線排程之多元加密系統
Randomly Configured and Pipeline Scheduled Multi-Cipher Cryptosystem for Modern Secure Protocols
指導教授: 楊中平
Young, Chung-Ping
學位類別: 博士
Doctor
系所名稱: 電機資訊學院 - 資訊工程學系
Department of Computer Science and Information Engineering
論文出版年: 2012
畢業學年度: 100
語文別: 英文
論文頁數: 97
中文關鍵詞: 資訊安全協定多元加密硬體排程單晶網路
外文關鍵詞: Secure protocols, Multi-cipher, Hardware scheduling, Network on a Chip
相關次數: 點閱:77下載:0
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報

    • 本論文主旨在探討如何建構一種具有同時處理多種加密演算法及其加密組態的多核心系統,它可以在每個通訊階段前進行隨機組態設定及多核心加密系統的工作排程,以有效降低現代資訊安全協定中,單一一種演算法及其加密模式以及單一一把金鑰的使用時間,並且提高整個加密系統的資料產出量。隨機組態設定可以有效隱藏每次通訊之中多核心加密系統的組態,系統根據這個組態,在實際進行通訊之前會進行一次多核心處理器的工作排程設計,以獲得最大產出。這個多元加密系統可以在一個通訊階段使用許多的加密核心,每個加密核心能夠使用不同的私密金鑰來獨立執行一種演算法及其工作模式。加密核心可以是一個加密專用的硬體或者是使用微處理器來實現。除此之外,隨機組態設定的結果可能需要大量的加密核心來達到系統最大產出量。因此,傳統匯流排已經無法提供足夠的頻寬來滿足高產出的需求,再加上處理器海的設計容易受到時脈訊號偏移而不穩定。因此,本論文還建構了一個晶片網路模擬平台來解決多核心系統規模增加時的設計問題,這個平台源自於蜘蛛網拓撲,它的架構具有很好的延展性,根據這個單晶網路拓撲,每個晶片中的節點數量是可以做彈性調整的,若要進行系統擴充,也可以很容易的將數個晶片連接起來,以滿足不同組態所需要的核心數量。因此,在現代資訊安全協定中,本論文所提出的多元加密系統不僅可行而且是值得推廣的。

    To shorten the exposure time of a specific cipher algorithm as a communication session has been sustained for long, the employment of automatic switch between multiple cipher algorithms per session basis is proposed. In addition, to hide the scheduling sequence and upgrade the throughput, random configuration and pipelined scheduling for diverse encryption bursts are proposed. Furthermore, when the proposed cryptosystem requires a large number of cipher cores, a simplified and extensible spidegon network-on-chip (NoC) platform is built and simulated to provide enough bandwidth and resolve clock skew problems for sea-of-processor implementations.
    It is obvious that merely employing a single cipher algorithm with a specific mode of operation and a single session key per session basis in nowadays secure protocols may ease a continuous tracking of a specific cipher algorithm over a communication session. Therefore, a piece of broken information leads to the decipherment of whole session information. Due to frequent switch between diverse cipher suits in the proposed cryptosystem, each encryption burst is short and independent. Even if a short burst is broken, the impact to the whole session information may be still negligible. Consequently, the proposed cryptosystem is worthy to be promoted for modern secure protocols.

