An embedded system for networking security applying cryptographic acceleration in field programmable gate array hardware

Abstract

The Internet is an insecure medium. The Secure Socket Layer (SSL) protocol and its successor Transport Layer Security (TLS) can be used to secure applications that communicate over a network. The most widely deployed, freely available implementation of the SSL/TLS protocol is the OpenSSL library. When using the SSL/TLS protocol, the computational power required is typically too much for most embedded systems, because cryptographic functions are computationally extensive. The solution to this problem would be to perform hardware acceleration of computationally intensive cryptographic functions. This thesis proposes an embedded cryptosystem with Field Programmable Gate Array based hardware acceleration for networking security, applying the OpenSSL cryptographic protocol. The key cryptographic functions used in SSL/TLS-driven connections are Advanced Encryption Standard (AES), Secure Hash Algorithm (SHA), Rivest-Shamir-Adleman (RSA), and Random Number Generation (RNG). The AES hardware symmetric cryptographic hardware core is newly designed, the SHA-1, SHA-2, RNG, and RSA cores are improved from previous work, and the system bus interface of these hardware cores are upgraded. All of these hardware cores are integrated into an embedded system implemented as a System-on-Chip. Finally, the OpenSSL cryptographic library is accelerated using this cryptosystem to improve the performance of networking security. Nios2-Linux Real Time Operating System is used within the embedded system. It provides native support for Ethernet, Universal Serial Bus, multitasking, standard Linux functions, and has a large collections of ready-to-use libraries, which includes the OpenSSL library. Applications are written to test, verify, and benchmark the embedded cryptosystem. Results show an improvement in performance by 9 to 278 times of the OpenSSL crypto library, depending on the algorithm accelerated. The performance for networking security using the SSL/TLS protocol through the OpenSSL library is also improved.