an encryption-enabled network protocol accelerator

22
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp- microelectronics.com © 2008 - All rights reserved An Encryption-Enabled Network Protocol Accelerator Steffen Peter, Mario Zessack, Frank Vater, Goran Panic, Horst Frankenfeldt, and Michael Methfessel

Upload: taurus

Post on 11-Feb-2016

63 views

Category:

Documents


0 download

DESCRIPTION

An Encryption-Enabled Network Protocol Accelerator. Steffen Peter, Mario Zessack, Frank Vater, Goran Panic, Horst Frankenfeldt, and Michael Methfessel. Outline. Motivation TCP General Hardware Design Cryptographic Accelerators Implementation Conclusions . Motivation. - PowerPoint PPT Presentation

TRANSCRIPT

Page 1: An Encryption-Enabled  Network Protocol Accelerator

IHPIm Technologiepark 2515236 Frankfurt (Oder)

Germany

IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2008 - All rights reserved

An Encryption-Enabled Network Protocol Accelerator

Steffen Peter, Mario Zessack, Frank Vater, Goran Panic, Horst Frankenfeldt, and Michael Methfessel

Page 2: An Encryption-Enabled  Network Protocol Accelerator

IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2008 - All rights reserved

Outline

• Motivation

• TCP

• General Hardware Design

• Cryptographic Accelerators

• Implementation

• Conclusions

Page 3: An Encryption-Enabled  Network Protocol Accelerator

IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2008 - All rights reserved

Motivation

Wireless sensor network

Tiny sensor nodesCluster head

Internet

• standard TCP • high data rates• security• low energy

Page 4: An Encryption-Enabled  Network Protocol Accelerator

IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2008 - All rights reserved

Motivation

• Increasing amount of data • even in mobile and ubiquitous scenarios • need for good transport performance

• Low cost• Small silicon area• Energy efficient

• Need for security• Secrecy, Integrity, Reliability

• Support of standard protocols• TCP (transport)• AES (data encryption)• ECC/ECDSA (signature, key agreement)

Is dedicated hardware the solution?

Page 5: An Encryption-Enabled  Network Protocol Accelerator

IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2008 - All rights reserved

TCP

• Standard transport protocol of the Internet• Connection-based protocol

- Three-way handshake- Complicated connection tear-down

• Basic data integrity mechanism- Checksum

• Error correction mechanisms- Fast retransmit, slow (re-)start, many others

• Flow control- Buffer and congestion control

• No actual security mechanisms

Page 6: An Encryption-Enabled  Network Protocol Accelerator

IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2008 - All rights reserved

TCP – Profiling Results

Transmit Receive

Page 7: An Encryption-Enabled  Network Protocol Accelerator

IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2008 - All rights reserved

TCP Profiling – Implications

• Copying data consumes most time and energy• Reduce copy operations as much as possible

• Protocol handling needs merely 1/5th of the total computation• Is it worth hard-wiring the TCP state machines in hardware?• Trade-off performance flexibility

• Checksum is the most expensive computation• The obvious dedicated hardware unit• How to integrate in the data flow?

• Memory allocation needs more than 5 percent of time• Can a dedicated unit help here?

Page 8: An Encryption-Enabled  Network Protocol Accelerator

IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2008 - All rights reserved

TCP Profiling – Our Answers• One copy architecture

• Data is copied directly from the peripheral handler to the right memory location (assigned by CPU)

• During this one copy operation other operational blocks (checksum, encryption) listen on the bus and do their work

• MIPS CPU performs complicated (but low effort) TCP logic• Connection build-up/tear-down, error handling, congestion control• Software handling allows protocol variations and debugging

• Dedicated checksum-block• checksum block computes checksum during the one copy operation

• No dedicated memory manager unit• Hard-wired memory manager reduces time by 77 percent (from 5%1%)• BUT high hardware costs (300 flip-flops) and lack of flexibility

Page 9: An Encryption-Enabled  Network Protocol Accelerator

IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2008 - All rights reserved

General Design

CPU

Host interface handler

to Host

SRAM

RF Data I/O

to MAC/PHY

Checksum

System Bus

• MIPS CPU handles complex protocols.

• CPU never touches payload

• Internal 32 kByte SRAM stores packets.

• AMBA bus connects system components.

• Standard bus system allows modular approach.• Periperhal bus (APB) connects GPIO, UART, SPI ports.

• System concept: interacting independent units.• Units exchange commands and status using register file.• General-purpose formalism for command/status syntax.

Page 10: An Encryption-Enabled  Network Protocol Accelerator

IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2008 - All rights reserved

• Packet received and Checksum ok?

General Design - Flow

CPU

Host interface handler

to Host

SRAM

RF Data I/O

to MAC/PHY

Check-sum

System Bus

• Incoming packet

• Basic header processing• Select memory slot for packet

Sleeps

Wakeup

• Full header processing• Window update• Alloc memory slot for next packet• Signal application

Page 11: An Encryption-Enabled  Network Protocol Accelerator

IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2008 - All rights reserved

Results (Performance and power consumption)

• Simulation results: split power among different entities.• Maximal data rate in pure software on MIPS is 20.7 Mbit/sec.• Hardware accelerators reduce load on CPU and save 50% of power.• Maximal data rate with hardware accelerators is 40 Mbit/sec.

Case Rate CPU CPU AMBA Reg- Card- EPP/ Total (Mb/sec) active bus file bus UA powerSW 20.7 100% 60 14 7 4 4 89 mWHW 20.7 15% 9 14 7 4 12 46 mWHW 40.0 31% 18 14 7 4 12 55 mW

• Measured power consumption is 2.5 times simulated power. • Measured power includes pads.• Consumed power varies for different production runs.