    Content Content IV List of Tables VII List of Figures VIII 1 Introduction 1 1.1 Classification of Cryptosystems............................................. 1 1.2 Modern Secure Protocols................................................................. 3 1.3 FPGAs vs. ASICs in Cipher Hardware Implementations............ 7 1.4 The Shortcomings in Modern Secure Protocols.............................. 9 1.5 Sea-of-Processor Cryptosystem via NoCs.................................... 9 1.6 Features of the Proposed Cryptosystem..................................... 10 2 Literature Review 13 2.1 Single Cipher per Session Basis........................................ 13 2.2 Multiple Ciphers per Session Basis..................................... 15 2.3 Dedicated vs. MCU-Based Hardware Accelerators......................... 16 3 Fast Multi-Cipher Transformation 18 3.1 Cipher Bursts Scheduling.............................................. 18 3.1.1 General form................................................. 20 3.1.2 Special form in uniform length allocation.......................... 22 3.2 Fast Multi-Cipher Transformation.......................................... 24 3.2.1 Reversible and pipelined model .................................. 24 3.2.2 Scheduling algorithm........................................... 26 3.2.3 Throughput estimation........................................ 28 3.3 Design of a Sample FMCT Accelerator................................... 30 3.3.1 The underlined hardware using a sample FMCT................. 30 3.3.2 Base cipher cores................................................ 31 3.3.3 Control registers access and data dispatching via PLB-IPIF.. 35 3.3.4 Performance evaluation........................................... 37 4 Random Configuration and Pipeline Scheduling for MCU-based Multi-cipher Cryptosystem 40 4.1 Random Configuration.................................................... 40 4.2 Pipeline Scheduling after Random Configuration.......................... 43 4.3 Example of a Random Configuration and Its Scheduling................. 45 4.4 Critical Exposure Time.................................................... 47 5 Simulation Platform and Simulation Result 49 5.1 An Extensible Spidergon NoC.............................................. 49 5.1.1 Design overview.................................................... 49 5.1.2 Modilfied Wishbone bus............................................ 51 5.1.3 Basic components.............................................. 54 5.2 IP Address and MASK Assignment........................................ 57 5.3 Deadlock Prevention.................................................. 59 5.3.1 The retrying mechanism........................................... 59 5.3.2 Deadlock conditions................................................. 61 5.3.3 Deadlock prevention with virtual output queue................... 63 5.3.4 Simulation of deadlock prevention.................................. 65 5.4 Packet Latency Analysis.............................................. 70 5.4.1 Local packet latency analysis........................................ 70 5.4.2 Global packet latency analysis........................................ 72 5.5 A Simplified Spidergon NoC for the Proposed Cryptosystem............ 75 5.5.1 Virtual encryption burst........................................ 77 5.5.2 Scheduled packet latency and throughput estimation.......... 78 5.6 Simulation of an 16-node NoC multi-cipher cryptosystem............ 81 5.6.1 Pipeline scheduling using uniform length allocation and virtual encryption time........................................... 81 5.6.2 Packet switching overhead.................................. 84 5.7 Recommended topology............................................ 87 6 Conclusion................................................................ 89 Bibliography.......................................................................... 91 Biographical notes.......................................................................... 97 List of Tables Table 2.1 Related hardware accelerators for modern secure protocols.............. 15 Table 3.1 Performance of cipher implementations using FPGA.......................... 38 Table 3.2 Resource consumption of Vertex-II Pro XPC2VP30 FF896-7........... 38 Table 4.1 Example of diverse cipher suits to clarify the cipher bursts scheduling 45 Table 4.2 Example of diverse cipher bursts scheduling based on Table 3.3. ....... 46 List of Figures Figure 1.1 Secure socket layer protocol........................................ 3 Figure 1.2 Overview of the SSL handshake.................................... 5 Figure 1.3 An on-chip-network cryptosystem........................................ 11 Figure 3.1 The encrypting burst of EEj............................................ 19 Figure 3.2 Timing diagram of randomly scheduled encrypting elements with diverse encrypting burst.................................................. 20 Figure 3.3 Timing diagram of pipeline scheduled encrypting elements with diverse encrypting burst................................................. 21 Figure 3.4 The encryption burst of EEj............................................ 23 Figure 3.5 Pipelined model of crypto-coprocessors for encrypting............... 25 Figure 3.6 Pipeline model of crypto-coprocessors for decrypting............... 25 Figure 3.7 The scheduling algorithm for system configuration.................. 27 Figure 3.8 Hardware block diagram............................................. 31 Figure 3.9 PLB IPIF Block Diagram............................................... 36 Figure 3.10 A tested data set for sample FMCT.............................................. 39 Figure 4.1 A MCU-based encryption element with a network interface.......... 41 Figure 4.2 Diverse cipher bursts scheduling for maximizing the throughput...... 