Hardware-Accelerated Encryption with Strong Authentication

conference paper

English

With the growing amount of data transferred over communication networks, the high-speed encryption systems are becoming a hot topic. The paper is focused on the design and implementation of a hardware-accelerated encryption system based on 100 Gbps FPGA (Field Programmable Gate Array) network cards. First, an AES (Advanced Encryption Standard)-based encryption system is designed and implemented on the FPGA platform using the VHDL (VHSIC Hardware Description Language). The AES core is implemented using the GCM (Galois/Counter Mode) so that both confidentiality and integrity of data are provided. The AES core is then integrated with a strong authentication subsystem based on programmable smart-cards used for storing sensitive cryptographic material. The authentication subsystem implements the IKE protocol using shared secrets. In contrast to existing implementations, the keys used for authentication never leave a tamper-proof device in our system, all cryptographic operations are implemented on the smart-cards. The use of smart-cards significantly increases the security of the system as the keys do not have to be stored on a shared vulnerable file system any more. The resulting system is compliant with IPsec specification and will be interoperable with existing implementations. The paper contains the description of the system, results of the implementation benchmarks on the NFB-40G2 (Xilinx, Virtex-7) cards and proposals for next development.

AES, Authentication, Encryption, IPsec, FPGA, GCM, Security, Smart card

MARTINÁSEK, Z.; HAJNÝ, J.; MALINA, L.; MATOUŠEK, D.

2. 6. 2017

2336-5587

Security and Protection of Information

1

1

Czech Republic

1

10

10