Seiji Munetoh

A Compact Rijndael Hardware Architecture with S-Box Optimization

Compact and high-speed hardware architectures and logic optimization methods for the AES algorithm Rijndael are described. Encryption and decryption data paths are combined and all arithmetic components are reused. By introducing a new composite field, the S-Box structure is also optimized. An extremely small size of 5.4 Kgates is obtained for a 128-bit key Rijndael circuit using a 0.11-µm CMOS standard cell library. It requires only 0.052 mm2 of area to support both encryption and decryption with 311 Mbps throughput. By making effective use of the SPN parallel feature, the throughput can be boosted up to 2.6 Gbps for a high-speed implementation whose size is 21.3 Kgates.

WS-attestation: efficient and fine-grained remote attestation on Web services

This paper proposes WS-attestation, attestation architecture on Web services framework. We aim at providing software oriented, dynamic and fine-grained attestation mechanism that leverages TCG technologies to increase trust and confidence in integrity reporting. In addition, the architecture allows efficient binding of attestation with application context, privacy protection, as well as infrastructural support for attestation validation.

A High-Speed Small RSA Encryption LSI with Low Power Dissipation

A 1024-bit RSA encryption LSI with DES and MD5 functions was developed. An RSA accelerator core implemented in the LSI is 4.9 MM2 in area, and has three 1024-bit adders that perform doubling, squaring, and exponential operations simultaneously. A 1024-bit RSA operation takes 23 msec with 100mA peak current at the maximum frequency of 45 MHz. A 1024-bit RSA key is generated in 0.3 sec by using arithmetic functions supported by the LSI. The throughputs of DES and MD5 at 45 MHz are 18.9 MB/sec and 29.7 MB/sec, respectively.

Integrity Management Infrastructure for Trusted Computing

Computer security concerns have been rapidly increasing because of repeated security breaches and leakages of sensitive personal information. Such security breaches are mainly caused by an inappropriate management of the PCs, so maintaining integrity of the platform configuration is essential, and, verifying the integrity of the computer platform and software becomes more significant. To address these problems, the Trusted Computing Group (TCG) has developed various specifications that are used to measure the integrity of the platform based on hardware trust. In the trusted computing technology, the integrity data of each component running on the platform is recorded in the security chip and they are securely checked by a remote attestation. The infrastructure working group in the TCG is trying to define an Integrity Management Infrastructure in which the Platform Trust Services (PTS) is a new key component which deals with an Integrity Report. When we use the PTS in the target platform, it is a service component that collects and measures the runtime integrity of the target platform in a secure way. The PTS can also be used to validate the Integrity Reports. We introduce the notion of the Platform Validation Authority, a trusted third party, which verifies the composition of the integrity measurement of the target platform in the Integrity Reports. The Platform Validation Authority complements the role of the current Certificate Authority in the Public Key Infrastructure which attests to the integrity of the user identity as well as to related artifacts such as digital signatures. In this paper, we cover the research topics in this new area, the relevant technologies and open issues of the trusted computing, and the detail of our PTS implementation.

Designing a trust chain for a thin client on a live Linux cd

CD-boot Linuxi is a live Linux environment, which is easy to use because it is not installed in the hard disk, but simply boots directly from a CD. This helps protect the sensitive information because a clean environment can be prepared at boot time. To insure this environment protects sensitive information, we adapted the trusted computing technology to define a trustworthy environment.

ws-Attestation: Enabling Trusted Computing on Web Services

This chapter proposes ws-Attestation, an attestation architecture based upon a Web Services framework. The increasing prevalence of security breaches caused by malicious software shows that the conventional identity-based trust model is insufficient as a protection mechanism. It is unfortunately common for a computing platform in the care of a trustworthy owner to behave maliciously. Zombie computers used to send spam being a common example.

Destructive-read random access memory system buffered with destructive-read memory cache for SoC applications

This paper describes a novel random access memory system. The system is based on a destructive-read memory buffered by a destructive-read memory cache for hidden write back. SRAM comparable random access cycle time (tRC) is achieved, as tRC of the architecture is limited only by the destructive-read time of the memory array. By using a DRAM array as cache, the silicon area is reduced by about 25% from SRAM-cache system. Write back algorithms have been proved by mathematical models, and confirmed by simulations.

Development of a high bandwidth merged logic/DRAM multimedia chip

This paper describes the design methodology and the implementation of a merged logic/DRAM multimedia chip. The design is based on 0.25 micron DRAM-based CMOS technology with 4-layers of metal with device performance enhancement. Details of the architecture and system design of the multi-media was described in Katayama et. al. (1996). The present chip consists of 64 Mb of synchronous DRAM which is organized in two banks of eight 8 Mb SDRAM macros, a gate-array memory control and bus control unit, a custom-designed 8/spl times/32-bit parallel graphic processor, a 64-bit parallel ports for data transfer to/from the host processor bus, a 32-bit serial port for video display, and on-chip PLL. The multi-media co-processor chip provides high-density unified memory, high bus bandwidth (4.3 GB/s peak) and 1+GB/s BITBLT processing functions for an external host processor. The current design, floorplan and layout are structured in a way that, we believe, will provide a general framework for other merged logic/DRAM, ASIC+DRAM design for system scale integration.

Non-intrusive Scalable Memory Access Tracer

Memory access tracing is one of the widely used methods to evaluate, analyze, and optimize hardware and software designs. We are developing a non-intrusive, scalable, full-address-range memory tracer. The tracer hardware board is compliant with the JEDEC DDR3 DIMM form factor, and fits in a DIMM slot. It is so compact that we can populate up to 16 tracer boards in a 4-CPU server chassis, and record the commands and addresses of all the memory accesses. Each board drives four SSDs to record the memory access addresses without a break until the SSDs are full. For example, we can make a trace of a full SPECjbb 2005 run, which lasts 26 minutes and generates over 11TB trace data. In addition to recording memory accesses, it collects various types of statistical data, such as a large number of segmented read/write statistics and DRAM bank utilization rates, and displays them on the control dashboard in real time.

Universal optical multi-drop bus for heterogeneous memory architecture

Emerging non-volatile memory device technologies such as flash, FRAM, and PCM are changing the traditional main memory architecture consisting of DRAM. New architecture-level and OS-level refinements with these memory devices have been proposed. However, in practice, modern high performance processors have difficulties in adding attachment points for new memory interfaces, since the number of off-chip pins are limited due to packaging constraints, and many pins are already in use for existing functions such as SMP links, IO links, and power supplies. In this paper, by taking advantage of optics with multi-drop topology, we propose a novel high-bandwidth low-power memory bus architecture that can connect different memory devices at the same time with a single attachment point on the processor chip. The prototyped 75-Gbps optical multi-drop bus platform can organize DDR2 and DDR3 SDRAM DIMMs on the single bus, and can be attached to a processor with industry-standard 12-ch 250-μm-pitch parallel optical fibers.