Design and implementation of a private and public key crypto processor for next-generation it security applications

Abstract

The growing problem of breaches in information security in recent years has created a demand for earnest efforts towards ensuring security in electronic systems. The successful deployment of these electronic systems for ecommerce, Internet banking, government online services, VPNs, mobile commerce, Public Key Infrastructure (PKI), etc., is dependent on the effectiveness of the security solutions. These security concerns are further compounded when resource-constrained environments and real-time speed requirements have to be considered in nextgeneration applications. Consequently, these IT security issues have been a subject of intensive research in areas of computing, networking and cryptography these last few years. This paper presents the design and implementation of a crypto processor, a special-purpose embedded system optimized for the execution of cryptographic algorithms in hardware. This cryptosystem can be used in wide range of electronic devices, which include PCs, PDAs, wireless handsets, smart cards, hardware security modules, network appliances, such as routers, gateways, firewalls, storage and web servers. The proposed crypto processor consists of a 32-bit RISC processor block and several IP cores that accelerates private and public key crypto computations, LZSS data compression, SHA-1 hashing, and wide-operand modular arithmetic computation. These dedicated crypto IP cores, which are implemented as coprocessors, permit high-speed execution of the compute-intensive operations in AES encryption, ECC and RSAbased digital signature, and other PKI-enabling functions. The proposed embedded system is designed using SoC technology, with hardware described in VHDL and the embedded software coded in C. The resulting cryptohardware is implemented into a single Altera Stratix FPGA microchip. The operating system frequency is set to 40 MHz. A demonstration application prototype in the form of a real-time secure e-document application has been developed to verify the functionality and validate the embedded system.