Implementation of a secure TLS coprocessor on an FPGA

Mark Hamilton; William P. Marnane

doi:10.1016/j.micpro.2015.10.009

Implementation of a secure TLS coprocessor on an FPGA

Mark Hamilton
, William P. Marnane

University College Cork

Research output: Contribution to journal › Article › peer-review

Abstract

In this paper we present a secure implementation architecture of a coprocessor for the TLSv1.2 protocol, on an FPGA. Techniques were used that increase the resistance of the design to side channel attacks, and also protect the private key data from software based attacks. The processor was implemented with a secure true random number generator which incorporates failure detection and thorough post-processing of the random bitstream. The design also includes hardware for signature generation and verification; based on elliptic curve algorithms. The algorithms used for performing the elliptic curve arithmetic were chosen to provide resistance against SPA and DPA attacks. Implementations of the AES and SHA256 algorithms are also included in order to provide full hardware acceleration for a specific suite of the TLSv1.2 protocol. The design is analysed for area and speed on a Virtex 5 FPGA.

Original language	English
Pages (from-to)	167-180
Number of pages	14
Journal	Microprocessors and Microsystems
Volume	40
DOIs	https://doi.org/10.1016/j.micpro.2015.10.009
Publication status	Published - Feb 2016

Keywords

AES
Co-Z
Elliptic curve digital signatures
FPGA
SHA256
SSL/TLS
TRNG

Access to Document

10.1016/j.micpro.2015.10.009

Cite this

@article{0e55eba9c4de47d2bdb2fcafb607d612,

title = "Implementation of a secure TLS coprocessor on an FPGA",

abstract = "In this paper we present a secure implementation architecture of a coprocessor for the TLSv1.2 protocol, on an FPGA. Techniques were used that increase the resistance of the design to side channel attacks, and also protect the private key data from software based attacks. The processor was implemented with a secure true random number generator which incorporates failure detection and thorough post-processing of the random bitstream. The design also includes hardware for signature generation and verification; based on elliptic curve algorithms. The algorithms used for performing the elliptic curve arithmetic were chosen to provide resistance against SPA and DPA attacks. Implementations of the AES and SHA256 algorithms are also included in order to provide full hardware acceleration for a specific suite of the TLSv1.2 protocol. The design is analysed for area and speed on a Virtex 5 FPGA.",

keywords = "AES, Co-Z, Elliptic curve digital signatures, FPGA, SHA256, SSL/TLS, TRNG",

author = "Mark Hamilton and Marnane, \{William P.\}",

year = "2016",

month = feb,

doi = "10.1016/j.micpro.2015.10.009",

language = "English",

volume = "40",

pages = "167--180",

journal = "Microprocessors and Microsystems",

issn = "0141-9331",

publisher = "Elsevier B.V.",

}

TY - JOUR

T1 - Implementation of a secure TLS coprocessor on an FPGA

AU - Hamilton, Mark

AU - Marnane, William P.

PY - 2016/2

Y1 - 2016/2

N2 - In this paper we present a secure implementation architecture of a coprocessor for the TLSv1.2 protocol, on an FPGA. Techniques were used that increase the resistance of the design to side channel attacks, and also protect the private key data from software based attacks. The processor was implemented with a secure true random number generator which incorporates failure detection and thorough post-processing of the random bitstream. The design also includes hardware for signature generation and verification; based on elliptic curve algorithms. The algorithms used for performing the elliptic curve arithmetic were chosen to provide resistance against SPA and DPA attacks. Implementations of the AES and SHA256 algorithms are also included in order to provide full hardware acceleration for a specific suite of the TLSv1.2 protocol. The design is analysed for area and speed on a Virtex 5 FPGA.

AB - In this paper we present a secure implementation architecture of a coprocessor for the TLSv1.2 protocol, on an FPGA. Techniques were used that increase the resistance of the design to side channel attacks, and also protect the private key data from software based attacks. The processor was implemented with a secure true random number generator which incorporates failure detection and thorough post-processing of the random bitstream. The design also includes hardware for signature generation and verification; based on elliptic curve algorithms. The algorithms used for performing the elliptic curve arithmetic were chosen to provide resistance against SPA and DPA attacks. Implementations of the AES and SHA256 algorithms are also included in order to provide full hardware acceleration for a specific suite of the TLSv1.2 protocol. The design is analysed for area and speed on a Virtex 5 FPGA.

KW - AES

KW - Co-Z

KW - Elliptic curve digital signatures

KW - FPGA

KW - SHA256

KW - SSL/TLS

KW - TRNG

UR - https://www.scopus.com/pages/publications/84947581367

U2 - 10.1016/j.micpro.2015.10.009

DO - 10.1016/j.micpro.2015.10.009

M3 - Article

AN - SCOPUS:84947581367

SN - 0141-9331

VL - 40

SP - 167

EP - 180

JO - Microprocessors and Microsystems

JF - Microprocessors and Microsystems

ER -

Implementation of a secure TLS coprocessor on an FPGA

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this