Embedded System Design for Cryptographic Algorithms

What is an embedded system?

Any mechanical or electrical system that is controlled by a computer working as part of an overall system is called embedded system. A general purpose computer is made to perform a variety of functions. An embedded computer, which may contain a high performance CPU than in general purpose computers one, has a set of specific tasks for which the system is made.

Embedded systems have grown tremendously in recent years. There are three important reasons of this. First, integrated circuit (IC) capacities have increased to the point that both software processors and custom hardware processors now commonly coexist on a single IC. Second, quality compilers and program size increases have led to the common use processor independent C, C++ and Java compilers and integrated design platforms in embedded system design. Third, synthesis technology has advanced to the point that synthesis tools have become commonplace in the design of digital hardware. Synthesis tools achieve nearly the same for hardware design as compilers achieve in software design. They allow the designer to describe desired functionality in high-level programming language, and they the automatically generate an efficient custom-hardware processor implementation.

It is widely recognized that data security will play a central role in the design of future information technology (IT) systems. Until a few years ago, the PC had been the major driver of the digital economy. Recently, however, there has been a shift towards IT applications realized as embedded systems. Many of those applications rely heavily on security mechanisms, including security for wireless phones, faxes, wireless computing, pay-TV, and copy protection schemes for audio/video consumer products and digital cinemas. Note that a large share of those embedded applications will be wireless, which makes the communication channel especially vulnerable and the need for security even more obvious.

This merging of communications and computation functionality requires data processing in real time, and embedded systems have shown to be good solutions for many applications.

In addition to embedded devices, the explosive growth of digital communications also brings additional security challenges. Millions of electronic transactions are completed each day, and the rapid growth of eCommerce has made security a vital issue for many consumers. Specifically, unauthorized access to information must be prevented, privacy must be protected, and the authenticity of electronic documents must be established. Cryptography, or the art and science of keeping messages secure, allows us to solve these problems. We believe that cryptographic engines realized on embedded systems are a promising option for protecting eCommerce systems.

The implementation of cryptographic systems presents several requirements and challenges. First, the performance of the algorithms is often crucial. One needs encryption algorithms to run at the transmission rates of the communication links. Slow running cryptographic algorithms translate into consumer dissatisfaction and inconvenience. On the other hand, fast running encryption might mean high product costs since traditionally, higher speeds were achieved through custom hardware devices.

In addition to performance requirements, guaranteeing security is a formidable challenge. An encryption algorithm running on a general-purpose computer has only limited physical security, as the secure storage of keys in memory is difficult on most operating systems. On the other hand, hardware encryption devices can be securely encapsulated to prevent attackers from tampering with the system. Thus, custom hardware is the platform of choice for security protocol designers. Hardware solutions, however, come with the well-known drawback of reduced flexibility and potentially high costs. These drawbacks are especially prominent in security applications which are designed using new security protocol paradigms.

Many of the new security protocols decouple the choice of cryptographic algorithm from the design of the protocol. Users of the protocol negotiate on the choice of algorithm to use for a particular secure session. The new devices to support these applications, then, must not only support a single cryptographic algorithm and protocol, but also must be “algorithm agile” that is, able to select from a variety of algorithms. For example, IPSec (the security standard for the Internet) allows to choose out of a list of different symmetric as well asymmetric ciphers. Fortunately, many embedded processors combine the flexibility of software on general-purpose computers with the near-hardware speed and better physical security than general-purpose computers.

What We Can Do with Cryptography

Cryptography involves the study of mathematical techniques that allow the practitioner to achieve or provide the following objectives or services:

  • Confidentiality is a service used to keep the content of information accessible to only those authorized to have it. This service includes both protection of all user data transmitted between two points over a period of time as well as protection of trafic flow from analysis.
  • Integrity is a service that requires that computer system assets and transmitted information be capable of modification only by authorized users. Modification includes writing, changing, changing the status, deleting, creating, and the delaying or replaying of transmitted messages
  • Authentication is a service that is concerned with assuring that the origin of a message is correctly identified. That is, information delivered over a channel should be authenticated as to the origin, date of origin, data content, time sent, etc
  • Non-repudiation is a service which prevents both the sender and the receiver of a transmission from denying previous commitments or actions.

These security services are provided by using cryptographic algorithms. There are two major classes of algorithms in cryptography: Private-key or Symmetric-key algorithms and Public-key algorithms.

Steps of the Project

  • Making a VHDL library for cryptographic algorithms
    • Mathematical operations
      • Addition
      • Multiplication
      • Multiplicative inversion
    • Symmetric key systems
      • Block cipher algorithms
        • Advanced Encryption Standard (AES)
        • Data Encryption Standard (DES)
      • Stream cipher algorithms
        • The algorithm used in Bluetooth wireless protocol E0
        • The algorithm used in GSM A5
        • European Union project E-stream candidate SFINKs
        • European Union project E-stream candidate MOSQUITO
        • European Union project E-stream candidate TRIVIUM
    • Public key algorithms
      • Rivest Shamir Adleman (RSA)
      • Elliptic curve cryptosystems (ECC)
  • Implementation of above systems on FPGA
  • Partitioning the above systems into hardware and software and implementing them by embedded system manor according to the below system requirements
    • Fault tolerans and relaibility
    • Real time processing
    • Low power consumption
    • Resistant against side-channel attacks