Page 12: An Encryption-Enabled  Network Protocol Accelerator

IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2008 - All rights reserved

Cryptographic Accelerators

• AES (Advanced Encryption Standard)• Symmetric stream cipher• Suitable for low-power high-throughput data streams• Standardized in November 2000

(NIST/National Institute for Standards and Technology; USA)• Input data length: 128 bit; key length: 128, 196, 256 bit• Assumed to be secure for the next 70 years

• ECC (Elliptic Curve Cryptography)• Asymmetric cryptography• Suitable signatures and key-establishment• Key length 160-571 bit (NIST standard)

Page 13: An Encryption-Enabled  Network Protocol Accelerator

IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2008 - All rights reserved

Advanced Encryption Standard (AES)

• Huge design space• Sharing S-Boxes reduces performance but leads to smaller designs• Pipelining and Parallelism boost performance – but cost area and energy

Data

Key

xor S-Box Shiftrow

MixColumn

Calckey

Output data

10 Rounds

I H PM i c ro e l ec t r o

17

84 30 AE

97 38 AD 43

58 7A 0E

67 CF FE 80

CB

S E CR E TK E Y

Page 14: An Encryption-Enabled  Network Protocol Accelerator

IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2008 - All rights reserved

AES - Results

• Throughput: ~52 MBit/s @33 Mhz (includes input and output of the data blocks)

• Size: 0.336mm² in 0.25 CMOS (8,450 equivalent gates)• 70 clock cycles per 128 bit data block for en-/decryption• 72 times faster than software implementation on MIPS (33 MHz)

and it requires 0.4% energy of the software solution

Company Size Gates

Clock cycles

Clock frequency

Throughput

Elliptic Semi: AES 8.000 +1.400 bit Memory

379 100 MHz 33,7 Mbit/s

IHP AES 8.450 70 66 MHz 108MBit/s

IAIK Graz 8.930 64 64 MHz 128MBit/s

Page 15: An Encryption-Enabled  Network Protocol Accelerator

IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2008 - All rights reserved

Elliptic Curve Cryptography (ECC)

• Asymmetric cryptography• Basis for many key exchange and signature algorithms (ECDSA)

• Trapdoor : Elliptic Curve Point Multiplication• one can compute: Q = kP• it is infeasible to determine k for given Q and P

• Higher security with shorter key lengths• about 1/10th of RSA’s key size

• Still operations on Elliptic Curves are expensive• one 233 bit EC Point multiplication needs:

1200 additions, 1500 multiplications, 800 squarings, 1 division (233 bit each in the finite field)

Page 16: An Encryption-Enabled  Network Protocol Accelerator

IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2008 - All rights reserved

ECC - Design

•Asymmetric cryptography

•Trapdoor : Elliptic Curve Point Multiplication– one can compute: Q = kP– it is infeasible to determine k for given Q and P

• Utilization 95%15%

50%• Area70%5%

20%

Page 17: An Encryption-Enabled  Network Protocol Accelerator

IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2008 - All rights reserved

ECC – Implementation Results• Time for one ECPM (233 bit):

• MIPS: 410 ms• HW: 0.4 ms

• Energy for one ECPM (233 bit):• MIPS: 16 mWs• HW: 0.03 mWs

Company Size KGates

Energy mWs

Time/Opms

Technology used

Elliptic Semi: B-233 71 0.14 6.68 0.13µm

IBM B-163 117 - 0.19 0.13µm

IHP B-233 72-42 0.02-0.04 0.08-0.35 0.25µm

Page 18: An Encryption-Enabled  Network Protocol Accelerator

IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2008 - All rights reserved

Implemented Chip (Design)

MIPSProcessor

Core

I-Cache(16 kB)

Brid

ge(M

aste

r)

SRAM (32 kB)

&

CardBus(Master)

UART

UART 0 (Master)

CardBus (Linux/Windows Host)

Sum1

AMBA AHB Bus

AES

SRAM

FlashD-SPRAM

(8 kB)

Memory Controller(AHB Slave)

Internal SRAM (32 kB)

Registers&

Control

Data I/O Control (Master)Packet Filter / Checksum

GPIO

Serial 1+2

CheckSum

CPU Control Bus

AES / MD5

Data I/O

UARTEPPECC

GPIOBrid

geEJTAG(Debug)

Page 19: An Encryption-Enabled  Network Protocol Accelerator

IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2008 - All rights reserved

Implemented Chip (Chip Photo)

Size: 7.3 x 7.4 mm (54 mm²)Core: 44 mm² Pads: 219 in QFP256 packageTransistors: 4.8 M in 0.25μmPacket SRAM: 32 kByteInstruction cache: 16 kByteData scratchpad: 8 kByte

Page 20: An Encryption-Enabled  Network Protocol Accelerator

IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2008 - All rights reserved

Implementation (Test Board)

Allows:

• Testing the implementation in practice

• Tests of interoperability• Performance tests• Energy measurements

Page 21: An Encryption-Enabled  Network Protocol Accelerator

IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2008 - All rights reserved

Conclusions

• Profiling of TCP/IP code identified bottlenecks• TCP checksum and copying use 90% of power.• High data rate needs hardware accelerators.

• Chip is a hardware solution for TCP/IP handling• Takes care of middle protocol layers efficiently.

• AMBA-based bus as prototype for modular systems• Assemble different systems quickly.• Pre-tested components lead to reliability.

• Cryptographic components allow security for low-cost• Designs for AES and ECC improve performance and energy consumption

for security operations by three orders of magnitute.• TCP chip creates basis for further developments

• Extension to higher data rates (Gbit/sec).• Use as component of complex single-chip systems.

Page 22: An Encryption-Enabled  Network Protocol Accelerator

IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2008 - All rights reserved

Thank You

Questions?

[email protected]