Elliptic Curve Cryptography Engineering

In recent years, elliptic curve cryptography (ECC) has gained widespread exposure and acceptance, and has already been included in many security standards. Engineering of ECC is a complex, interdisciplinary research field encompassing such fields as mathematics, computer science, and electrical engineering. In this paper, we survey ECC implementation issues as a prominent case study for the relatively new discipline of cryptographic engineering. In particular,we show that the requirements of efficiency and security considered at the implementation stage affect not only mere low-level, technological aspects but also, significantly, higher level choices, ranging from finite field arithmetic up to curve mathematics and protocols.     

LLVMVF: A Generic Approach for Verification of Multicore Software

Proliferation of multicore hardware boosted the need for verification of multicore software that is running on these hardware. Multicore software demands new verification techniques different from the ones used for sequential software. Many optimized compiler frameworks are arising to address the complexities of multicore software. Among these compilers, Low Level Virtual Machine (LLVM) is especially gaining popularity because i) has a universal front-end that allows to read in many different input languages, ii) aggressive optimizations to improve code performance and quality, and iii) a well-defined intermediate bytecode representation, called LLVM IR, that allows a unified intermediate representation. In this work, we present a novel framework, called LLVM Verification Framework (LLVMVF), implemented in a purely functional language for verification of multicore software. To our knowledge, this is the first verification framework using the LLVM bytecode representation for multicore software. We present an SMT-based Bounded Model Checker backend of LLVMVF and perform initial experiments on multicore software using Pthreads library. Furthermore, we compare our results with an existing multicore software verification tool.     

面向安全协议的虚拟化可编程数据平面

随着网络安全技术的发展,越来越多网络安全协议出现,因此需要网络转发设备对网络安全协议提供支持。可编程数据平面由于其协议的无关性,能够实现安全协议的快速部署。但当前可编程数据平面存在包头多次解析、独占数据平面和密码算法实现难的问题。针对上述问题,该文提出一种面向安全协议的虚拟化可编程数据平面(VCP4),其通过引入描述头降低包头解析次数,提高包头解析效率。使用控制流队列生成器和动态映射表实现可编程数据平面的虚拟化,实现多租户下数据平面的隔离,解决独占数据平面问题。在VCP4的语言编译器中添加密码算法原语,实现密码算法可重用。最后针对VCP4资源利用率,虚拟化性能和安全协议性能进行实验评估,结果显示在实现功能的基础上带来较小的性能损失,且能降低50%的代码量。     

A Platform‐Based SoC Design of a 32‐Bit Smart Card

In this paper, we describe the development of a platform‐based SoC of a 32‐bit smart card. The smart card uses a 32‐bit microprocessor for high performance and two cryptographic processors for high security. It supports both contact and contactless interfaces, which comply with ISO/IEC 7816 and 14496 Type B. It has a Java Card OS to support multiple applications. We modeled smart card readers with a foreign language interface for efficient verification of the smart card SoC. The SoC was implemented using 0.25 µm technology. To reduce the power consumption of the smart card SoC, we applied power optimization techniques, including clock gating. Experimental results show that the power consumption of the RSA and ECC cryptographic processors can be reduced by 32% and 62%, respectively, without increasing the area.     

Compilation Methods for the Address Calculation Units of Embedded Processor Systems

An essential component of today's embedded system is an instruction-set processor running real-time software. All variations of these core components contain at least the minimum data-flow processing capabilities, while a certain class contain specialized units for highly data-intensive operations for Digital Signal Processing (DSP). For the required level of memory interaction, the parallel executing Address Calculation Unit (ACU) is often used to tune the architecture to the memory access characteristics of the application. The design of the ACU is performance critical. In today's typical design flow, this design task is somewhat driven by intuition as the transformation from application algorithm to architecture is complex and the exploration space is immense. Automatic utilities to aid the designer are essential; however, the key compilation techniques which map high-level language constructs onto addressing units have lagged far behind the emergence of these units. This paper presents a new retargetable approach and prototype tool for the analysis of array references and traversals for efficient use of ACUs. In addition to being an enhancement to existing compiler systems, the ArrSyn utility may be used as an aid to architecture exploration. A simple specification of the addressing resources and basic operations drives the available transformations and allows the designer to quickly evaluate the effects on speed and code size of his/her algorithm. Thus, the designer can tune the design of the ACU toward the application constraints. ArrSyn has been successfully used together with a C compiler developed for a VLIW architecture for an MPEG audio decoding application. The combination of these methods with the C compiler showed on average a 39% speedup and 29% code size reduction for a representative set of DSP benchmarks.     

