Design of Networked Reconfigurable Encryption Engine Shakith Fernando and Ha Yajun ECE Department, National University of Singapore, Singapore 117576.
[email protected] and
[email protected].
Abstract The current state-of-the-art has given rise to many potential networked appliances that would be able to download new hardware services and upgrades and execute them locally. However this technology has not been widely used. This paper describes a user scenario of networked reconfiguration in encryption application using embedded software and reconfigurable hardware. The appliance’s hardware can be reconfigured at run-time, thus allowing to switch between several encryption standards and achieve hardware acceleration for each encryption standard. The reconfiguration bitstream is retrieved from the network, allowing future flexible scalability. A prototype has been built to demonstrate the functionality of the networked reconfigurable encryption engine.
1. Introduction The internet has become the driving force of embedded systems. Compared to software and ASIC designs, FPGA platforms create a good compromise between high performance and maintaining the capability of reconfiguration. By integrating the internet into this reconfigurable FPGA platform, it is possible to develop networked reconfigurable platforms [1]. This idea of using networked reconfigurable FPGA platforms to provide for functional flexibility and performance acceleration has been seen only in a few applications. For example, in a run time reconfigurable web camera, the computationally intensive image processing takes place in the reconfigurable FPGA. Image processing services are downloaded from the server to the camera and executed as the user requests [2]. In this paper, we describe a networked reconfigurable encryption engine. The FPGA platform provides a flexible solution to various changing encryption algorithms while achieving hardware acceleration needed for computationally intensive processes. The networked reconfigurable platform also provides the flexible implementation of new encryption standards.
Our demonstration prototype consists of a Suzaku Board [3] with Xilinx Spartan3 FPGA [4] to provide reconfigurability and hardware acceleration. Using a Microblaze soft processor [4] running on the FPGA, uclinx [5] (an embedded Linux operating system) runs on top of it to provide the necessary network framework. The use of uclinux eases the re-use of existing open-source network and configuration software, which reduced the development time of the system. For this system, the 128-bit Advanced Encryption Standard (AES) and 64-bit Data Encryption Standard (DES) have been implemented. In the following sections, system architecture, functionality, implementation and experimental results of the completed prototype are described.
2. System Architecture and Functionality The block diagram of the demonstration system is shown in Figure 1, where the Suzaku FPGA board is connected to the web server through a local area network. The FPGA board has also been connected to a PC through the serial port for testing and development. At startup, the Suzaku client contains Spartan3 FPGA which is preloaded with Microblaze Base System (as shown in the Figure 2) and uclinux kernel image with the user application. Apache web server contains three bitstreams pre-generated for the Spartan3 FPGA called Base, AES and DES. At the User Application, the user requests for the encryption standard, AES for example and the Suzaku board connects to the web server and downloads the bitstream and configures the FPGA and allows the user to run the AES test application. At a later time, when the user requests for the DES, it would download the DES bitstream and configure the FPGA to run the DES test application.
Figure 1. System Architecture
Proceedings of the 13th Annual IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM’05) 0-7695-2445-1/05 $20.00 © 2005 IEEE
Figure 2. FPGA Board Architecture
3. System Implementation The main components of the system are described here. A processor is required to handle configuration and network communication. Microblaze was chosen as it is a 32 bit RISC soft processor that can be implemented in the FPGA with a gate count of 1050. Additional IP’s like a memory controller, timer, UART and interrupt controller were connected to Microblaze to provide a base design to develop the system with [4]. (The internal design of the FPGA is shown in Figure 2.) To provide network support and reuse already available software, a version of embedded linux which was ported to Microblaze was chosen to be the operating system [5]. We use open-source encryption code to develop the encryption hardware [6]. The developed hardware is then interfaced to the Microblaze processor through the Onchip Peripheral Bus (OPB) which has a bandwidth of 400MB/s [4]. To efficiently implement software drivers for the encryption, this was interfaced using memory mapped software registers. Using this approach, bitstreams for two encryption cores (AES and DES) have been generated. The flash memory is partitioned to contain the FPGA configuration data and the kernel (as shown in Figure 2). The software application downloads the networked bitstream and writes it to the FPGA area of flash memory. Then the bootloader takes this data and the kernel to configure the FPGA and to load the OS.
4. Experimental Results The demonstration protoype has been built using the Suzaku FPGA Board consisting of Spartan 3 (XC3S400 FT256) FPGA with 4Mb Flash Memory, 16Mb SDRAM and on-board LAN controller. The development configuration of the FPGA is done through the JTAG port connected to a TE7720 configuration controller [3]. The embedded OS uclinux kernel 2.4.22 runs on top of the Microblaze softprocessor to support network reconfiguration. Three con-
figuration data files called BASE, AES and DES were generated and hosted in a web server runnning Red Hat 9. The configuration data file is a binary file which is the bit generated using Xilinx ISE tools [4] with the header component removed. The ”lbplayer2.exe” [3] utility was used to pre-generate the binary from the bit file. The software application downloads this binary data and writes to the FPGA partition of the flash memory (Refer to Figure 2). The performance of the system is described here. The Microblaze base design runs at 6.34MHz with area utilization of 51%. The Microblaze with AES CORE has area utilization of 99% with the AES running at 75MHz. The Microblaze with DES CORE has area utilization of 77% with the DES running at 100MHz. The AES core is a 128bit block with 504 cycles per block with a clock freqeuncy of 75MHz. The achieved throughput of AES is 19.04Mb/s. The DES core is a 64-bit block with 16 cycles per block with a clock freqeuncy of 100MHz. The achieved throughput of DES is 400Mb/s.
5. Conclusions In this paper, we have described a networked reconfiguration platform developed for the encryption application. The encryption processes are accelerated through FPGA implementations. Different encryption algorithms which are available in the network can be selected and dynamically downloaded into the platform to reconfigure the hardware. The implemented networked reconfigurable encryption engine runs AES encryption at a throughput of 19.04Mb/s and DES encryption at a throughput of 400Mb/s. The current design can be expanded to include partial reconfiguration of encryption cores to reduce configuration overhead. Also a Virtual Private Network can be implemented to secure the communication between the server and the client in downloading the bitstreams using authentication and encryption.
References [1] S. Guccione, D. Verkest, I. Bolsens ”Design Technology for Networked Reconfigurable FPGA Platforms”, 2002 Proceedings of Design, Automation and Test in Europe (DATE) Conference, pp. 994997, Paris, March 2002. [2] D. Verkest, et al ”Design of Cam-E-leon: A Run-time Reconfigurable Web Camera”, Embedded Processor Design Challenges – Systems, Architectures, Modeling, and Simulation, Springer, pp 274-290. [3] ”SUZAKU FPGA Board”, http://www.atmarktechno.com/en/product/ suzaku.html, Atmark Techno, Inc. [4] ”Microblaze Soft Processor, Spartan3 FPGA and OPB Bus”, http://www.xilinx.com/, Xilinx, Inc. [5] ”Microblaze uclinux”, http://www.itee.uq.edu.au/ jwilliams/mblazeuclinux/ [6] Javier Castillo Villar, ”Open Source AES and DES Core”, http://www.opencores.org/
Proceedings of the 13th Annual IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM’05) 0-7695-2445-1/05 $20.00 © 2005 IEEE
