Karim Moussa Ali Abdellatif

FPGA-Based High Performance AES-GCM Using Efficient Karatsuba Ofman Algorithm

AES-GCM has been utilized in various security applications. It consists of two components: an Advanced Encryption Standard (AES) engine and a Galois Hash (GHASH) core. The performance of the system is determined by the GHASH architecture because of the inherent computation feedback. This paper introduces a modification for the pipelined Karatsuba Ofman Algorithm (KOA)-based GHASH. In particular, the computation feedback is removed by analyzing the complexity of the computation process. The proposed GHASH core is evaluated with three different implementations of AES ( BRAMs-based SubBytes, composite field-based SubBytes, and LUT-based SubBytes). The presented AES-GCM architectures are implemented using Xilinx Virtex5 FPGAs. Our comparison to previous work reveals that our architectures are more performance-efficient (Thr. /Slices).

Efficient AES-GCM for VPNs using FPGAs

Since its acceptance as the adopted authenticated encryption algorithm, AES-GCM has been utilized in various security-constrained applications. This paper describes the benefits of adding key-synthesized property to AES-GCM using FPGAs. Presented architectures can be used for applications which require encryption and authentication with slow changing keys like Virtual Private Networks (VPNs). Our architectures were evaluated using Virtex4 and Virtex5 FPGAs. It is shown that the performance of the presented AES-GCM architecture outperforms the previously reported ones.

High speed authenticated encryption for slow changing key applications using reconfigurable devices

Since its acceptance as the adopted authenticated encryption algorithm, AES-GCM has been utilized in various security-constrained applications. This paper describes the benefits of adding key-synthesized property to AES-GCM using FPGAs. Presented architectures can be used for applications which require encryption and authentication with slow changing keys like Virtual Private Networks (VPNs). Three methods are selected to implement the SubBytes of AES to increase the flexibility of the presented work. Furthermore, we propose a protocol to protect the bitstream of the proposed architectures. Our architectures were evaluated using Virtex5 and Virtex4 FPGAs. It is shown that the performance of the presented AES-GCM architectures outperforms the previously reported ones.

Authenticated encryption on FPGAs from the static part to the reconfigurable part

Recently, techniques have been invented to combine encryption and authentication into a single algorithm which is called Authenticated Encryption (AE). Combining these two security services in hardware produces smaller area compared to two separate algorithms. AE is implemented in the static part of the FPGA (FPGA silicon) in order to secure the reconfiguration process to ensure the confidentiality and integrity of the bitstream. Also, it is used in the reconfigurable part of the FPGA to support applications which need security requirements like Virtual Private Networks (VPNs). This paper presents two different directions for implementing AE cores on FPGAs. First, we present efficient ASIC implementations of AE algorithms, counter with Cipher Block Chaining Mode (CCM) and Galois Counter Mode (GCM), which are used in the static part of the FPGA in order to secure the reconfiguration process. Our focus on state of the art algorithms for efficient implementations leads to propose efficient compact architectures in order to be used for FPGA bitstream security. Presented ASIC architectures were evaluated by using 90 and 130nm technologies. Second, high-throughput GCM architectures are implemented in the reconfigurable part of the FPGA by taking the advantage of slow changing key environments like VPNs and embedded memory protection. The proposed architectures were evaluated using Virtex5 and Virtex4 FPGAs. It is shown that the performance of the presented work outperforms the previously reported ones.

Improved method for parallel AES-GCM cores using FPGAs

This paper proposes an efficient method for implementing parallel AES-GCM cores using FPGAs. The proposed method improves the performance of the parallel architecture (Throughput/Slice). Presented architectures can be used for applications which require encryption and authentication with slow changing keys like Virtual Private Networks (VPNs). Our architectures were evaluated using Virtex5 FPGAs. It is shown that the performance of the presented parallel AES-GCM architecture outperforms the previously reported ones.

Lightweight and compact solutions for secure reconfiguration of FPGAs

Reconfiguration of FPGAs is becoming increasingly popular particularly in networking applications. In order to protect FPGA designs against attacks, secure reconfiguration must be performed. This paper introduces low cost solutions for protecting FPGA designs. This is achieved by implementing low cost hardware architectures of authenticated encryption (AES-CCM, AES-GCM, and PRESENT-GCM) in the static part of the FPGA to perform the decryption and the authentication of bitstreams. Presented architectures were evaluated by using 90 and 130 nm technologies.

Efficient parallel-pipelined GHASH for message authentication

AES/GCM is a common mode for authenticated encryption. One of its components is Galois HASH (GHASH) which achieves the authentication task. In this work, we present an efficient key independent hardware implementation for parallel-pipelined GHASH. Karatsuba Ofman Algorithm (KOA) is used for Galois Field (GF) multiplication. Unlike previous parallel hardware architectures based on KOA, we use only one reduction array for all parallel KOA multipliers. Therefore, an area optimized design is achieved. In addition, pipelined KOA is adopted to get higher clock frequency. 4-Parallel pipelined GHASH is evaluated using Xilinx Virtex5. It occupies 7.128k Slices and achieves 113.8 Gbps as an authentication throughput. Higher hardware efficiency (throughput/slice) in comparison with prior art (Key independent GHASH) is achieved.

New Partitioning Approach for Hardware Trojan Detection Using Side-Channel Measurements

Hardware Trojans have emerged as a security threat to many critical systems. In particular, malicious hardware components can be inserted at the foundry for implementing hidden backdoors to leak secret information. In this paper, we present a new method to partition the circuit under test into blocks in order to obtain different side-channel signatures per chip. Each signature indicates which block is off or on in terms of the dynamic power switching activity. As a result, there are different co-existing decisions to more precisely detect the Trojan instead of one decision resulting from one side-channel signature. Moreover, this method detects in which block the Trojan exists. AES was used as an example to be divided into blocks. Sakura-G was used as an implementation target. The obtained results give four decisions to enhance Trojan existence and position. This paper also presents a methodology for Trojan detection using a cryptographic protocol to secure the detection process.

Protecting FPGA bitstreams using authenticated encryption

This paper describes low cost solution for bitstream security by adding authentication and encryption to the reconfiguration process using Authenticated Encryption (AE). Compact ASIC architecture for AE is presented: Counter with Cipher Block Chaining-Message Authentication Code (CCM). Proposed architecture utilizes Advanced Encryption Standard (AES) in Counter mode (CTR) for encryption. For authentication, AES in Cipher Block Chaining (CBC) is used. Therefore, one architecture of AES for both encryption and authentication decreases the consumed area. In addition, using AES in 32-bit enhances the compact architecture. Our design was evaluated by using a 90 nm CMOS standard cell library. The proposed architecture of CCM requires 0.045 mm2. In term of speed, CCM works with 407 Mbps. Our proposed architecture can be used efficiently for secure configuration of FPGAs.

Towards high performance GHASH for pipelined AES-GCM using FPGAs (abstract only)

AES-GCM has been utilized in various security applications. It consists of two components: an Advanced Encryption Standard (AES) engine and a Galois Hash (GHASH) core. The performance of the system is determined by the GHASH architecture because of the inherent computation feedback. This paper introduces a modification for the pipelined Karatsuba Ofman Algorithm (KOA)-based GHASH. In particular, the computation feedback is removed by analyzing the complexity of the computation process. The proposed GHASH core is evaluated with three different implementations of AES ( BRAMs-based SubBytes, composite field-based SubBytes, and LUT-based SubBytes). The presented AES-GCM architectures are implemented using Xilinx Virtex5 FPGAs. Our comparison to previous work reveals that our architectures are more performance-efficient (Thr. /Slices).