An Overview of a Compiler for Mapping Software Binaries to Hardware

As new applications in embedded communications and control systems push the computational limits of digital signal processing (DSP) functions, there will be an increasing need for software applications to be migrated to hardware in the form of a hardware-software codesign system. In many cases, access to the high-level source code may not be available. It is thus desirable to have a technology to translate the software binaries intended for processors to hardware implementations. This paper provides details on the retargetable FREEDOM compiler. The compiler automatically translates DSP software binaries to register-transfer level (RTL) VHDL and Verilog for implementation on field-programmable gate arrays (FPGAs) as standalone or system-on-chip implementations. We describe the underlying optimizations and some novel algorithms for alias analysis, data dependency analysis, memory optimizations, procedure call recovery, and back-end code scheduling. Experimental results on resource usage and performance are shown for several program binaries intended for the Texas Instruments C 6211 DSP (VLIW) and the ARM 922 T reduced instruction set computer (RISC) processors. Implementation results for four kernels from the Simulink demo library and others from commonly used DSP applications, such as MPEG-4, Viterbi, and JPEG are also discussed. The compiler generated RTL code is mapped to Xilinx Virtex II and Altera Stratix FPGAs. We record overall performance gains of 1.5-26.9 for the hardware implementations of the kernels. Comparisons with the power aware compiler techniques (PACT) high-level synthesis compiler are used to show that software binaries can be used as intermediate representations from any high-level language and generate efficient hardware implementations.     

Generating efficient protocol code from an abstract specification

A protocol compiler takes as input an abstract specification of a protocol and generates an implementation of that protocol. Protocol compilers usually produce inefficient code both in terms of code speed and code size. We show that the combination of two techniques makes it possible to build protocol compilers that generate efficient code. These techniques are: (i) the use of a compiler that generates from the specification a unique tree-shaped automation (rather than multiple independent automata) and (ii) the use of optimization techniques applied at the automation level, i.e., on the branches of the trees. We have developed a protocol compiler that uses both these techniques. The compiler takes as the input a protocol specification written in the synchronous language Esterel. The specification is compiled into a unique automation by the Esterel front end compiler. The automation is then optimized and converted into C code by our protocol optimizer called HIPPCO. HIPPCO improves the code performance and reduces the code size by simultaneously optimizing the performance of the common path and optimizing the size of the uncommon path. We evaluate the gain expected with our approach on a real-life example, namely a working subset of the TCP protocol generated from an Esterel specification. We compare the protocol code generated with our approach to that derived from the standard BSD TCP implementation. The results are very encouraging. HIPPCO-generated code executes up to 25% fewer instructions than the BSD code for input packet processing while only increasing the code size by 25%     

程控交换软件中多任务系统单任务化研究

本文在比较了用多任务模型描述一个多任务实时控制系统和用单任务消息驱动的方式实现这个系统的特点之后指出：只要给多任务模型作适当的修改和限制，那么多任务系统单任务化是可以自动实现的。这样设计者既可以用多任务模型很方便地描述一个系统，又可以用自动生成的、可以在单任务操作系统下高效运行的消息驱动程序去实现这个系统。根据这个思想，本文定义了Ｄ语言，并给出了Ｄ编译器的主要思想。     

一种媒体处理器的高级语言及其编译系统

媒体处理器通常采用汇编语言编程以满足代码大小、性能和能耗方面的要求。本文提出了媒体处理器高级语言的设计原则，并针对Leadtek公司的媒体处理器设计，实现了VP6-C语言及其编译系统。VP6-C语言用于编写多媒体处理中的核心程序，为程序员提供一种C风格的、自然的编程方式。试验结果表明编译生成的目标代码有较高的质量。     

Side-Channel Information Characterisation Based on Cascade-Forward Back-Propagation Neural Network

Traditional cryptanalysis assumes that an adversary only has access to input and output pairs, but has no knowledge about internal states of the device. However, the advent of side-channel analysis showed that a cryptographic device can leak critical information. In this circumstance, Machine learning is known as a powerful and promising method of analysing of side-channel information. In this paper, an experimental investigation on a FPGA implementation of elliptic curve cryptography (ECC) was conducted to explore the efficiency of side-channel information characterisation based on machine learning techniques. In this work, machine learning is used in terms of principal component analysis (PCA) for the preprocessing stage and a Cascade-Forward Back-Propagation Neural Network (CFBP) as a multi-class classifier. The experimental results show that CFBP can be a promising approach in characterisation of side-channel information.     

