Efficient Hardware Accelerator for IPSec Based on Partial Reconfiguration on Xilinx FPGAs

In this paper we present a practical low-end embedded system solution for Internet Protocol Security (IPSec) implemented on the smallest Xilinx Field Programmable Gate Array (FPGA) device in the Virtex 4 family. The proposed solution supports the three main IPSec protocols: Encapsulating Security Payload (ESP), Authentication Header (AH) and Internet Key Exchange (IKE). This system uses efficiently hardware-software co-design and partial reconfiguration techniques. Thanks to utilization of both methods we were able to save a significant portion of hardware resources with a relatively small penalty in terms of performance. In this work we propose a division of the basic mechanisms of IPSec protocols, namely cryptographic algorithms and their modes of operation to be implemented either in software or hardware. Through this, we were able to combine the high performance offered by a hardware solution with the flexibility of a software implementation. We show that a typical IPSec protocol configuration can be combined with Partial Reconfiguration techniques in order to efficiently utilize hardware resources.

[1]  Marc Joye,et al.  The Montgomery Powering Ladder , 2002, CHES.

[2]  Abraham Silberschatz,et al.  Operating System Concepts , 1983 .

[3]  Çetin Kaya Koç,et al.  About Cryptographic Engineering , 2008, Cryptographic Engineering.

[4]  Jens-Peter E Kaps,et al.  Cryptography for Ultra-Low Power Devices , 2006 .

[5]  John W. Lockwood,et al.  IPSec implementation on Xilinx Virtex-II Pro FPGA and its application , 2005, 19th IEEE International Parallel and Distributed Processing Symposium.

[6]  D. B. Davis,et al.  Sun Microsystems Inc. , 1993 .

[7]  George Theodoridis,et al.  High-Speed FPGA Implementation of Secure Hash Algorithm for IPSec and VPN Applications , 2006, The Journal of Supercomputing.

[8]  Thomas J. DeLong,et al.  Xilinx, Inc. (A) , 2003 .

[9]  Erkay Savas,et al.  Parametric, Secure and Compact Implementation of RSA on FPGA , 2008, 2008 International Conference on Reconfigurable Computing and FPGAs.

[10]  Kris Gaj,et al.  FPGA and ASIC Implementations of AES , 2009, Cryptographic Engineering.

[11]  Ahmad Salman IPsec Implementation in Embedded Systems for Partial Recon gurable Platforms , 2011 .

[12]  M. McLoone,et al.  A single-chip IPSEC cryptographic processor , 2002, IEEE Workshop on Signal Processing Systems.

[13]  Daisuke Suzuki,et al.  How to Maximize the Potential of FPGA Resources for Modular Exponentiation , 2007, CHES.

[14]  Harris E. Michail,et al.  High Throughput Hardware/Software Co-Design Approach for SHA-256 Hashing Cryptographic Module In IPSec/IPv6 , 2010 .

[15]  Patrick Schaumont,et al.  A Practical Introduction to Hardware/Software Codesign , 2010 .

[16]  Holger Orup,et al.  Simplifying quotient determination in high-radix modular multiplication , 1995, Proceedings of the 12th Symposium on Computer Arithmetic.

[17]  Stamatis Vassiliadis,et al.  Improving SHA-2 Hardware Implementations , 2006, CHES.