The Community for Technology Leaders
RSS Icon
Issue No.04 - October-December (2009 vol.6)
pp: 255-268
Harris E. Michail , University of Patras, Rion
Athanasios P. Kakarountas , University of Patras, Rion
Athanasios S. Milidonis , University of Patras, Rion
Costas E. Goutis , University of Patras, Rion
Many cryptographic primitives that are used in cryptographic schemes and security protocols such as SET, PKI, IPSec, and VPNs utilize hash functions, which form a special family of cryptographic algorithms. Applications that use these security schemes are becoming very popular as time goes by and this means that some of these applications call for higher throughput either due to their rapid acceptance by the market or due to their nature. In this work, a new methodology is presented for achieving high operating frequency and throughput for the implementations of all widely used—and those expected to be used in the near future—hash functions such as MD-5, SHA-1, RIPEMD (all versions), SHA-256, SHA-384, SHA-512, and so forth. In the proposed methodology, five different techniques have been developed and combined with the finest way so as to achieve the maximum performance. Compared to conventional pipelined implementations of hash functions (in FPGAs), the proposed methodology can lead even to a 160 percent throughput increase.
Authentication, VLSI, security and privacy protection, security, integrity, protection.
Harris E. Michail, Athanasios P. Kakarountas, Athanasios S. Milidonis, Costas E. Goutis, "A Top-Down Design Methodology for Ultrahigh-Performance Hashing Cores", IEEE Transactions on Dependable and Secure Computing, vol.6, no. 4, pp. 255-268, October-December 2009, doi:10.1109/TDSC.2008.15
[1] Introduction to Public Key Technology and the Federal PKI Infrastructure, NIST, US Dept. Commerce, SP 800-32, 2001.
[2] Guide to IPSec VPN's, SP800-77, NIST, US Dept. Commerce, 2005.
[3] L. Loeb, Secure Electronic Transactions: Introduction and Technical Reference. Artech House, 1998.
[4] D. Johnston and J. Walker, “Overview of IEEE802.16 Security,” IEEE Security and Privacy, May-June 2004.
[5] I. Mironov, Hash Functions: Theory, Attacks, and Applications. Microsoft Research, Silicon Valley Campus, Oct. 2005.
[6] S. Thomas, SSL and TLS Essentials: Securing the Web. John Wiley and Sons, 2000.
[7] The Keyed-Hash Message Authentication Code (HMAC '07), FIPS 198-1, FIPS Publication 180-1, NIST, US Dept. Commerce, 2007.
[8] N. Potlapally, S. Ravi, A. Ranghunathan, R. Lee, and N. Jha, “Configuration and Extension of Embedded Processors to Optimize IPSec Protocol Execution,” IEEE Trans. VLSI Systems, vol. 15, no. 5, pp. 605-609, May 2007.
[9] A. Dandalis and V. Prasanna, “An Adaptive Cryptographic Engine for IPSec Architectures,” ACM Trans. Design Automation of Electronic Systems, vol. 9, no. 3, pp. 333-353, July 2004.
[10] B. Schneier, Applied Cryptography—Protocols, Algorithms and Source Code in C, second ed. John Wiley and Sons, 1996.
[11] K.S. McCurley, “A Fast Portable Implementation of the Secure Hash Algorithm, Technical Report SAND93-2591, Sandia Nat'l Laboratories, 1994.
[12] J. Nakajima and M. Matsui, “Performance Analysis and Parallel Implementation of Dedicated Hash Functions,” LNCS, vol. 2332, pp. 165-180, 2002.
[13] K. Ballard, DigestIT 2004, index.php?/archivesP2.html, 2004.
[14] P.C. van Oorschot, A. Somayaji, and G. Wurster, “Hardware-Assisted Circumvention of Self-Hashing Software Tamper Resistance,” IEEE Trans. Dependable and Secure Computing, vol. 2, no. 2, pp. 82-92, Apr.-June 2005.
[15] A. Hodjat and I. Verbauwhede, “A 21.54 Gbits/s Fully Pipelined AES Processor on FPGA,” Proc. IEEE Symp. Field-Programmable Custom Computing Machines Systems (FCCM '04), pp. 308-309, 2004.
[16] R.L. Rivest, The MD5 Message Digest Algorithm, IETF Network Working Group, RFC 1321, 1992.
[17] Secure Hash Standard, FIPS 180-1, FIPS Publication 180-1, NIST, US Dept. Commerce, 1995.
[18] H. Dobertin, A. Bosselaers, and B. Prennel, “RIPEMD-160: A Strengthened Version of RIPEMD,” LNCS, vol. 1039, Springer, pp. 71-82, 1996.
[19] Secure Hash Standard, FIPS 180-2, FIPS Publication 180-1, NIST, US Dept. Commerce, 2002.
[20] X. Wang, Y.L. Yin, and H. Yu, “Finding Collisions in the Full SHA1,” LNCS, vol. 3621, Springer, pp. 17-36, 2005.