42 Figure 5.1 Commonly used NoC topologies................................. 50 Figure 5.2 An extensible spidergon NoC with size=4 in each granularity........ 51 Figure 5.3 A NI with wishbone bus........................................ 52 Figure 5.4 A TX controller.................................................. 53 Figure 5.5 A RX controller.................................................. 53 Figure 5.6 Domain chart.................................................. 58 Figure 5.7 IP and MASK assigned in each layer.............................. 58 Figure 5.8 Example of IP and MASK assignment.................................... 59 Figure 5.9 A deadlock condition occurs between two nodes.................... 61 Figure 5.10 Deadlock condition occurs in circulant transmission.................... 62 Figure 5.11 A virtual output queue before a TX interface.................... 62 Figure 5.12 A state machine for packet switching via a VOQ.................... 64 Figure 5.13 Simulation for deadlock condition between two nodes.................... 64 Figure 5.14 Simulation for deadlock condition between two nodes.................... 67 Figure 5.15 Simulation for deadlock prevention between couple nodes.......... 67 Figure 5.16 Parameters set for a deadlock condition in circulant transmission mode....................................................... 68 Figure 5.17 Simulation for deadlock condition in a circulant transmission mode 65 Figure 5.18 Simulation for deadlock prevention in a circulant transmission mode via VOQs.................................................. 69 Figure 5.19 Maximum local transport latency.............................. 70 Figure 5.20 Maximum local packet latency analysis with maximum buffer length=512.................................................. 74 Figure 5.21 Maximum global packet latency analysis with maximum buffer length=512............................................................ 74 Figure 5.22 A simplified and extensible spidergon NoC.............................. 75 Figure 5.23 Packetized plaintext and ciphertext.............................. 76 Figure 5.24 Scheduled packet latency analysis using virtual encryption time with maximum buffer length=512........................................ 79 Figure 5.25 Performance loss due to output delay measured in varied throughput coefficients.................................................................... 79 Figure 5.26 an 16-node NoC multi-cipher cryptosystem for simulation............... 82 Figure 5.27 A pipeline scheduled multi-cipher cryptosystem with 14 encryption elements.............................................................. 82 Figure 5.28 Timing diagram of a pipeline scheduled multi-cipher cryptosystem with 14 encryption elements via uniform length allocation........... 83 Figure 5.29 Simulation result of a multi-cipher cryptosystem shown in figure 5.28 using virtual encryption bursts................................. 83 Figure 5.30 The packet switching overhead (PSO) shown in the simulation result...................................................... 85 Figure 5.31 Performance loss measured in varied minimum buffer lengths due to packet switch overheads................................................ 86 Figure 5.32 A super5-rooted 4-ary complete tree................................................ 87 Figure 5.33 The proposed OCNC interconnection............................................... 88

    [1] The official IPsec Howto for Linux, http://www.ipsec-howto.org/.
    [2] Openssl Project, http://www.openssl.org/.
    [3] An overviews of cryptography, http://www.garykessler.net/library/crypto.html.
    [4] T. Wollinger, J. Guajardo, and C. Paar,"Cryptography on FPGAs: State of the Art Implementations and Attacks," ACM Special Issue Security and Embedded Systems, Volume 3, Issue 3, August 2004.
    [5] S. D. Brown, “Field-Programmable Gate Arrays,” Kluwer Academic Publishers, 1992.
    [6] P.K. Chan and M.D.F. Schlag, “Architectural tradeoffs in field-programmable-device-basedcomputing systems,”, Proceedings. IEEE Workshop on FPGAs for Custom Computing Machines, pp. 152-161,1993.
    [7] Volatile FPGA design security - a survey, http://www.cl.cam.ac.uk/~sd410.
    [8] S. Dimmer, "Security for volatile FPGAs," http://www.cl.cam.ac.uk/.
    [9] L. C. Caruso, G. Guindani, H. Schmitt, N. Calazans, and F. Moraes, "SPP-NIDS - A Sea of Processors Platform for Network Intrusion Detection Systems," 18th IEEE/IFIP International Workshop on Rapid System Prototyping (RSP '07), pp.27-33, 2007.
    [10] NoCS, www.nocsymposium.org/.
    [11] L. Benini and G. D. Micheli, "Networks on Chips: A New SoC Paradigm," IEEE Computer, vol. 35, pp.70-78, Jan. 2002.
    [12] W. J. Dally, and B. Towles, "Route packets, not wires: on-chip interconnection networks," in Proceedings of the Design Automation Conference (DAC), pp.684-689, Las Vegas, NV, June 2001.
    [13] K. Yoshigoe and K. J. Christensen,"A Parallel-Polled Virtual Output Queued Switch with a Buffered Crossbar," IEEE HPSR, pp.271-275, May. 2001.
    [14] A. Mello, L. Moller, N., and Calazans, F. Moraes,"MultiNoC: A Multiprocessing System Enabled by a Network on Chip," IEEE DATE, pp.234-239, Mar. 2005.
    [15] A. Jerraya, H. Tenhunen, and W. Wolf, "Multiprocessor System-on-chips. IEEE Computer magazine," Vol. 38, No. 7, July 2005.
    [16] C. P. Young, C. C. Chia, Y. B. Lin, an L. B. Chen,"Fast multi-cipher transformation and its implementation for modern secure protocols," International Journal of Innovative Computing, Information and Control, Vol. 7, No. 8, pp. 4941-4954, Aug. 2011.
    [17] A. Dandalis and V. K. Prasanna, "An Adaptive Cryptographic Engine for Internet Protocol Security Architectures," ACM Trans. Design Automation of Electronic Systems, Vol. 9, no. 3, pp.333-353, 2004.
