Christopher D. Mackey

A Scalable Hardware Architecture to Support Applications of the HAIPE 3.1 Standard

Developers are actively pursuing embedments of the new HAIPE 3.1 standard for secure IP communications. Depending on underlying channel capacities or other aspects of individual applications, different levels of performance may be required. The challenge is to provide a hardware platform that provides the required level of computational support, but optimized with respect to cost, size, weight, etc. This paper will present an overview of these challenges and will describe an innovative, scalable hardware architecture that addresses them. Performance data was gathered for a series of architecture configuration experiments. Performance data is presented along with discussion and recommendations for future work.

High assurance multiplexer techniques for use with secure digital communications

New tactical communications systems are often required to be able to support independent operations on several channels simultaneously where each channel may be operating at a different level of security classification. Maintaining the separation of these channels from a security integrity perspective is possible using a MSLS approach. Using this approach, all communication paths are confined to a single set of closely connected resources.

FPGA-based, multi-processor HW-SW system for Single-Chip Crypto applications

This paper discusses design and analysis of an FPGA-based system containing two isolated, Altera Nios II softcore processors that share data through two custom crypto-engines. FPGA-based Single-Chip Cryptographic (SCC) techniques were employed to ensure full red/black separation. Each crypto-engine is a hardware implementation of the Advanced Encryption Standard (AES), operating in Galois/Counter mode (GCM). The features of the AES crypto-engines were varied with the goal of determining which best achieve high performance or minimal hardware usage. To quantify the costs of red/black separation, a thorough analysis of resource requirements was performed. The hardware/software approach was utilized in order to provide appropriate levels of flexibilty and performance, allowing for a range of target applications.

Realization of a high-assurance multiplexer using FPGA-based single-chip cryptography

A High Assurance Multiplexer can be used to combine all channels of a MSLS system into a single stream that accommodates all of the channels to be transported at each end of the multiplexed link. The multiplexer/demultiplexer is termed “High Assurance” because it guarantees the integrity of the channel separation process such that, even under multiple failure conditions, the design assures that data from one channel is not inadvertently mixed with or sent to another channel.