一種高性能硬件加密引擎陣列架構(gòu)
doi: 10.11999/JEIT200855
-
1.
杭州電子科技大學(xué)微電子研究中心 杭州 310018
-
2.
浙江宇視科技有限公司 杭州 310051
基金項(xiàng)目: 國家基礎(chǔ)科研項(xiàng)目(JCKY2018415C001),浙江省固態(tài)硬盤和數(shù)據(jù)安全技術(shù)重點(diǎn)實(shí)驗(yàn)室(2015E10003)
High Performance Crypto Module with Array of Hardware Engines
-
1.
Microelectronics Research Institute of Hangzhou Dianzi University, Hangzhou 310018, China
-
2.
Uniview Research Institute, Hangzhou 310051, China
Funds: The National Basic Research Program (JCKY2018415C001), Zhejiang Key Laboratory Foundation of Solid State Drive and Data Security (2015E10003)
-
摘要: 該文提出一種高性能硬件加密引擎陣列架構(gòu),為大數(shù)據(jù)應(yīng)用提供了先進(jìn)的安全解決方案。該模塊架構(gòu)包括一個(gè)高速接口、一個(gè)中央管理和監(jiān)視模塊(CMMM)、一組多通道驅(qū)動(dòng)加密引擎陣列,其中CMMM將任務(wù)分配給加密引擎,經(jīng)由專用算法處理后再將數(shù)據(jù)傳回主機(jī)。由于接口吞吐量和加密引擎陣列規(guī)模會(huì)限制模塊性能,針對PCIe高速接口,采用MMC/eMMC總線連接構(gòu)建陣列,發(fā)現(xiàn)更多加密引擎集成到系統(tǒng)后,模塊性能將會(huì)得到提升。為驗(yàn)證該架構(gòu),使用55 nm制程工藝完成了一個(gè)PCIe Gen2×4接口的ASIC加密卡,測試結(jié)果顯示其平均吞吐量高達(dá)419.23 MB。Abstract: A high-performance crypto module prescribed in this paper offers advanced security solutions in big data applications. A module architecture, which consists of a high throughput interface, Central Manage & Monitor Module (CMMM) and multiple channels driving a group of crypto engines, is discussed here. CMMM distributes the tasks to the crypto engines and guides the data back to the host after processing by the dedicated algorithm. Since the module's performance is limited by the interface throughput and the scale of the crypto engines, an array with MMC/eMMC bus connections is built for PCIe high-speed interfaces. The more crypto engines are integrated into a system, the higher performance of this system can reach. To verify this architecture, an ASIC encryption card with PCIe Gen2×4 interface is made under semiconductor manufacturing process technology of 55 nm, and tested. The average throughput of this card can achieve up to 419.23 MB.
-
表 2 性能測試
#1 #2 #3 #4 連續(xù)讀(MB/s) 1105.00 1102.00 1103.00 1103.00 連續(xù)寫(MB/s) 912.60 912.10 912.00 912.20 隨機(jī)讀(k-IOPS) 50.85 84.98 82.83 85.23 隨機(jī)寫(k-IOPS) 105.00 104.75 104.75 104.73 吞吐率(MB/s) 420.00 419.00 419.00 428.92 下載: 導(dǎo)出CSV
-
[1] SEZER S. T1C: IoT Security: -Threats, security challenges and IoT security research and technology trends[C]. Proceedings of 2018 31st IEEE International System-on-Chip Conference, Arlington, USA, 2018: 1–2. doi: 10.1109/SOCC.2018.8618571. [2] WAZID M, DAS A K, ODELU V, et al. Secure remote user authenticated key establishment protocol for smart home environment[J]. IEEE Transactions on Dependable and Secure Computing, 2020, 17(2): 391–406. doi: 10.1109/TDSC.2017.2764083 [3] 閆宏強(qiáng), 王琳杰. 物聯(lián)網(wǎng)中認(rèn)證技術(shù)研究[J]. 通信學(xué)報(bào), 2020, 41(7): 213–222. doi: 10.11959/j.issn.1000-436x.2020131YAN Hongqiang and WANG Linjie. Research of authentication techniques for the Internet of things[J]. Journal on Communications, 2020, 41(7): 213–222. doi: 10.11959/j.issn.1000-436x.2020131 [4] 紀(jì)兆軒, 楊秩, 孫瑜, 等. 大數(shù)據(jù)環(huán)境下SHA1的GPU高速實(shí)現(xiàn)[J]. 信息網(wǎng)絡(luò)安全, 2020, 20(2): 75–82. doi: 10.3969/j.issn.1671-1122.2020.02.010JI Zhaoxuan, YANG Zhi, SUN Yu, et al. GPU high speed implementation of SHA1 in big data environment[J]. Netinfo Security, 2020, 20(2): 75–82. doi: 10.3969/j.issn.1671-1122.2020.02.010 [5] 孫婷婷, 黃皓, 王嘉倫, 等. 