基于AES的低成本可重构高速加密引擎

针对商业加密引擎中硬件资源和电路性能平衡问题,提出一种基于AES的低成本可重构的高速加密引擎的设计方案。该方案在AES加密算法的基础上,根据FPGA内在的结构特点,利用VHDL语言对其加密模块进行描述,改善4级流水线结构,结合密码库的扩展设计,使系统达到实时重构安全策略的目的。通过对高速加密引擎的加密模块的实验仿真结果分析和总体性能评估,证明了该加密引擎不仅具有良好的安全性能,而且在速度和资源性能比方面有优势。     

LFSR加密新算法的研究与FPGA实现

提出了一种改进的线性反馈移位寄存器结构的安全加密模型,利用移位寄存器的灵活性高和成本低的特点结合FPGA器件的高速度和可重构的性能,从而使系统达到低成本、可实时配置算法文件和重组安全策略的目的,并详细论述了该模型的改进后的线性反馈移位寄存器加密算法的加密原理,然后介绍了该算法的FPGA实现及可重构技术,最后,通过对改进算法的加密时序图的分析和总体性能的评估,证明了该算法在保证安全性能的基础上具有很好的成本优势和可重构性。     

轻量级安全内存：RISC-V嵌入式微处理器安全增强

近年来,针对嵌入式设备中硬件的新型攻击不断出现,严重威胁嵌入式设备的安全.特别是随着非易失性存储器开始被配备到嵌入式设备中,就需要考虑如何保护配备非易失性存储器的嵌入式设备的安全.安全内存,就是这样一种通过保护内存来增强嵌入式设备安全性的有效手段.通过设计一种安全内存加密引擎来实现安全内存.在保证该安全内存加密引擎足够轻量、开销低的同时,将其集成到RISC-V嵌入式微处理器中,并通过FPGA对该安全内存加密引擎进行了评估.评估结果表明,安全内存加密引擎能够在提升RISC-V嵌入式微处理器安全性的同时,保证其合理的访存性能以及较小的面积开销.研究结果具有良好的参考价值和应用前景.     

面向国产CPU的可重构计算系统设计及性能探究

为了提升国产平台的计算性能,采用国产CPU+FPGA的异构架构,设计了基于国产CPU的可重构计算系统。该系统包括基于国产CPU的主机单元和FPGA可重构加速单元,主机单元负责逻辑判断与管理调度等任务,FPGA负责对计算密集型任务进行加速,并采用OpenCL框架模型进行编程,以缩短FPGA的开发周期。为了验证该系统的性能,采用AES加密算法来测试该系统的计算性能,通过对不同长度的明文进行AES加密测试,并与CPU串行处理结果进行对比,得出：相比于单核FT-1500A CPU串行加密方式,采用可重构计算系统并行加密能够获得120多倍的加速比,且此加速比会随着明文长度的增加而成非线性增大。实验结果表明：基于国产CPU的可重构计算系统能够大幅提升国产平台的计算性能。     

OpenSSL引擎机制与加密套件协商的应用研究

OpenSSL是最常用的安全网络通信协议——SSL/TLS的产品实现.通过OpenSSL的引擎机制,OpenSSL可以使用第三方提供的加密模块代替其底层加密模块保证安全通信,从而提高安全性能和运算性能.本文介绍了OpenSSL引擎机制的原理、引擎的实现技术、加密套件的协商过程及其影响因素,并给出了一种通过控制加密套件协商和引擎机制相结合有效地在OpenSSL中使用第三方加密模块的方法,对OpenSSL引擎的开发与应用都具有指导意义.     

