FOREX Press I. J. of Electrical & Electronics Research
Support Open Access
  • Home/
  • IJEER-100231

Research Article |

Design of an Integrated Cryptographic SoC Architecture for Resource-Constrained Devices

Author(s) : Guard Kanda1 and Kwanki Ryoo2

Published In : International Journal of Electrical and Electronics Research (IJEER)        Volume 10, Issue 2

Publisher : FOREX Publication

Published : 10 June 2022

e-ISSN : 2347-470X

Page(s) : 230-244

DOI: https://doi.org/10.37391/IJEER.100231

Abstract

One of the active research areas in recent years that has seen researchers from numerous related fields converging and sharing ideas and developing feasible solutions is the area of hardware security. The hardware security discipline deals with the protection from vulnerabilities by way of physical devices such as hardware firewalls or hardware security modules rather than installed software programs. These hardware security modules use physical security measures, logical security controls, and strong encryption to protect sensitive data that is in transit, in use, or stored from unauthorized interferences. Without mechanisms to circumvent the ever-evolving attacking strategies on hardware devices and the data that they process or store, billions of dollars will always be lost to attackers who ply their trade by targeting such vulnerable devices. This paper, therefore, proposes an integrated cryptographic SoC architecture solution to this menace. The proposed architecture provides security by way of key exchange, management, and encryption. The proposed architecture is based on a True Random Number generator core that generates secret keys that are used in Elliptic Curve Diffie-Hellman Key Exchange to perform elliptic curve scalar multiplication to obtain public and shared keys after the exchange of the public keys. The proposed architecture further relies on a Key Derivation Function based on the CubeHash algorithm to obtain Derived Keys that provide the needed security using the ChaCha20_Poly1305 Authenticated Encryption with Associated (AEAD) Data Core. The proposed Integrated SoC architecture is interconnected by AMBA AHB-APB on-chip bus and the system is scheduled and controlled using the PicoRV32 opensource RISC-V processor. The proposed architecture is tested and verified on the Virtex-4 FPGA board using a custom-designed GUI desktop application.

Keywords: PicoRV32, ECC, FPGA, TRNG, AEAD_ChaCha20_Poly1305




Guard Kanda, Department of Info, and Comm. Engineering, Hanbat National University, Daejeon, South Korea; Email: guardkanda@gmail.com

Kwangki Ryoo, Department of Info, and Comm. Engineering, Hanbat National University, Daejeon, South Korea; Email: kkryoo@gmail.com

[1] “Number of IoT devices 2015-2025,” Statista. https://www.statista.com/statistics/471264/iot-number-of-connected-devices-worldwide/ (accessed May 08, 2022).[Cross Ref]

[2] “Five ways IoT can make your life easier.” https://www.metrikus.io/blog/five-ways-iot-can-make-your-life-easier (accessed May 08, 2022).[Cross Ref]

[3] “The 3 Biggest Factors in IoT Technology Success.” https://www.samsungsds.com/la/insights/IoT-success-factors-eng.html (accessed May 08, 2022).[Cross Ref]

[4] “Top Cybersecurity Threats in 2021,” University of San Diego Online Degrees, Sep. 13, 2016. https://onlinedegrees.sandiego.edu/top-cyber-security-threats/ (accessed May 08, 2022).[Cross Ref]

[5] M. Bellare and P. Rogaway, “Minimizing the use of random oracles in authenticated encryption schemes,” in Information and Communications Security, Berlin, Heidelberg, 1997, pp. 1–16. doi: 10.1007/BFb0028457.[Cross Ref]

[6] M. Abdalla, M. Bellare, and P. Rogaway, “DHAES: An Encryption Scheme Based on the Diffie-Hellman Problem,” Feb. 1970.

[7] M. Abdalla, M. Bellare, and P. Rogaway, “The Oracle Diffie-Hellman Assumptions and an Analysis of DHIES,” in Topics in Cryptology — CT-RSA 2001, Berlin, Heidelberg, 2001, pp. 143–158. doi: 10.1007/3-540-45353-9_12.[Cross Ref]

[8] T. Elgamal, “A public key cryptosystem and a signature scheme based on discrete logarithms,” IEEE Transactions on Information Theory, vol. 31, no. 4, pp. 469–472, Jul. 1985, doi: 10.1109/TIT.1985.1057074.[Cross Ref]

[9] American National Standards Institute, “ANSI X9.63, (2001). Public Key Cryptography for the Financial Services Industry: Key Agreement and Key Transport Using Elliptic Curve Cryptography,” Nov. 2001, [Online]. Available: https://standards.globalspec.com/std/26827/X9.63[Cross Ref]

[10] “IEEE Standard Specifications for Public-Key Cryptography - Amendment 1: Additional Techniques,” IEEE Std 1363a-2004 (Amendment to IEEE Std 1363-2000), pp. 1–167, Sep. 2004, doi: 10.1109/IEEESTD.2004.94612.[Cross Ref]

[11] V. G. Martínez, F. H. Álvarez, L. H. Encinas, and C. S. Ávila, “Analysis of ECIES and Other Cryptosystems Based on Elliptic Curves,” p. 9.[Cross Ref]

[12] G. Kanda, A. O. A. Antwi, and K. Ryoo, “Hardware Architecture Design of AES Cryptosystem with 163-Bit Elliptic Curve,” in Advanced Multimedia and Ubiquitous Engineering, Singapore, 2019, pp. 423–429. doi: 10.1007/978-981-13-1328-8_55.[Cross Ref]

