Efficient and High Speed FPGA Bump in the Wire Implementation for Data Integrity and Confidentiality Services in the IoT

Data integrity is a term used when referring to the accuracy and reliability of data. It ensures that data is identically maintained during any operation, such as transfer, storage, or retrieval. Any changes to data, for example malicious intention, unpredicted hardware failure or human error would results in failure of data integrity. Cryptographic hash functions are generally used to provide for the verification of data integrity. The Internet of Things (IoT) is a world where billions of objects can sense, share information and communicate over interconnected public or private Internet Protocol (IP) networks. As the adoption of IoT becomes pervasive, the quantity of data that is captured and stored becomes larger. For many IoT applications, hardware implementations of cryptographic hash algorithms will be needed to provide high speed and near real time data integrity checking. ASICs and FPGAs are the two hardware platforms that can be used for these implementations. Currently FPGA is seen as the best leading platform of the modern era in terms of flexibility, reliability and re-configurability. In this chapter an efficient high speed FPGA implementation of the newly selected hash algorithm, SHA-3, is proposed. This high speed implementation can be used with IoT applications to provide near real time data integrity checks. In addition an efficient FPGA based implementation of the Advanced Encryption Standard (AES) is provided. The provision of these FPGA based implementations allows both data integrity and data confidentiality to be provided for high speed IoT applications in addition to enabling low cost Bump In The Wire (BITW) technology to be provided for Internet Protocol Security (IPSec) provision for all IoT applications.

[1]  M. McLoone,et al.  A single-chip IPSEC cryptographic processor , 2002, IEEE Workshop on Signal Processing Systems.

[2]  Marc Stevens,et al.  Fast Collision Attack on MD5 , 2006, IACR Cryptol. ePrint Arch..

[3]  John W. Lockwood,et al.  IPSec implementation on Xilinx Virtex-II Pro FPGA and its application , 2005, 19th IEEE International Parallel and Distributed Processing Symposium.

[4]  B Guido,et al.  Cryptographic sponge functions , 2011 .

[5]  Jens-Peter Kaps,et al.  Efficient Hardware Accelerator for IPSec Based on Partial Reconfiguration on Xilinx FPGAs , 2011, 2011 International Conference on Reconfigurable Computing and FPGAs.

[6]  Patrick Schaumont,et al.  Side-Channel Analysis of MAC-Keccak , 2013, 2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[7]  Elfed Lewis,et al.  Security for wireless sensor networks: A review , 2009, 2009 IEEE Sensors Applications Symposium.

[8]  V. Piuri,et al.  IPSec hardware resource requirements evaluation , 2005, Next Generation Internet Networks, 2005.

[9]  Ian Grout,et al.  AES implementation on Xilinx FPGAs suitable for FPGA based WBSNs , 2015, 2015 9th International Conference on Sensing Technology (ICST).

[10]  Marian Srebrny,et al.  A SAT-based preimage analysis of reduced Keccak hash functions , 2013, Inf. Process. Lett..

[11]  Tim Güneysu,et al.  IPSecco: A lightweight and reconfigurable IPSec core , 2012, 2012 International Conference on Reconfigurable Computing and FPGAs.

[12]  Xiangmin Zhang,et al.  An IPSec Accelerator Design for a 10Gbps In-Line Security Network Processor , 2013, J. Comput..

[13]  Morris J. Dworkin,et al.  SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions , 2015 .

[14]  Dengguo Feng,et al.  Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD , 2004, IACR Cryptol. ePrint Arch..

[15]  Tim Güneysu,et al.  DSPs, BRAMs and a Pinch of Logic: New Recipes for AES on FPGAs , 2008, 2008 16th International Symposium on Field-Programmable Custom Computing Machines.