Reference Cryptographic Accelerator : Implementing AES Algorithm on an FPGA
Paldanius, Ossi (2018)
Metropolia Ammattikorkeakoulu
2018
All rights reserved
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2018060212094
https://urn.fi/URN:NBN:fi:amk-2018060212094
Tiivistelmä
Securing data in the evermore networked world of today, is a profound necessity that is embraced by a corporate world as well as an increasing awareness of the internet user base. One of the many important mechanisms of securing data is encrypting the data traffic traversing via public networks, which is a core concept behind this thesis. As the amounts of data transmitted through unsecured or public networks increase rapidly all the time, a demand for a low power consuming, yet highly efficient hardware acceleration solutions for encryption and decryption processes grow higher.
Whenever an encryption is involved in a product, designers need to address issues regarding securing the secret components that are involved in the ciphering process, such as the encryption keys. When introducing a hardware acceleration, the overall device design gets more complex. A careful planning and design trade-offs are to be made to get the security right in a cost effective manner.
For this thesis, a simple FPGA - based hardware accelerator device was built which can be placed between public and private networks. The device encrypts all data sent from a private to a public network and decrypts incoming data from a public to a private network. The key aspects of the design were, that the cryptographic acceleration is performed by a separate FPGA logic circuit, and that there is no possibility to breach the device from a public network side such, that e.g. encryption keys and other sensitive information would be compromised. Beyond describing the implemented device, this thesis discusses the difference between the device and real world products, and sheds some light into the problems that are present when designing them.
The hardware acceleration for designs using FPGAs, can be highly effective for increasing the computational performance of the cryptographic algorithms, if the algorithm used supports concurrency. The data transmission between different nodes in the system has to be carefully designed and implemented to be able to provide the increased throughput requirement. Also when a separate cryptographic accelerator nodes are added to the design, the security can be increased if properly designed.
Whenever an encryption is involved in a product, designers need to address issues regarding securing the secret components that are involved in the ciphering process, such as the encryption keys. When introducing a hardware acceleration, the overall device design gets more complex. A careful planning and design trade-offs are to be made to get the security right in a cost effective manner.
For this thesis, a simple FPGA - based hardware accelerator device was built which can be placed between public and private networks. The device encrypts all data sent from a private to a public network and decrypts incoming data from a public to a private network. The key aspects of the design were, that the cryptographic acceleration is performed by a separate FPGA logic circuit, and that there is no possibility to breach the device from a public network side such, that e.g. encryption keys and other sensitive information would be compromised. Beyond describing the implemented device, this thesis discusses the difference between the device and real world products, and sheds some light into the problems that are present when designing them.
The hardware acceleration for designs using FPGAs, can be highly effective for increasing the computational performance of the cryptographic algorithms, if the algorithm used supports concurrency. The data transmission between different nodes in the system has to be carefully designed and implemented to be able to provide the increased throughput requirement. Also when a separate cryptographic accelerator nodes are added to the design, the security can be increased if properly designed.