    [18] C. P. Young, C. C. Chia, L.B. Chen, and I. J. Huang, "On-Chip-Network cryptosystem: A high throughput and high security architecture," IEEE Asia Pacific Conference on Circuits and Systems (APCCAS 2008), Macao, 2008.
    [19] N. S. Laovs, A. Priftis, P. Kitsos, and O. Koufopavlou,"Reconfigurable crypto process design of encryption algorithms operation modes methods and FPGA integration," Proceedings of the IEEE International Midwest Symposium on Circuits and Systems, pp. 811–814, 2003.
    [20] National Institute of Standards and Technology (NIST). (2003), "Recommendation of block cipher security methods and techniques,"
    http://csrc.nist.gov/.
    [21] A. Alshamsi and T. Saito, "A technical comparison of IPSec and SSL," 19th International Conference on Advanced Information Networking and Applications, AINA 2005.
    [22] R. Taylor and S. Goldstein, "A High-Performance Flexible Architecture for Cryptography," Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems, pp. 231-245, 1999.
    [23] A. J. Elbirt, and P. Christof, "An Instruction-Level Distributed Processor for symmetric-Key Cryptography," IEEE Trans. Parallel and Distributed Systems, Vol. 16, No. 5, pp.468-480, 2005.
    [24] B. L, Hutchings, and M.J. Wirthlin,” Implementation Approaches for Reconfigurable Logic Applications,” Field-Programmable Logic and Applications, pp.419- 428, 1995.
    [25] L. Wu, C. Weaver, and T. Austin, "CryptoManiac: A Fast Flexible Architecture for Secure Communication," Proceedings of the IEEE International Symposium on Computer Architecture, pp. 110–119, 2001.
    [26] Kitsos, P., et al., "64-bit Block ciphers: hardware implementations and comparison analysis," Computers and Electrical Engineering, Vol. 30, No.8, pp. 593-604, 2004.
    [27] A. Dandalis,V. K. Prasanna, and J. Rolim,"A Comparative Study of Performance of AES Final Candidates Using FPGAs," In Proc. Cryptographic Hardware and Embedded Systems Workshop, CHES, p. 17-18, 2000.
    [28] DATA ENCRYPTION STANDARD (DES).
    http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf.
    [29] P. Kitsos, S. Goudevenos, and O. Koufopavlou, "VLSI implementations of the triple-DES block cipher. Electronics Circuits and Systems," ICECS 2003.
    [30] P. Hamalainen, et al., "Configurable hardware implementation of triple-DES encryption algorithm for wireless local area network," IEEE International Conference on Acoustics, Speech, and Signal Processing, 2001. Proceedings.(ICASSP'01), 2001.
    [31] ML310 development kit,
    http://140.116.245.161/MT/Xilinx_ML310_1061513-03/datasheets.html.
    [32] Processor Local Bus (PLB) v3.4 (v1.02a) Specification, http://www.xilinx.com/.
    [33] Free open source IP cores and chip design, http://www.opencores.org, 2006.
    [34] PLB IPIF (v2. 02a), DS448., http://www.xilinx.com/.
    [35] I. Kim, C.S. Steele, and J.G. Koller, “A Fully Pipelined, 700MBytes/s DES Encryption Core,”. Proceedings of Ninth Great Lakes Symposium on VLSI, p. 386, 1999
    [36] Dandalis, A., V.K. Prasanna, and J.D.P. Rolim, A Comparative Study of Performance of AES Final Candidates Using FPGAs. Proc. Cryptographic Hardware and Embedded Systems Workshop, CHES, 2000: p. 17-18.
    [37] K. Gaj and P. Chodowiec, "Fast Implementation and Fair Comparison of the Final Candidates for Advanced Encryption Standard Using Field Programmable Gate Arrays," Proc. RSA Security Conference-Cryptographer's Track, April, 2001.
    [38] Kitsos, P., et al., "64-bit Block ciphers: hardware implementations and comparison analysis," Computers and Electrical Engineering, 2004. 30(8): p. 593-604.
    [39] M. McLoone, and J.V. McCanny, "A high performance FPGA implementation of DES. Signal Processing Systems," IEEE Workshop on SiPS 2000. pp. 374-383.
    [40] Y. B. Lin, "Software and Hardware Design of a Multi-cipher Cryptosystem for Embedded Systems," Master thesis, Department of Computer Science and Information Engineering, National Cheng Kung University, 2008.
    [41] S. P. Singh, S. Bhoj, D. Balasubramanian, T. Nagda, D. Bhatia, and P. Balsara, "Network interface for NoC based architectures," International Journal of Electronics Vol. 94, Iss. 5, 2007.
