一種高性能硬件加密引擎陣列架構(gòu)

駱建軍; 沈一凡; 周迪; 馮春陽; 鄧江峽

doi:10.11999/JEIT200855

一種高性能硬件加密引擎陣列架構(gòu)

doi: 10.11999/JEIT200855

1.
杭州電子科技大學(xué)微電子研究中心杭州 310018
2.
浙江宇視科技有限公司杭州 310051

基金項(xiàng)目: 國家基礎(chǔ)科研項(xiàng)目(JCKY2018415C001)，浙江省固態(tài)硬盤和數(shù)據(jù)安全技術(shù)重點(diǎn)實(shí)驗(yàn)室(2015E10003)

詳細(xì)信息

作者簡介:
駱建軍：男，1970年生，教授，博士生導(dǎo)師，研究方向?yàn)榧呻娐?、?shù)字存儲(chǔ)和數(shù)據(jù)安全系統(tǒng)

沈一凡：女，1996年生，碩士，研究方向?yàn)榧呻娐?/p>
周迪：男，1975年生，正高級工程師，研究方向?yàn)槲锫?lián)網(wǎng)、視頻安全

馮春陽：男，1966年生，高級工程師，研究方向?yàn)榧呻娐吩O(shè)計(jì)、功率半導(dǎo)體

鄧江峽：女，1983年生，副教授、碩士生導(dǎo)師，研究方向?yàn)樽孕娮訉W(xué)、集成電路設(shè)計(jì)與驗(yàn)證

通訊作者:
鄧江峽　dengjiangxia@hdu.edu.cn

中圖分類號: TN492; TN918.4
計(jì)量
- 文章訪問數(shù): 842
- HTML全文瀏覽量: 390
- PDF下載量: 55
- 被引次數(shù): 0
出版歷程
- 收稿日期: 2020-10-04
- 修回日期: 2021-09-30
- 網(wǎng)絡(luò)出版日期: 2021-10-25
- 刊出日期: 2021-12-21

High Performance Crypto Module with Array of Hardware Engines

1.
Microelectronics Research Institute of Hangzhou Dianzi University, Hangzhou 310018, China
2.
Uniview Research Institute, Hangzhou 310051, China

Funds: The National Basic Research Program (JCKY2018415C001), Zhejiang Key Laboratory Foundation of Solid State Drive and Data Security (2015E10003)

摘要

摘要: 該文提出一種高性能硬件加密引擎陣列架構(gòu)，為大數(shù)據(jù)應(yīng)用提供了先進(jìn)的安全解決方案。該模塊架構(gòu)包括一個(gè)高速接口、一個(gè)中央管理和監(jiān)視模塊(CMMM)、一組多通道驅(qū)動(dòng)加密引擎陣列，其中CMMM將任務(wù)分配給加密引擎，經(jīng)由專用算法處理后再將數(shù)據(jù)傳回主機(jī)。由于接口吞吐量和加密引擎陣列規(guī)模會(huì)限制模塊性能，針對PCIe高速接口，采用MMC/eMMC總線連接構(gòu)建陣列，發(fā)現(xiàn)更多加密引擎集成到系統(tǒng)后，模塊性能將會(huì)得到提升。為驗(yàn)證該架構(gòu)，使用55 nm制程工藝完成了一個(gè)PCIe Gen2×4接口的ASIC加密卡，測試結(jié)果顯示其平均吞吐量高達(dá)419.23 MB。
- 專用集成電路 /
- 安全 /
- 加密 /
- PCIe /
- eMMC
Abstract: A high-performance crypto module prescribed in this paper offers advanced security solutions in big data applications. A module architecture, which consists of a high throughput interface, Central Manage & Monitor Module (CMMM) and multiple channels driving a group of crypto engines, is discussed here. CMMM distributes the tasks to the crypto engines and guides the data back to the host after processing by the dedicated algorithm. Since the module's performance is limited by the interface throughput and the scale of the crypto engines, an array with MMC/eMMC bus connections is built for PCIe high-speed interfaces. The more crypto engines are integrated into a system, the higher performance of this system can reach. To verify this architecture, an ASIC encryption card with PCIe Gen2×4 interface is made under semiconductor manufacturing process technology of 55 nm, and tested. The average throughput of this card can achieve up to 419.23 MB.
- ASIC /
- Security /
- Crypto /
- PCIe /
- eMMC

HTML全文

圖 1 加密模塊架構(gòu)

下載: 全尺寸圖片幻燈片

圖 2 使用MMC接口的加密塊

下載: 全尺寸圖片幻燈片

圖 3 加密引擎結(jié)構(gòu)

下載: 全尺寸圖片幻燈片

圖 4 加密任務(wù)流程

下載: 全尺寸圖片幻燈片

圖 5 一個(gè)MMC主機(jī)驅(qū)動(dòng)多個(gè)MMC設(shè)備

下載: 全尺寸圖片幻燈片

圖 6 MMC設(shè)備在CMD信號上“線與”

