FPGA BASED CRYPTOGRAPHY

1
FPGA BASED CRYPTOGRAPHY

• By,
• Sai Ranganath Srinivasan
• Srihari Sridharan

2
Papers Discussed

• How Secure Are FPGAs in Cryptographic
  Applications
• Thomas Wollinger and Christof Paar
• An Adaptive Cryptographic Engine for IPSec
  Architectures
• Andreas Dandalis and Viktor K. Prasanna

3
General Flow

• Section 1 Introduction
• Section 2 Algorithm Discussion
• Section 3 Advantages and Shortcomings of
  FPGA
• Section 4 Adaptive Cryptographic Engine

4
Section 1 Introduction
5
Cryptographic Goals

• Cryptography
• study of mathematical techniques related to
  aspects of information security.
• Confidentiality
• helps to keep content of information from
  snoopers.
• numerous approaches ranging from physical
  protection to mathematical algorithms
• Data integrity
• addresses the unauthorized alteration of data.
• must have the ability to detect data manipulation
  by unauthorized parties(such insertion, deletion,
  and substitution)

6
Cryptographic Goals

• Authentication
• related to identification of both entities and
  information itself.
• two major classes entity authentication and data
  origin authentication.
• Non-repudiation
• prevents an entity from denying previous
  commitments or actions.
• disputes arise due to entity denying certain
  actions
• means to resolve situation is necessary

7
Encryption and Decryption

• Encryption and Decryption
• process of transforming information and make it
  unreadable
• special knowledge called key required to read it
• encryption also implicitly refers to the reverse
  process decryption
• make the encrypted information readable again
  (i.e. to make it unencrypted).
• Two types Of Encryption Algorithm
• Private Key Algorithm
• Public Key Algorithm

8
Section 2 Algorithm Discussion
9
Symmetric Key Algorithm

• Symmetric-key algorithms
• Class of algorithms that use trivially related or
  identical cryptographic keys for both decryption
  and encryption.
• The keys represent a shared secret between two or
  more parties.
• Divided into two types of algorithms
• Block Ciphers
• Stream Ciphers

10
Block Ciphers

• Block Cipher
• operates on fixed-length groups of bits, termed
  blocks, with an unvarying transformation.
• takes an input secret key.
• takes blocks of plain texts as inputs and
  combines it with the key to give an output cipher
  text.

11
Stream Cipher

• Stream Cipher
• plaintext bits combined with pseudorandom bit
  stream (keystream)
• typically XOR operation.
• plaintext digits are encrypted one at a time

12
Public Key Algorithm

• Public-key cryptography
• known as asymmetric cryptography
• a user has a pair of cryptographic keys - a
  public key and a private key.
• private key kept secret, public key may be widely
  distributed.
• keys are mathematically related
• private key cannot be derived based on the public
  key.
• message encrypted with the public key can be
  decrypted only with the corresponding private
  key.

13
Public Key Algorithm

• A message encrypted with a recipient's public
  key cannot be decrypted by anyone except the
  recipient possessing the corresponding private
  key. This is used to ensure confidentiality.

14
Symmetric Key Advantages

• have higher rates of data throughput when
  compared to public keys.
• hardware implementations achieve encrypt rates of
  hundreds of megabytes per second
• software implementations attain throughput rates
  in the megabytes per second
• much less computationally intensive than public
  key algorithm.
• key generation is the main draw back

15
DES Algorithm

• a block cipher
• takes a fixed-length string of plaintext bits
• performs a series of complicated operations and
  gives another cipher text bitstring of the same
  length.
• block size is 64-bits
• key is 64 bits, 56-bits used for encryption and 8
  bits used for parity checks.

16
Limitations of DES and AES

• relatively small 56-bit key.
• vulnerable to Brute Force Attacks.
• keys have been broken in less than 24 hours.
• designed primarily for hardware, so software
  implementation was really slow.
• gave way to AES algorithm
• 5 algorithms considered as finalist (from about
  15)
• Rjandel
• RC6
• MARS
• Serpent
• Two Fish

17
Rjandel

• Overview
• 128 bit block size
• key sizes of 128, 192 or 256 bytes.
• operates on 4x4 array of bytes called as states.
• calculations are done on a special finite field
  GF.