[21] H. Dobbertin, “The Status of MD5 after a Recent Attack,” RSALabs' CryptoBytes, vol. 2, no. 2, 1996.
[22] S. Dominikus, “A Hardware Implementation of MD4-Family Hash Algorithms,” Proc. IEEE Int'l Conf. Electronics Circuits and Systems (ICECS '02), pp. 1143-1146, 2002.
[23] R. Hoare, P. Menon, and M. Ramos, “427 Mbits/sec Hardware Implementation of the SHA-1 Algorithm in an FPGA,” Proc. IASTED Int'l Conf. Comm. and Computer Networks (CCN '02), pp. 188-193, 2002.
[24] T. Grembowski, R. Lien, K. Gaj, N. Nguyen, P. Bellows, J. Flidr, T. Lehman, and B. Schott, “Comparative Analysis of the Hardware Implementations of Hash Functions Sha-1 and Sha-512,” Proc. Information Security Conf. (ISC '02), vol. 2433, pp. 75-89, 2002.
[25] J.M. Diez, S. Bojanic, C. Carreras, and O. Nieto-Taladriz, “Hash Algorithms for Cryptographic Protocols: FPGA Implementations,” Proc. Telecomm. Forum (TELEFOR), 2002.
[26] G. Selimis, N. Sklavos, and O. Koufopavlou, “VLSI Implementation of the Keyed-Hash Message Authentication Code for the Wireless Application Protocol,” Proc. IEEE Int'l Conf. Electronics Circuits and Systems (ICECS '03), pp. 24-27, 2003.
[27] N. Sklavos, E. Alexopoulos, and O. Koufopavlou, “Networking Data Integrity: High Speed Architectures and Hardware Implementations,” IAJIT J., vol. 1, no. 0, pp. 54-59, 2003.
[28] R. Lien, T. Grembowski, and K. Gaj, “A 1 Gbit/s Partially Unrolled Architecture of Hash Functions SHA-1 and SHA-512,” LNCS, vol. 2964, pp. 324-338, 2004.
[29] N. Sklavos, P. Kitsos, E. Alexopoulos, and O. Koufopavlou, “Open Mobile Alliance (OMA) Security Layer: Architecture, Implementation and Performance Evaluation of the Integrity Unit,” New Generation Computing: Computing Paradigms and Computational Intelligence, vol. 23, no. 1, pp. 77-100, Springer-Verlag, 2005.
[30] I. Yiakoumis, M. Papadomanolakis, H. Michail, A. Kakarountas, and C. Goutis, “Maximizing the Hash Function of Authentication Codes,” IEEE Potentials Magazine, vol. 25, no. 2, pp. 9-12, Mar./Apr. 2006.
[31] Y.K. Lee, H. Chan, and I. Verbauwhede, “Throughput Optimized SHA-1 Architecture Using Unfolding Transformation,” Proc. IEEE 17th Int'l Conf. Application-specific Systems, Architectures and Processors (ASAP '06), pp. 354-359, 2006.
[32] K.K. Ting, S.C.L. Yuen, K.-H. Lee, and P.H.W. Leong, “An FPGA Based SHA-256 Processor,” LNCS, vol. 2438, pp. 577-585, 2002.
[33] N. Sklavos and O. Koufopavlou, “Implementation of the SHA-2 Hash Family Standard Using FPGAs,” J. Supercomputing, vol. 31, pp. 227-248, 2005.
[34] R. Chaves, G.K. Kuzmanov, L.A. Sousa, and S. Vassiliadis, “Improving SHA-2 Hardware Implementations,” Proc. Workshop Cryptographic Hardware and Embedded Systems (CHES '06), pp. 298-310, 2006.
[35] R. Glabba, L. Imbertb, G. Julliena, A. Tisserandb, and N.V. Charvillon, “Multi-Mode Operator for SHA-2 Hash Functions,” J. Systems Architecture, vol. 53, nos. 2-3, pp. 127-138, 2007.
[36] R.P. McEvoy, F.M. Crowe, C.C. Murphy, and P. William, “Optimisation of the SHA-2 Family of Hash Functions on FPGAs,” Proc. Emerging VLSI Technologies and Architectures (ISVLSI '06), pp. 317-322, 2006.
[37] H. Michail, A. Milidonis, A.P. Kakarountas, and C.E. Goutis, “Novel High Throughput Implementation of SHA-256 Hash Function Through Pre-Computation Technique,” Proc. IEEE Int'l Conf. Electronics, Circuits and Systems (ICECS), 2005.
[38] CAST, http://www.cast-inc.comcores, 2008.
[39] Data Security Products, Helion Technology, http://www.helion tech.comauth.htm, 2008.
[40] Hashing Algorithm Generator SHA-256: Technical Data Sheet, , Cadence, 2008.
[41] T. Kim, W.I. Jao, and S. Tjiang, “Arithmetic Optimization Using Carry-Save-Adders,” Proc. 35th ACM/IEEE Design Automation Conf. (DAC '98), pp. 433-438, 1998.
17 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool