Design and Test of an Advanced Cryptographic Processor
博士 === 國立清華大學 === 電機工程學系 === 92 === With the rapid advance in communication technology, the use of networks and communication facilities for transmitting information between people, companies or countries has been implanted deeply in our real life. Network processing becomes an emerging problem that...
Main Authors: | , |
---|---|
Other Authors: | |
Format: | Others |
Language: | en_US |
Published: |
2004
|
Online Access: | http://ndltd.ncl.edu.tw/handle/61175759367689093085 |
id |
ndltd-TW-092NTHU5442003 |
---|---|
record_format |
oai_dc |
collection |
NDLTD |
language |
en_US |
format |
Others
|
sources |
NDLTD |
description |
博士 === 國立清華大學 === 電機工程學系 === 92 === With the rapid advance in communication technology, the use of networks and communication
facilities for transmitting information between people, companies or countries has been implanted
deeply in our real life. Network processing becomes an emerging problem that needs to be dealt
with in the computer system. The ability to properly serve heavy traffic on internet through network
equipments is now provided by a fast network processing chip. The security of communications,
originally a problem of government, military or privileged organizations, becomes one of
the major concerns among individuals and corporations. There is an increasing demand in network
processing, including the security processing.
This thesis describes the development of an advanced cryptographic processor (an analogous term
is security processor, which is also used in the rest of the thesis). As a coprocessor of a CPU
or a network processor (NPU), the cryptographic processor reduces the load of the host by providing
the computing power of security processing. Due to the heterogeneous characteristic in
cryptographic functions, our design is based on the core-based design methodology. The cryptographic
functions have been specified first and implemented with crypto-engines. Base on these
basic building blocks, a scalable architecture is provided to integrate these crypto-engines into a
cryptographic processor.
First, cryptographic functions such as AES, RSA, HMAC algorithms and Random Number Generation
are selected to be the algorithms that our cryptographic processor supports. We propose a
high-throughput low-cost AES processor design. The S-Box of the AES algorithm is implemented
based on the composite field arithmetic. The area overhead can be greatly reduced compared with
the table look-up method. The key expansion procedure is implemented by the proposed on-the-fly
key generation hardware, which further removes the need of on-chip memory. This cost-effective
implementationwill be used as a crypto-engine for our cryptographic processor later. Other cryptoengines,
such as RSA, HMAC and RNG are contributed by oother members in our research group. Based on the experience on AES implementation, we also proposed a configurable AES processor
for extended security requirement. The parameters within the round function of AES algorithm can
be reconfigured on-line to become an extended AES cipher. Our architecture has relatively low area
overhead and rapid reconfiguration capability. When embedded in a communication system, the
security level can be further enhanced.
In the second phase, each crypto-engine is wrapped with an AHB slave interface. With the help of
an on-chip AHB, we develop a descriptor-based DMA module to integrate all the crypto-engines.
The DMA-like interface makes our cryptographic processor capable of loading the data automatically,
to be processed by specified crypto-engines, and transferring the result back to the system
memory. The host processor only needs to generate proper descriptors for it. In our architecture,
the number of channels in the DMA interface and the number of internal crypto-engines can be
easily configured to fit in different systems. The SOC Test Aid Console (STEAC) is also employed
to ease the test integration problem in our design.
Finally, we propose a graph-based method to solve the power-constrained test scheduling problem,
which is an important issue among test integration. The relationship between the test schedule
of a core-based design and the test access mechanism (TAM) design is investigated by our graph
model. We present a heuristic algorithm that can effectively assign TAM wire to each core, given
the test order. With the help of tabu search and graph model, the proposed algorithm allows rapid
exploration of the solution space. Experimental result for ITC02 benchmarks show that short
test length is achieved within reasonable computing time. This method can also solve the test
scheduling problem of our cryptographic processor.