• Algorithm Steps
• Key Expansion- Rijndael's key schedule
• Initial Round
• Add Round key
• Rounds (9 times)
• SubBytes- a non-linear substitution step each
  byte replaced with another according to a lookup
  table.
• Shift Rows- a transposition step each row of the
  state shifted cyclically a certain number of
  steps.
• Mix Columns- a mixing operation operates on
  columns of state, combining four bytes in each
  column
• Add Round Key- each byte of the state combined
  with round key each round key derived from the
  cipher key using a key schedule.
• Final Round- No Mixing Rows

18
High Level Algorithm
19
Twofish

• Twofish is a symmetric key block cipher.
• block size of 128 bits
• key sizes up to 256 bits.
• uses of pre-computed key-dependent S-boxes and a
  relatively complex key schedule.

20
Serpent

• Serpent symmetric key block cipher.
• block size of 128 bits.
• key sizes up to 128, 192 and 256 bits.
• a 32-round substitution-permutation network
  operating on blocks of four 32-bit words
• in each round one of the eight 4-bit by 4-bit
  S-Boxes applied 32 times in parallel.
• designed so that all operations can be executed
  in parallel, using 32 1-bit slices.
• lost to Rjandel it was most conservative approach
  that was most computation intensive

21
RC6 and MARS

• RC6 is a symmetric key block cipher.
• block size of 128 bits.
• key sizes up to 128, 192 and 256 bits.
• can be parameterised to support a wide variety of
  word lengths, key sizes and rounds.
• uses data-dependent rotations, modular addition
  and XOR operations.

• MARS is a block cipher that was developed by IBM.
• block size of 128-bits.
• variable key lengths between 128 and 448 bits (in
  32-bit increments).

22
Section 3 Advantages and Shortcomings of FPGAs
23
Software and Hardware Based Cryptography

• Software
• Pros
• Ease of Upgrade
• Portability
• Flexibility
• Cons
• Limited Physical Security
• Less throughput
• Greater key latency time
• Does not use inherent parallelism

• Hardware
• Pros
• Good physical security
• Very high throughput
• Very less key latency time
• Uses inherent parallelism
• Cons
• Inflexible
• Cannot be used for different parameters.

24
FPGA Based Cryptography

• advantages of both the hardware and software
• lesser performance than ASICs
• much better than software
• flexible (configured dynamically)
• very high throughput
• very less key latency time
• exploit inherent parallelism in the algorithms
• match very well for operations required for
  private key
• Eg bit-permutations, bit- substitution etc.

25
Why FPGAS for Cryptography

• Algorithm agility switching algorithms during
  operation.
• Algorithm Upload modifications of algorithm
  easily uploaded.
• Algorithm modification The parameters can be
  varied during runtime.
• Eg vary the key length.
• Architecture efficiency hardware architecture
  much more efficient when designed for specific
  set of parameters.
• FPGAs designed and optimized for different
  parameters
• Throughput slower than ASICs but faster than
  s/w
• Cost cost and time for implementing lesser than
  ASICs

26
Security Shortcomings of FPGAs

• general objective of any attacker is to extract
  the encryption key.
• enables him to decrypt the message details.
• general types of attacks possible on FPGAs
• Black Box Attack
• Read Back Attack
• Cloning of SRAM FPGAs
• Physical Attack
• Side Channel Attack

27
Black Box Attack

• Cause
• method of reverse engineering a chip.
• all possible combinations of inputs are fed and
  the corresponding outputs are saved
• logic of chip is extracted from resulting table
  using techniques like K-Map or any other
  algorithm.
• affects smaller FPGAs

• Prevention
• not a real threat nowadays because of the
  complexity of the FPGAs
• AES algorithm uses a 128-bit key.
• not practical to make a brute force attack when
  there are more than 280 possible combinations.