移动电子拍卖系统加密和签名特殊技术

在实现安全的移动电子拍卖系统的实践经验基础上,分析了系统的安全性需求,介绍了移动电子拍卖系统加密和签名特殊技术,包括密钥的生成、存储和更新,服务器端对SOAP消息的加密、解密以及自签名证书密钥模型,客户端加密引擎和签名引擎的实现。该系统可以成功地移植到移动设备中,提高了无线Web服务的安全性。     

面向CGRCA配置比特流的硬件木马攻击防护方法

针对可重构设备配置比特流易遭受硬件木马攻击的问题,提出了基于认证加密硬件安全引擎的防护方法。首先,通过研究CGRCA的结构及配置过程,详细分析了系统面临的安全威胁,并给出面向未加密原始配置流的硬件木马攻击流程和植入方法。针对该攻击流程,研究提出基于改进CCM认证加密机制的防护方法,该方法对原始配置流进行部分加密和认证,硬件层面采用资源复用的双安全引擎进行解密和认证,确保配置比特流的完整性和真实性。仿真实验证明,该防护方法能以较小的面积和时间开销,抵御面向配置流的潜在硬件木马攻击威胁,实现对配置比特流的保护。     

基于异构可重构计算的AES加密系统研究

随着大数据的发展及加密场景的增多,仅以软件运行的加密方式难以满足加密性能的需求;而使用Verilog/VHDL方式实现的FPGA/ASIC加密系统又存在灵活性较差、维护升级困难等问题。针对上述问题,设计并实现了一种基于异构可重构计算的AES算法加密系统,包含了AES算法ECB、CBC、CTR三种主流模式,每种模式实现了128 bit、192 bit、256 bit三种密钥大小的加密。基于FPGA对模块分别进行了硬件加速,同时基于硬件可重构机制实现了不同模式及不同位宽加密模块的动态切换。通过在Intel Stratix 10上实现并验证该系统,实验结果表明：系统中AES-ECB、AES-CTR、AES-CBC吞吐率分别达到116.43 Gbps、60.34 Gbps、4.32 Gbps,ECB模式相比于Intel Xeon E5-2650 V2 CPU和Nvidia GeForce GTX 1080 GPU分别获得了23.18倍与1.43倍的加速比,整体系统相比纯软件方式的计算加速比达到4.72。     

基于FPGA可重构快速密码芯片设计

为提高密码芯片的应用效益,提出了一种基于FPGA可重构的密码芯片实现方法。该方法打破了传统了一类密码芯片采用一种设计方案的模式,通过对FPGA的重构设计,能够动态地实现多种不同计算特征的密码算法芯片。同时对最基础的乘法运算和加法运算,设计了细粒度流水的加速策略。该方案能够重构实现DES、AES、RSA、椭圆曲线密码算法等典型密码算法,对600M的数据文件加密测试,DES的加速比为2.8,AES的加速比为3.6。     

动态部分可重构方法在SDRAM控制器中的应用

动态部分可重构方法应用于FPGA系统设计中,充分利用了FPGA芯片提供的可重配置功能,减小了FPGA芯片的配置时间。通过对可重构方法的研究,提出了基于模块化动态可重构方法应用到SDRAM控制器设计中,给出了重构流程,并对实验结果进行了分析。该方法提高了FPGA芯片的利用率,有效地提高了可重配置计算系统的整体性能。     

Dynamic partial reconfiguration enchanced with security system for reduced area and low power consumption

Field-programmable gate arrays (FPGAs) have travelled far from just being utilized as glue logic to an entire system solution. This is mostly due to their generalized re-configurable nature, lower non-recurring engineering (NRE) expense, and also fast time to market. Owing to the reconfigurable nature of FPGA, a new field called reconfigurable computing that can change the circuit configuration after hardware production came into existence. Application of re-configurable computing for self-adaptive hardware allows hardware to get adapt to various environmental conditions and different needs by swapping or loading disparate computational modules. This work proposes an effectual design methodology (enhanced DPR security system (EDPRSS)) utilized to execute high performance FPGA device in respect of low power consumption along with security for the area reduction. In the proposed technique, hash code generation (HCG) and encryption hardware accelerators can well be dynamically produced on FPGA utilizing partial re-configuration as stated by the application requisites. The system is competent to swap in or swap out the equivalent hardware accelerator during run time, which in turn diminishes the power and area. Here, 2 re-configurable partitions are produced for encryption and also HCG algorithm. Experiential outcomes proved that the proposed technique proffers better performance when contrasted to the other conventional systems.     

