An Energy-Efficient Reconfigurable DTLS Cryptographic Engine for Securing Internet-of-Things Applications

This paper presents the first hardware implementation of the datagram transport layer security (DTLS) protocol to enable end-to-end security for the Internet of Things (IoT). A key component of this design is a reconfigurable prime field elliptic curve cryptography (ECC) accelerator that is 238<inline-formula> <tex-math notation="LaTeX">$\times $ </tex-math></inline-formula> and 9<inline-formula> <tex-math notation="LaTeX">$\times $ </tex-math></inline-formula> more energy-efficient compared to software and state-of-the-art hardware, respectively. Our full hardware implementation of the DTLS 1.3 protocol provides 438<inline-formula> <tex-math notation="LaTeX">$\times $ </tex-math></inline-formula> improvement in energy-efficiency over software, along with code size and data memory usage as low as 8 and 3 KB, respectively. The cryptographic accelerators are coupled with an on-chip low-power RISC-V processor to benchmark applications beyond DTLS with up to two orders of magnitude energy savings. The test chip, fabricated in 65-nm CMOS, demonstrates hardware-accelerated DTLS sessions while consuming 44.08 <inline-formula> <tex-math notation="LaTeX">$\mu \text{J}$ </tex-math></inline-formula>/handshake and 0.89 nJ/byte of the encrypted data at 16 MHz and 0.8 V.

[1]  David Blaauw,et al.  A compact 446 Gbps/W AES accelerator for mobile SoC and IoT in 40nm , 2016, 2016 IEEE Symposium on VLSI Circuits (VLSI-Circuits).

[2]  Marc Joye,et al.  Compact Encoding of Non-adjacent Forms with Applications to Elliptic Curve Cryptography , 2001, Public Key Cryptography.

[3]  Johannes Wolkerstorfer,et al.  A Cryptographic Processor for Low-Resource Devices: Canning ECDSA and AES Like Sardines , 2011, WISTP.

[4]  Michael Hutter,et al.  Curved Tags - A Low-Resource ECDSA Implementation Tailored for RFID , 2014, RFIDSec.

[5]  Hugo Krawczyk,et al.  HMAC-based Extract-and-Expand Key Derivation Function (HKDF) , 2010, RFC.

[6]  Utsav Banerjee,et al.  Energy-efficient protocols and hardware architectures for transport layer security , 2017 .

[7]  Thomas Pornin Deterministic Usage of the Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA) , 2013, RFC.

[8]  Adam M. Izraelevitz,et al.  The Rocket Chip Generator , 2016 .

[9]  Peter Schwabe,et al.  NaCl's Crypto_box in Hardware , 2015, CHES.

[10]  Hannes Tschofenig,et al.  Securing the Internet of Things: A Standardization Perspective , 2014, IEEE Internet of Things Journal.

[11]  Quynh H. Dang,et al.  Secure Hash Standard | NIST , 2015 .

[12]  Alfred Menezes,et al.  Guide to Elliptic Curve Cryptography , 2004, Springer Professional Computing.

[13]  Morris J. Dworkin,et al.  SP 800-38D. Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC , 2007 .

[14]  Sean Turner,et al.  Transport Layer Security , 2014, IEEE Internet Computing.

[15]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[16]  Jörg Schwenk,et al.  Lessons Learned From Previous SSL/TLS Attacks - A Brief Chronology Of Attacks And Weaknesses , 2013, IACR Cryptol. ePrint Arch..

[17]  Sanu Mathew,et al.  53Gbps native GF(24)2 composite-field AES-encrypt/decrypt accelerator for content-protection in 45nm high-performance microprocessors , 2010, 2010 Symposium on VLSI Circuits.

[18]  Panu Hämäläinen,et al.  Design and Implementation of Low-Area and Low-Power AES Encryption Hardware Core , 2006, 9th EUROMICRO Conference on Digital System Design (DSD'06).

[19]  Sanu Mathew,et al.  53 Gbps Native ${\rm GF}(2 ^{4}) ^{2}$ Composite-Field AES-Encrypt/Decrypt Accelerator for Content-Protection in 45 nm High-Performance Microprocessors , 2011, IEEE Journal of Solid-State Circuits.

[20]  David Blaauw,et al.  Recryptor: A reconfigurable in-memory cryptographic Cortex-M0 processor for IoT , 2017, 2017 Symposium on VLSI Circuits.

[21]  Simon Heron,et al.  Encryption: Advanced Encryption Standard (AES) , 2009 .

[22]  John Kelsey,et al.  Recommendation for Random Number Generation Using Deterministic Random Bit Generators , 2014 .

[23]  Eric Rescorla,et al.  The Datagram Transport Layer Security (DTLS) Protocol Version 1.3 , 2020, RFC.

[24]  Tim Güneysu,et al.  Efficient Hardware Implementation of Finite Fields with Applications to Cryptography , 2006 .

[25]  Anantha Chandrakasan,et al.  eeDTLS: Energy-Efficient Datagram Transport Layer Security for the Internet of Things , 2017, GLOBECOM 2017 - 2017 IEEE Global Communications Conference.

[26]  Patrick Schaumont,et al.  State-of-the-art of secure ECC implementations: a survey on known side-channel attacks and countermeasures , 2010, 2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[27]  Andrew Waterman,et al.  The RISC-V Instruction Set Manual. Volume 1: User-Level ISA, Version 2.0 , 2014 .

[28]  Hector Gomez,et al.  A system-on-chip platform for the internet of things featuring a 32-bit RISC-V based microcontroller , 2017, 2017 IEEE 8th Latin American Symposium on Circuits & Systems (LASCAS).

[29]  Anantha Chandrakasan,et al.  An energy-efficient reconfigurable DTLS cryptographic engine for End-to-End security in iot applications , 2018, 2018 IEEE International Solid - State Circuits Conference - (ISSCC).

[30]  Yunsup Lee,et al.  The RISC-V Instruction Set Manual , 2014 .

[31]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.3 , 2018, RFC.

[32]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[33]  Wim Dehaene,et al.  A sub 10 pJ/Cycle Over a 2 to 200 MHz Performance Range RISC- V Microprocessor in 28 nm FDSOI , 2018, ESSCIRC 2018 - IEEE 44th European Solid State Circuits Conference (ESSCIRC).

[34]  Mustapha Hedabou,et al.  Countermeasures for Preventing Comb Method Against SCA Attacks , 2005, ISPEC.

[35]  David R. Canright,et al.  A very compact Rijndael S-box , 2005 .

[36]  Sanu Mathew,et al.  340 mV–1.1 V, 289 Gbps/W, 2090-Gate NanoAES Hardware Accelerator With Area-Optimized Encrypt/Decrypt GF(2 4 ) 2 Polynomials in 22 nm Tri-Gate CMOS , 2015, IEEE Journal of Solid-State Circuits.

[37]  Dirk Fox,et al.  Advanced Encryption Standard (AES) , 1999, Datenschutz und Datensicherheit.