FACE: Fine-tuned Architecture Codesign Environment for ASIP Development

High-performance, reliable, and robust products with a short development schedule are general design aims. FACE was developed to achieve these goals, including the organization of a design flow, a frequency-driven information analyzer, compiler techniques (code generator and instruction optimization), and a hierarchical object design library. This paper explores the design space of a retargetable compiler and a reconfigurable hardware, which combine both software and hardware reprogrammability. The environment, FACE, we have developed allows us to quickly move the functions between software and hardware in a state of flux. Finally, it generates the application specific integrated processor (ASIP) and a compiler for the new ASIP architecture. The case study is considered which demonstrates the efficiency in ASIP design of FACE.     

Configuration and Extension of Embedded Processors to Optimize IPSec Protocol Execution

Security protocols, such as IPSec and SSL, are being increasingly deployed in the context of networked embedded systems. The resource-constrained nature of embedded systems and, in particular, the modest capabilities of embedded processors make it challenging to achieve satisfactory performance while executing security protocols. A promising approach for improving performance in embedded systems is to use application-specific instruction set processors that are designed based on configurable and extensible processors. In this paper, we perform a comprehensive performance analysis of the IPSec protocol on a state-of-the-art configurable and extensible embedded processor (Xtensa from Tensilica Inc.). We present performance profiles of a lightweight embedded IPSec implementation running on the Xtensa processor, and examine in detail the various factors that contribute to the processing latencies, including cryptographic and protocol processing. In order to improve the efficiency of IPSec processing on embedded devices, we then study the impact of customizing an embedded processor by synergistically 1) configuring architectural parameters, such as instruction and data cache sizes, processor-memory interface width, write buffers, etc., and 2) extending the base instruction set of the processor using custom instructions for both cryptographic and protocol processing. Our experimental results demonstrate that upto 3.2times speedup in IPSec processing is possible over a popular embedded IPSec software implementation     

A framework for secure download for software-defined radio

This article proposes a framework for establishing secure download for software-defined radio (SDR) that follows the current recommendations of SDR-related organizations, and can be employed in a variety of SDR architectures. The main goals of the security system are verification of the declared identity of the source that produces the software to be downloaded, control and verification of integrity of the downloaded data, disabling of the ability to run unauthorized software on the software-defined terminal, and secrecy of the transmitted data to prevent problems such as loss of intellectual property contained in the software. The system includes the following parties: manufacturers of the terminal hardware and software; government authorities relevant for SDR and users of SDR terminals. The underlying ideas for system development include employment of four different cryptographic techniques and tamper-resistant hardware. The cryptographic techniques employed are a secret key encryption technique, a public key encryption technique, a technique for cryptographic hashing, and a technique for digital signature. An important feature of the system is that it provides the possibility to exchange cryptographic components in an automatic manner. The proposed system is flexible, highly secure to protect both users and manufacturers, and provides a framework for the secure commercial implementation of SDR     

A software environment for digital signal-processing simulations

A signal-processing software system is described which allows the simulation of systems described by block diagrams or signal-flow graphs. A high-level data-flow language describes the interconnection of the components. All configurations of interconnections are allowed, including those containing feedback. Component systems (blocks) are allowed to be multi-input, multi-output, and to be programmed in any language. Blocks are implemented as separate processes running under a UNIX² operating system. Input and output signals are transferred between blocks via the UNIXpipe facility. Thedata type of a signal is arbitrary in the context of the compiler; within a component or system, signals and internal variables can be either floating point or fixed point. The compiler enforces strong or weak type checking of signals according to the characteristics of the blocks generating and receiving the signals. The invariance of the program to implementation data type is accomplished by the use of abstract data types. Fixed-point simulations having differing number of bits per signal and per internal variable in a block are supported. Special display software is used to allow any signal in the system to be displayed on any graphics device.This work was supported primarily by Grant MCS-8121884 from the National Science Foundation. The software system described herein may be obtained from the authors.     

面向VLIW结构的高性能代码生成技术

DSP处理器通过采用VLIW结构获得了高性能,同时也增加了编译器为其生成汇编代码的难度.代码生成器作为编译器的代码生成部件,是VLIW结构能够发挥性能的关键.由此提出并实现了一种基于可重定向编译框架的代码生成器.该代码生成器充分利用VLIW的体系结构特点,支持SIMD指令,支持谓词执行,能够生成高度指令级并行的汇编代码,显著提高应用程序的执行性能.