IPSecco: A lightweight and reconfigurable IPSec core

In this paper we propose a reconfigurable lightweight Internet Protocol Security (IPSec) hardware core. Our architecture supports the main IPSec protocols; namely Authentication Header (AH), Encapsulating Security Payload (ESP), and Internet Key Exchange (IKE). In this work, the cryptographic algorithms and their modes of operation, which are at the heart of the IPSec protocols, are implemented in hardware. Instead of re-implementing common IPSec configurations, which are deemed “too heavy” for pervasive devices, we evaluate efficient implementations of standardized and/or well-known lightweight and hardware-friendly algorithms. In particular, we examine different versions of Present, Grøstl, Photon, and a very compact ECC core. As a consequence, we present IPSecco, a core with adequate security and only moderate resource requirements, making it suitable for lightweight devices. We selected the Xilinx Spartan family of Field Programmable Gate Arrays (FPGA) as target platform due its low-power footprint and reduced costs compared to other FPGAs. Our results show that it is possible to realize a high performance IPSec core even on members of the Spartan-3 family.

[1]  Christof Paar,et al.  Ultra-Lightweight Implementations for Smart Devices - Security for 1000 Gate Equivalents , 2008, CARDIS.

[2]  John W. Lockwood,et al.  IPSec implementation on Xilinx Virtex-II Pro FPGA and its application , 2005, 19th IEEE International Parallel and Distributed Processing Symposium.

[3]  Tim Güneysu,et al.  Generic Side-Channel Countermeasures for Reconfigurable Devices , 2011, CHES.

[4]  Kazumaro Aoki,et al.  SEC X.2: Recommended Elliptic Curve Domain Parameters , 2008 .

[5]  Hongyi Chen,et al.  A Gbps IPSec SSL Security Processor Design and Implementation in an FPGA Prototyping Platform , 2010, J. Signal Process. Syst..

[6]  Ingrid Verbauwhede,et al.  A compact FPGA-based architecture for elliptic curve cryptography over prime fields , 2010, ASAP 2010 - 21st IEEE International Conference on Application-specific Systems, Architectures and Processors.

[7]  Florian Mendel,et al.  Symmetric Cryptography , 2009 .

[8]  Panu Hämäläinen,et al.  Design and Implementation of Low-Area and Low-Power AES Encryption Hardware Core , 2006, 9th EUROMICRO Conference on Digital System Design (DSD'06).

[9]  Tim Güneysu,et al.  MicroECC: A Lightweight Reconfigurable Elliptic Curve Crypto-processor , 2011, 2011 International Conference on Reconfigurable Computing and FPGAs.

[10]  B Guido,et al.  Cryptographic sponge functions , 2011 .

[11]  Elif Bilge Kavun,et al.  RAM-Based Ultra-Lightweight FPGA Implementation of PRESENT , 2011, 2011 International Conference on Reconfigurable Computing and FPGAs.

[12]  Thomas Peyrin,et al.  The PHOTON Family of Lightweight Hash Functions , 2011, IACR Cryptol. ePrint Arch..

[13]  D. McGrew,et al.  The Galois/Counter Mode of Operation (GCM) , 2005 .

[14]  Li Wang,et al.  A Configurable IPSec Processor for High Performance In-Line Security Network Processor , 2011, 2011 Seventh International Conference on Computational Intelligence and Security.

[15]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[16]  Jens-Peter Kaps,et al.  Efficient Hardware Accelerator for IPSec Based on Partial Reconfiguration on Xilinx FPGAs , 2011, 2011 International Conference on Reconfigurable Computing and FPGAs.