论文信息 - Java cryptography on KVM and its performance and security optimization using HW/SW co-design techniques

Java cryptography on KVM and its performance and security optimization using HW/SW co-design techniques

This paper describes a design approach to include and optimize Java based cryptographic applications into resource limited embedded devices.For easy prototyping and to be platform independent, the security applications are first developed in Java. Two Java cryptographic libraries, the Bouncy Castle API and the IAIK API are ported to a real embedded device for cost and performance evaluation. It requires 0.88Mbytes to 1.2Mbytes in the KVM footprint size and a few milliseconds to run secret key algorithms and message digests on a typical embedded device.In a second step, the performance critical components of the security applications are moved to hardware acceleration units. The GEZEL design environment is used for the hardware modeling and the co-simulation between software on KVM and the hardware co-processor. Moving the AES algorithm from the SH3-DSP microprocessor to a hardware co-processor shows a performance gain of 10.4x including the overhead in Java, C, and hardware interfaces.Then in a third step, the security critical components are realized by means of a special dynamic differential logic (DDL) style, which makes the secure modules resistant against side channel attacks. All key related actions and cryptographic algorithms are restricted to the secure co-processor. The overall performance gain is 25x compared to a pure Java implementation.

Patrick Schaumont | Ingrid Verbauwhede | Yusuke Matsuoka | Kris Tiri

[1] Marc Renaudin,et al. High security smartcards , 2004, Proceedings Design, Automation and Test in Europe Conference and Exhibition.

[2] 염흥렬,et al. [서평]「Applied Cryptography」 , 1997 .

[3] Srivaths Ravi,et al. Tamper resistance mechanisms for secure embedded systems , 2004, 17th International Conference on VLSI Design. Proceedings..

[4] Siva Sai Yerubandi,et al. Differential Power Analysis , 2002 .

[5] Bernd Meyer,et al. Information leakage attacks against smart card implementations of cryptographic algorithms and count , 2000 .

[6] Srivaths Ravi,et al. Security as a new dimension in embedded system design , 2004, Proceedings. 41st Design Automation Conference, 2004..

[7] Ingrid Verbauwhede,et al. A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation , 2004, Proceedings Design, Automation and Test in Europe Conference and Exhibition.

[8] Michael Juntao Yuan. Enterprise J2ME: Developing Mobile Java Applications , 2003 .

[9] Ingrid Verbauwhede,et al. Securing Encryption Algorithms against DPA at the Logic Level: Next Generation Smart Card Technology , 2003, CHES.

[10] Catherine H. Gebotys. Design of secure cryptography against the threat of power-attacks in DSP-embedded processors , 2004, TECS.