Design, Architecture and Performance Evaluation of the Wireless Transport Layer Security

Communication protocols for wireless networks have specified security layers, with high-level encryption strength. The dedicated to security layer of Wireless Application Protocol (WAP), is the Wireless Transport Layer Security (WTLS). In this paper, an efficient architecture for the hardware implementation of WTLS is proposed. The introduced system supports bulk encryption, authentication and data integrity. The proposed architecture operates alternatively for a set of ciphers, IDEA, DES, RSA, D.H., SHA-1 and MD5. It is based on two reconfigurable design units: the Reconfigurable Authentication Unit and the Reconfigurable Integrity Unit. These units operate alternatively for different ciphers and achieve to allocate minimized resources, at the same time. The introduced security system has been implemented in an FPGA device. The supported ciphers performance is compared with previously published works, and it has been proven superior to them, in most of the cases. The system’s synthesis results prove that the proposed architecture is a flexible and powerful solution for WTLS integration of today’s and future wireless networks. The system can be applied to wireless communications servers and mobile devices also. Finally, the proposed architecture can be used as a powerful security engine, in WAP communication networks, with special security demands.     

动态重构硬件加速中的性能开销建模

近年来,随着可重构计算方法和可重构硬件特性的不断演进,基于FPGA动态部分重构技术构建运行时可重构加速器已经成为解决传统加速器设计中硬件资源限制问题的重要途径.然而,区别于传统静态重构加速器,FPGA的动态重构开销是影响硬件加速整体性能的重要因素,而目前尚缺少能够在可重构硬件设计的早期阶段进行动态重构开销精确估算的相关...     

A Reconfigurable Logic-Based Processor for the SCAN Image and Video Encryption Algorithm

This paper presents a detailed architecture and a reconfigurable logic based hardware design of the SCAN algorithm. This architecture can be used to encrypt high resolution images in real-time. Although the SCAN algorithm is a block cipher algorithm with arbitrarily large blocks, the present design is for 64×64 pixel blocks in order to provide real-time image encryption throughput. The architecture was initially targeted at the Xilinx XCV-1000 FPGA, for which design and performance results are presented in the paper.     

基于FPGA的RC4加密算法设计及实现

针对通信安全问题,采用自顶向下的设计方法,设计了一种RC4算法基于FPGA的实现方式,实现了通信数据的加密传输。根据RC4加密算法的原理和设计流程,使用Verilog HDL编程语言,采用有限状态机（FSM）的编程方式实现算法,通过Modelsim SE 10.1a仿真软件进行仿真,并在FPGA开发板上进行验证。采用本文提出的FPGA设计方法实现的RC4加密算法相比软件加密方式和已有的FPGA实现方式速度有明显提高。     

基于FPGA的AES加/解密算法的可重构设计

高级加密标准(AES)的传统实现方法是对加/解密算法进行单独设计,占用了过多的硬件资源。该文在分析AES加/解密算法机理的基础上,介绍了算法各模块的设计方法,通过分析提取了加/解密算法之间存在的共性,给出算法的可重构设计实例。通过FPGA仿真验证,该方案与传统设计方案相比,减少了资源的消耗。     

The secure wavelet transform

There has been an increasing concern for the security of multimedia transactions over real-time embedded systems. Partial and selective encryption schemes have been proposed in the research literature, but these schemes significantly increase the computation cost leading to tradeoffs in system latency, throughput, hardware requirements and power usage. In this paper, we propose a light-weight multimedia encryption strategy based on a modified discrete wavelet transform (DWT) which we refer to as the secure wavelet transform (SWT). The SWT provides joint multimedia encryption and compression by two modifications over the traditional DWT implementations: (a) parameterized construction of the DWT and (b) subband re-orientation for the wavelet decomposition. The SWT has rational coefficients which allow us to build a high throughput hardware implementation on fixed point arithmetic. We obtain a zero-overhead implementation on custom hardware. Furthermore, a Look-up table based reconfigurable implementation allows us to allocate the encryption key to the hardware at run-time. Direct implementation on Xilinx Virtex FPGA gave a clock frequency of 60 MHz while a reconfigurable multiplier based design gave a improved clock frequency of 114 MHz. The pipelined implementation of the SWT achieved a clock frequency of 240 MHz on a Xilinx Virtex-4 FPGA and met the timing constraint of 500 MHz on a standard cell realization using 45 nm CMOS technology.