|
author2 |
Cheng-Wen Wu |
author_facet |
Cheng-Wen Wu Chih-Pin Su 蘇持平 |
author |
Chih-Pin Su 蘇持平 |
spellingShingle |
Chih-Pin Su 蘇持平 Design and Test of an Advanced Cryptographic Processor |
author_sort |
Chih-Pin Su |
title |
Design and Test of an Advanced Cryptographic Processor |
title_short |
Design and Test of an Advanced Cryptographic Processor |
title_full |
Design and Test of an Advanced Cryptographic Processor |
title_fullStr |
Design and Test of an Advanced Cryptographic Processor |
title_full_unstemmed |
Design and Test of an Advanced Cryptographic Processor |
title_sort |
design and test of an advanced cryptographic processor |
publishDate |
2004 |
url |
http://ndltd.ncl.edu.tw/handle/61175759367689093085 |
work_keys_str_mv |
AT chihpinsu designandtestofanadvancedcryptographicprocessor AT sūchípíng designandtestofanadvancedcryptographicprocessor AT chihpinsu mìmǎchùlǐqìzhīshèjìyǔcèshì AT sūchípíng mìmǎchùlǐqìzhīshèjìyǔcèshì |
_version_ |
1717732162424274944 |
spelling |
ndltd-TW-092NTHU54420032015-10-13T13:08:03Z http://ndltd.ncl.edu.tw/handle/61175759367689093085 Design and Test of an Advanced Cryptographic Processor 密碼處理器之設計與測試 Chih-Pin Su 蘇持平 博士 國立清華大學 電機工程學系 92 With the rapid advance in communication technology, the use of networks and communication facilities for transmitting information between people, companies or countries has been implanted deeply in our real life. Network processing becomes an emerging problem that needs to be dealt with in the computer system. The ability to properly serve heavy traffic on internet through network equipments is now provided by a fast network processing chip. The security of communications, originally a problem of government, military or privileged organizations, becomes one of the major concerns among individuals and corporations. There is an increasing demand in network processing, including the security processing. This thesis describes the development of an advanced cryptographic processor (an analogous term is security processor, which is also used in the rest of the thesis). As a coprocessor of a CPU or a network processor (NPU), the cryptographic processor reduces the load of the host by providing the computing power of security processing. Due to the heterogeneous characteristic in cryptographic functions, our design is based on the core-based design methodology. The cryptographic functions have been specified first and implemented with crypto-engines. Base on these basic building blocks, a scalable architecture is provided to integrate these crypto-engines into a cryptographic processor. First, cryptographic functions such as AES, RSA, HMAC algorithms and Random Number Generation are selected to be the algorithms that our cryptographic processor supports. We propose a high-throughput low-cost AES processor design. The S-Box of the AES algorithm is implemented based on the composite field arithmetic. The area overhead can be greatly reduced compared with the table look-up method. The key expansion procedure is implemented by the proposed on-the-fly key generation hardware, which further removes the need of on-chip memory. This cost-effective implementationwill be used as a crypto-engine for our cryptographic processor later. Other cryptoengines, such as RSA, HMAC and RNG are contributed by oother members in our research group. Based on the experience on AES implementation, we also proposed a configurable AES processor for extended security requirement. The parameters within the round function of AES algorithm can be reconfigured on-line to become an extended AES cipher. Our architecture has relatively low area overhead and rapid reconfiguration capability. When embedded in a communication system, the security level can be further enhanced. In the second phase, each crypto-engine is wrapped with an AHB slave interface. With the help of an on-chip AHB, we develop a descriptor-based DMA module to integrate all the crypto-engines. The DMA-like interface makes our cryptographic processor capable of loading the data automatically, to be processed by specified crypto-engines, and transferring the result back to the system memory. The host processor only needs to generate proper descriptors for it. In our architecture, the number of channels in the DMA interface and the number of internal crypto-engines can be easily configured to fit in different systems. The SOC Test Aid Console (STEAC) is also employed to ease the test integration problem in our design. Finally, we propose a graph-based method to solve the power-constrained test scheduling problem, which is an important issue among test integration. The relationship between the test schedule of a core-based design and the test access mechanism (TAM) design is investigated by our graph model. We present a heuristic algorithm that can effectively assign TAM wire to each core, given the test order. With the help of tabu search and graph model, the proposed algorithm allows rapid exploration of the solution space. Experimental result for ITC02 benchmarks show that short test length is achieved within reasonable computing time. This method can also solve the test scheduling problem of our cryptographic processor. Cheng-Wen Wu 吳誠文 2004 學位論文 ; thesis 149 en_US |