Přístupnostní navigace
E-application
Search Search Close
Publication detail
MARTINÁSEK, Z. HAJNÝ, J. MALINA, L. MATOUŠEK, D.
Original Title
Hardware-Accelerated Encryption with Strong Authentication
Type
conference paper
Language
English
Original Abstract
With the growing amount of data transferred over communication networks, the high-speed encryption systems are becoming a hot topic. The paper is focused on the design and implementation of a hardware-accelerated encryption system based on 100 Gbps FPGA (Field Programmable Gate Array) network cards. First, an AES (Advanced Encryption Standard)-based encryption system is designed and implemented on the FPGA platform using the VHDL (VHSIC Hardware Description Language). The AES core is implemented using the GCM (Galois/Counter Mode) so that both confidentiality and integrity of data are provided. The AES core is then integrated with a strong authentication subsystem based on programmable smart-cards used for storing sensitive cryptographic material. The authentication subsystem implements the IKE protocol using shared secrets. In contrast to existing implementations, the keys used for authentication never leave a tamper-proof device in our system, all cryptographic operations are implemented on the smart-cards. The use of smart-cards significantly increases the security of the system as the keys do not have to be stored on a shared vulnerable file system any more. The resulting system is compliant with IPsec specification and will be interoperable with existing implementations. The paper contains the description of the system, results of the implementation benchmarks on the NFB-40G2 (Xilinx, Virtex-7) cards and proposals for next development.
Keywords
AES, Authentication, Encryption, IPsec, FPGA, GCM, Security, Smart card
Authors
MARTINÁSEK, Z.; HAJNÝ, J.; MALINA, L.; MATOUŠEK, D.
Released
2. 6. 2017
ISBN
2336-5587
Periodical
Security and Protection of Information
Year of study
1
Number
State
Czech Republic
Pages from
Pages to
10
Pages count
BibTex
@inproceedings{BUT136731, author="Zdeněk {Martinásek} and Jan {Hajný} and Lukáš {Malina} and Denis {Matoušek}", title="Hardware-Accelerated Encryption with Strong Authentication", booktitle="Security and Protection of Information", year="2017", journal="Security and Protection of Information", volume="1", number="1", pages="1--10", issn="2336-5587" }