[13] G. Kanda and K. Ryoo, “Efficient Implementation of Digital Standard Cells-Based True Random Number Generator for Securing FPGA Designs,” TEST Engineering & Management, vol. 83, pp. 3996–4007, Mar. 2020.[Cross Ref]

[14] G. Kanda and K. Ryoo, “High-Throughput Low-Area Hardware Design of Authenticated Encryption with Associated Data Cryptosystem that Uses ChaCha20 and Poly1305,” IJRTE, vol. 8, no. 2S6, pp. 86–94, Sep. 2019, doi: 10.35940/ijrte.B1017.0782S619.[Cross Ref]

[15] PicoRV32 - A Size-Optimized RISC-V CPU. Yosys Headquarters, 2022. Accessed: May 08, 2022. [Online]. Available: https://github.com/YosysHQ/picorv32[Cross Ref]

[16] “Elliptic-curve Diffie–Hellman,” Wikipedia. Apr. 29, 2022. Accessed: May 08, 2022. [Online]. Available: https://en.wikipedia.org/w/index.php?title=Elliptic-curve_Diffie%E2%80%93Hellman&oldid=1085310059[Cross Ref]

[17] W. Diffie and M. Hellman, “New directions in cryptography,” IEEE Transactions on Information Theory, vol. 22, no. 6, pp. 644–654, Nov. 1976, doi: 10.1109/TIT.1976.1055638.[Cross Ref]

[18] A. Rukhin et al., “A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications,” p. 131.[Cross Ref]

[19] D. J. Bernstein, “CubeHash specification (2.B.1),” p. 4.[Cross Ref]

[20] “Announcing Request for Candidate Algorithm Nominations for a New Cryptographic Hash Algorithm (SHA-3) Family,” Federal Register, Nov. 02, 2007. https://www.federalregister.gov/documents/2007/11/02/E7-21581/announcing-request-for-candidate-algorithm-nominations-for-a-new-cryptographic-hash-algorithm-sha-3 (accessed May 08, 2022).[Cross Ref]

[21] H. Krawczyk, “Cryptographic Extraction and Key Derivation: The HKDF Scheme,” in Advances in Cryptology – CRYPTO 2010, vol. 6223, T. Rabin, Ed. Berlin, Heidelberg: Springer Berlin Heidelberg, 2010, pp. 631–648. doi: 10.1007/978-3-642-14623-7_34.[Cross Ref]

[22] D. J. Bernstein, “ChaCha, a variant of Salsa20,” p. 6.

[23] D. J. Bernstein, “The Poly1305-AES Message-Authentication Code,” in Fast Software Encryption, Berlin, Heidelberg, 2005, pp. 32–49. doi: 10.1007/11502760_3.[Cross Ref]

[24] Y. Nir and A. Langley, “ChaCha20 and Poly1305 for IETF Protocols,” Internet Engineering Task Force, Request for Comments RFC 7539, May 2015. doi: 10.17487/RFC7539.[Cross Ref]

[25] A. O. Freier, P. Karlton, and P. C. Kocher, “The Secure Sockets Layer (SSL) Protocol Version 3.0,” Internet Engineering Task Force, Request for Comments RFC 6101, Aug. 2011, doi: 10.17487/RFC6101.[Cross Ref]

[26] M. Bellare and C. Namprempre, “Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm,” J Cryptol, vol. 21, no. 4, pp. 469–491, Oct. 2008, doi: 10.1007/s00145-008-9026-x.[Cross Ref]

[27] J. Gorban, “UART IP Core Specification,” p. 18.

[28] “Implementation of a secure TLS coprocessor on an FPGA,” Microprocess. Microsyst., vol. 40, no. C, pp. 167–180, Feb. 2016, doi: 10.1016/j.micpro.2015.10.009.[Cross Ref]

[29] T. David, B. Johan, and C. Lin, (2021), "Research on Real-time Data Transmission between IoT Gateway and Cloud Platform based on Two-way Communication Technology," International Journal of Smartcare Home, vol. 1, no. 1, pp. 61-74, Jun. 2021.[Cross Ref]

[30] I. S. Fathi, M. A. Ahmed, M. A. Makhlouf, and E. A. Osman, "Compression Techniques of Biomedical Signals in Remote Healthcare Monitoring Systems: A Comparative Study," International Journal of Hybrid Information Technologies, vol. 1, no. 1, pp. 33-50, Sep. 2021, doi: 10.21742/IJHIT.2021.1.1.03.[Cross Ref]

[31] S. Y. Lee, "Blockchain-based Medical Information Sharing Service Architecture," International Journal of IT-based Public Health Management, vol. 8, no. 1, pp.27-32, Sep. 2021, doi: 10.21742/IJIPHM.2021.8.1.04.[Cross Ref]

[32] S. A. Alhumrani and Jayaprakash Kar, "Cryptographic Protocols for Secure Cloud Computing", International Journal of Security and Its Applications, NADIA, ISSN: 1738-9976 (Print); 2207-9629 (Online), vol.10, no.2, February (2016), pp. 301-310, http://dx.doi.org/10.14257/ijsia.2016.10.2.27.[Cross Ref]

Guard Kanda and Kwanki Ryoo (2022), Design of an Integrated Cryptographic SoC Architecture for Resource-Constrained Devices. IJEER 10(2), 230-244. DOI: 10.37391/IJEER.100231.