    [42] S. Lupetti, "Data popularity and shortest-job-first scheduling of network transfers," International Conference on Digital Telecommunications, ICDT '06,pp.26, 2006.
    [43] J. Wolkerstorfer, E. Oswald, and M. Lamberger, "An ASIC implementation of the AES SBoxes," Proc. RSA Conference, 2002.
    [44] I. Verbauwhede, P. Schaumont, and H. Kuo, "Design and performance testing of a 2.29-GB/s Rijndael processor," IEEE Journal of Solid-State Circuits, Vol 38, Issue 3, pp. 569-572, 2003.
    [45] A. Hodjat, and I. Verbauwhede, "Speed-area trade-off for 10 to 100 Gbits/s throughput AES processor," Signals, Conference Record of the Thirty-Seventh Asilomar Conference on Systems and Computers, 2003.
    [46] C. Caltagirone and K. Anantha, "High throughput, parallelized 128-bit AES encryption in a resource-limited FPGA," Proceedings of the fifteenth annual ACM symposium on Parallel algorithms and architectures, pp. 240-241,2003.
    [47] G. Rouvroy, et al., "Efficient Uses of FPGAs for Implementations of DES and Its Experimental Linear Cryptanalysis," IEEE TRANSACTIONS ON COMPUTERS, pp. 473-482, 2003.
    [48] G. Rouvroy, et al., "Design strategies and modified descriptions to optimize cipher FPGA implementations: fast and compact results for DES and triple-DES," Proceedings of the 2003 ACM/SIGDA eleventh international symposium on Field programmable gate arrays, pp. 247-247, 2003.
    [49] K.Yoshigoe, and K. J. Christensen, "A Parallel-Polled Virtual Output Queued Switch with a Buffered Crossbar," IEEE HPSR, pp.271-275, May. 2001.
    [50] A. Zitouni, M. Zid, S. Badrouchi, and R. Tourki, "A Generic and Extensible Spidergon NoC," World Academy of Science, Engineering and Technology 31 2007.
    [51] Spidergon STNoC Design Flow
    http://www.comcas.eu/publications/Spidergon_STNoC_Design.pdf.
    [52] M. Moadeli, A. Shahrabi, W. Vanderbauwhede, and Ould-Khaoua, "An Analytical Performance Model for the Spidergon NoC," AINA, pp.1014-1021, 21st International Conference on Advanced Networking and Applications (AINA '07), 2007.
    [53] M. Moadeli1, P. Maji2, W. Vanderbauwhede, "Quarc: a High-Efficiency Network on-Chip Architecture," International Conference on Advanced Information Networking and Applications, AINA '09, pp. 98-105, 2009.
    [54] "aEqualized:a Novel Routing Algorithm For The Spidergon Network On Chip",
    http://www.date-conference.com/proceedings/PAPERS/2009/DATE09/PDFFILES/07.3_1.PDF.
    [55] SoC Interconnection: Wishbone,
    http://opencores.org/opencores,wishbone.
    [56] Beyond MAC 10/100/1000 Ethernet Controller,
    http://www.beyondsemi.com/file/499/files/gbethernet_datasheet.pdf.
    [57] ENC424J600/624J600 Data Sheet,
    http://ww1.microchip.com/downloads/en/devicedoc/39935c.pdf.
    [58] Y. Ming, N. S. Artan, and H. J. Chao, "CNoC: High-Radix Clos Network-on-Chip," IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, Vol. 30, Issue 12, pp.1897-1910, 2011.
    [59] P.P. Pande et al., “Performance Evaluation and design Trade-offs for Network-on-Chip Interconnect Architectures,” IEEE Trans. Computers, vol. 54, pp. 1025-1040, Aug. 2005.
    [60] C. P. Young, C. C. Chia, and Y. B. Lin,"The design and transport latency analysis of a locality-aware network on chip architecture," IEEE Asia Pacific Conference on Circuits and Systems (APCCAS 2008), Macao. Nov. 30, 2008.
    [61] C. P. Young, C. C. Chia, L.B. Chen, and I. J. Huang, "NCPA: A Scheduling Algorithm for Multi-cipher and Multi-mode Reconfigurable Cryptosystem. IEEE International Conference on Intelligent Information Hiding and Multimedia Signal Processing, (IIHMSP '08) , Harbin, 15-17 Aug. 2008.
    [62] C. P. Young, Y. B. Lin, and C. C. Chia, "Software and hardware design of a multi-cipher cryptosystem" IEEE TENCON 2009, Singapore. 23-26 Jan. 2009.

    無法下載圖示 校內:2017-09-14公開
    校外:不公開
    電子論文尚未授權公開,紙本請查館藏目錄
    QR CODE