28
Read Back Attack

• Cause
• read back is a feature in FPGAs
• gives configuration of the FPGA that helps in
  debugging
• needs security bits provided by the manufacturer.
• attacker can induce a fault and deactivate the
  key or use other counter measures to extract the
  configuration and get the key.

• Prevention
• security bits can be used to prevent these
  attacks.
• FPGA has to be in a secure environment.
• if any fault or interference has been detected
  then the entire configuration should be deleted
  or FPGA has to be destroyed.

29
Cloning of SRAM FPGAs

• Cause
• configuration data is stored in external memory.
• transmitted during power up to configure the FPGA
• attacker can extract the information during this
  transmission

• Prevention
• best solution is to have a on-chip RAMs
• prevents transmission of data from an external RAM

30
Physical Attack

• Cause
• investigates the chip design to get information
  about the algorithm.
• secret key is extracted by probing points inside
  the chip.
• requires complex methods like focussed ion beam
  technique.

• Prevention
• no known prevention technique.
• this attack is only possible for huge
  organizations.
• FPGA should be kept isolated and made
  inaccessible to outsiders

31
Side Channel Attack

• Cause
• any physical implementation might leak unwanted
  information
• this could relate to power, timing or
  electromagnetic radiation
• two known attacks- Simple Power Ananlysis and
  Differential Power Analysis.

• Prevention
• there are no known techniques for FPGAs yet.
• common technique is to isolate the FPGA from
  outsiders.

32
Section 4 Adaptive Cryptographic Engine
33
Adaptive Cryptographic Engine

• ACE adapts to diverse security parameters on the
  fly
• gives very high throughput when compared to
  software
• decreased Key Setup latence time
• gives a throughput speed up or 4-20 times
• key- setup latency time reduced by 20-700 times
• gives a compression technique to decrease the
  memory requirements

34
Architecture

• The ACE consists of
• The Cryptographic Library
• Configuration Controller
• The Core FPGA

35
Cryptographic Library

• consists of a list of FPGA configurations for
  different cryptographic algorithm stored in the
  memory.
• ACE can adapt to different configurations based
  on the Security Associations during runtime.
• library can be updated for new configurations by
  updating the memory contents.
• this is the key problem in designing the ACE
• minimal memory has to be used in order to reduce
  the cost.

36
Configuration Controller and FPGA

• FPGA
• core of ACE is the virtex based FPGA.
• FPGA is programmed on the fly to attain vey high
  throughputs and very low Key setup latency time.

• Configuration Controller
• FPGA is configured on the fly by the
  configuration controller.
• determines the configuration to be chosen based
  on the SA.
• resolves external requests.

37
AES Performance Evaluation

• key performance metrics are throughput and key
  setup latency.
• key Latency denotes the time required to adapt to
  an input key.
• throughput refers to the amount of data
  encrypted/ decrypted per unit time.
• in software the cryptography process cannot start
  till the key for all rounds is completed.
• on FPGA the cryptography process can start as
  soon as the key for the first round is available
  both the processes can happen at the same time.
• key latency is reduced.

38
AES Performance Evaluation

• five final candidates implemented on virtex based
  FPGA.
• speed up comparison made based on the software
  execution on a 64 MB RAM 200 MHZ Pentium
  processor.

39
Configuration Compression

• a dictionary based technique
• compressed config. stored in memory and
  decompressed at runtime.
• encodes variable length strings of symbols as
  single code words.
• code words form an index to a phrase dictionary.
• uses the LZW scheme.
• dictionary corresponds to configuration data
• index corresponds to way a configuration is
  synthesized
• dictionary and index for each algorithm is
  created in phase 1
• repeating phrases further compressed to decrease
  the memory in phase 2
• superior compression ratios obtained when
  compared to normal LZ based scheme (compress,
  gzip etc)

40
Compression Results
41
Conclusions

• FPGAs can be used efficiently to exploit the
  inherent parallelism present in encryption
  algorithms
• 4-20 times speed up in throughputs achieved
• 20-700 times reduction in key latency achieved
• 40 reduction in memory was achieved using the
  compression technique