面向CPU-GPU異構(gòu)系統(tǒng)的數(shù)據(jù)分析負(fù)載均衡策略[J]. 計(jì)算機(jī)工程與科學(xué), 2019, 41(3): 417–423. doi: 10.3969/j.issn.1007-130X.2019.03.005SUN Tingting, HUANG Hao, WANG Jialun, et al. A load balancing strategy on heterogeneous CPU-GPU data analytic systems[J]. Computer Engineering and Science, 2019, 41(3): 417–423. doi: 10.3969/j.issn.1007-130X.2019.03.005 [6] MENEZES A J, VAN OORSCHOT P C, and VANSTONE S A. Handbook of Applied Cryptography[M]. Boca Raton: CRC Press, 1996: 433–446. [7] HANKERSON D, MENEZES A J, and VANSTONE S. Guide to Elliptic Curve Cryptography[M]. New York: Springer Science & Business Media, 2004: 6–14. [8] Federal Information Processing Standards Publication 197. Advanced encryption standard (AES)[S]. 2001. [9] BUDRUK R, ANDERSON D, and SHANLEY T. PCI Express System Architecture[M]. Boston: Addison-Wesley Professional, 2004: 9–11. [10] 劉金峒, 梁科, 王錦, 等. SM4加密算法可裁剪式結(jié)構(gòu)設(shè)計(jì)與硬件實(shí)現(xiàn)[J]. 南開大學(xué)學(xué)報(bào):自然科學(xué)版, 2019, 52(4): 41–45.LIU Jintong, LIANG Ke, WANG Jin, et al. Cuttable structure design and hardware implementation of SM4 encryption algorithm[J]. Acta Scientiarum Naturalium Universitatis Nankaiensis:Natural Science Edition, 2019, 52(4): 41–45. [11] SUHAILI S B and WATANABE T. Design of high-throughput SHA-256 hash function based on FPGA[C]. Proceedings of the 6th International Conference on Electrical Engineering and Informatics, Langkawi, Malaysia, 2017: 1–6. doi: 10.1109/ICEEI.2017.8312449. [12] 趙軍, 曾學(xué)文, 郭志川. 支持國產(chǎn)密碼算法的高速PCIe密碼卡的設(shè)計(jì)與實(shí)現(xiàn)[J]. 電子與信息學(xué)報(bào), 2019, 41(10): 2402–2408. doi: 10.11999/JEIT190003ZHAO Jun, ZENG Xuewen, and GUO Zhichuan. Design and implementation of high speed PCIe cipher card supporting GM algorithms[J]. Journal of Electronics &Information Technology, 2019, 41(10): 2402–2408. doi: 10.11999/JEIT190003 [13] JEDEC. JESD 84-B50 Embedded multi-media card (e·MMC) electrical standard (5.0)[S]. Arlington: JEDEC Solid State Technology Association, 2013. [14] Motorola, Inc. SPI block guide V03.06[S]. Motorola Inc. , 2001. [15] Serial ATA International Organization. Serial ATA revision 3.0[S]. Serial ATA International Organization, 2009. [16] PATTERSON D A, GIBSON G, and KATZ R H. A case for redundant arrays of inexpensive disks (RAID)[C]. Proceedings of the 1988 ACM SIGMOD International Conference on Management of Data, Chicago, USA, 1988: 109–116. doi: 10.1145/50202.50214. [17] CHANG Lipin and KUO T W. An adaptive striping architecture for flash memory storage systems of embedded systems[C]. Proceedings of the Eighth IEEE Real-Time and Embedded Technology and Applications Symposium, San Jose, USA, 2002: 187–196. doi: 10.1109/RTTAS.2002.1137393. [18] REDDY A K, PARAMASIVAM P, and VEMULA P B. Mobile secure data protection using eMMC RPMB partition[C]. Proceedings of 2015 International Conference on Computing and Network Communications, Trivandrum, India, 2015: 946–950. doi: 10.1109/CoCoNet.2015.7411305. [19] GREMBOWSKI T, LIEN R, GAJ K, et al. Comparative analysis of the hardware implementations of hash functions SHA-1 and SHA-512[C]. Proceedings of the 5th International Conference on Information Security, Sao Paulo, Brazil, 2002: 75–89. doi: 10.1007/3-540-45811-5_6. -