下載: 全尺寸圖片幻燈片

表 1 不同情況下的最大總時(shí)延(ms)

	N=1	N=2	N=4	N=8
M=1	24007	12008	6010	3014
M=8	3014	1522	788	445

下載: 導(dǎo)出CSV

表 2 性能測試

	#1	#2	#3	#4
連續(xù)讀(MB/s)	1105.00	1102.00	1103.00	1103.00
連續(xù)寫(MB/s)	912.60	912.10	912.00	912.20
隨機(jī)讀(k-IOPS)	50.85	84.98	82.83	85.23
隨機(jī)寫(k-IOPS)	105.00	104.75	104.75	104.73
吞吐率(MB/s)	420.00	419.00	419.00	428.92

下載: 導(dǎo)出CSV

表 3 隨機(jī)讀寫的時(shí)延(μs)

	平均時(shí)延	最大時(shí)延
隨機(jī)讀(4 kB)	53	1894
隨機(jī)寫(4 kB)	24	1039

下載: 導(dǎo)出CSV

參考文獻(xiàn)(19)

[1]	SEZER S. T1C: IoT Security: -Threats, security challenges and IoT security research and technology trends[C]. Proceedings of 2018 31st IEEE International System-on-Chip Conference, Arlington, USA, 2018: 1–2. doi: 10.1109/SOCC.2018.8618571.
[2]	WAZID M, DAS A K, ODELU V, et al. Secure remote user authenticated key establishment protocol for smart home environment[J]. IEEE Transactions on Dependable and Secure Computing, 2020, 17(2): 391–406. doi: 10.1109/TDSC.2017.2764083
[3]	閆宏強(qiáng), 王琳杰. 物聯(lián)網(wǎng)中認(rèn)證技術(shù)研究[J]. 通信學(xué)報(bào), 2020, 41(7): 213–222. doi: 10.11959/j.issn.1000-436x.2020131 YAN Hongqiang and WANG Linjie. Research of authentication techniques for the Internet of things[J]. Journal on Communications, 2020, 41(7): 213–222. doi: 10.11959/j.issn.1000-436x.2020131
[4]	紀(jì)兆軒, 楊秩, 孫瑜, 等. 大數(shù)據(jù)環(huán)境下SHA1的GPU高速實(shí)現(xiàn)[J]. 信息網(wǎng)絡(luò)安全, 2020, 20(2): 75–82. doi: 10.3969/j.issn.1671-1122.2020.02.010 JI Zhaoxuan, YANG Zhi, SUN Yu, et al. GPU high speed implementation of SHA1 in big data environment[J]. Netinfo Security, 2020, 20(2): 75–82. doi: 10.3969/j.issn.1671-1122.2020.02.010
[5]	孫婷婷, 黃皓, 王嘉倫, 等. 面向CPU-GPU異構(gòu)系統(tǒng)的數(shù)據(jù)分析負(fù)載均衡策略[J]. 計(jì)算機(jī)工程與科學(xué), 2019, 41(3): 417–423. doi: 10.3969/j.issn.1007-130X.2019.03.005 SUN Tingting, HUANG Hao, WANG Jialun, et al. A load balancing strategy on heterogeneous CPU-GPU data analytic systems[J]. Computer Engineering and Science, 2019, 41(3): 417–423. doi: 10.3969/j.issn.1007-130X.2019.03.005
[6]	MENEZES A J, VAN OORSCHOT P C, and VANSTONE S A. Handbook of Applied Cryptography[M]. Boca Raton: CRC Press, 1996: 433–446.
[7]	HANKERSON D, MENEZES A J, and VANSTONE S. Guide to Elliptic Curve Cryptography[M]. New York: Springer Science & Business Media, 2004: 6–14.
[8]	Federal Information Processing Standards Publication 197. Advanced encryption standard (AES)[S]. 2001.
[9]	BUDRUK R, ANDERSON D, and SHANLEY T. PCI Express System Architecture[M]. Boston: Addison-Wesley Professional, 2004: 9–11.
[10]	劉金峒, 梁科, 王錦, 等. SM4加密算法可裁剪式結(jié)構(gòu)設(shè)計(jì)與硬件實(shí)現(xiàn)[J]. 南開大學(xué)學(xué)報(bào):自然科學(xué)版, 2019, 52(4): 41–45. LIU Jintong, LIANG Ke, WANG Jin, et al. Cuttable structure design and hardware implementation of SM4 encryption algorithm[J]. Acta Scientiarum Naturalium Universitatis Nankaiensis:Natural Science Edition, 2019, 52(4): 41–45.
[11]	SUHAILI S B and WATANABE T. Design of high-throughput SHA-256 hash function based on FPGA[C]. Proceedings of the 6th International Conference on Electrical Engineering and Informatics, Langkawi, Malaysia, 2017: 1–6. doi: 10.1109/ICEEI.2017.8312449.
[12]	趙軍, 曾學(xué)文, 郭志川. 支持國產(chǎn)密碼算法的高速PCIe密碼卡的設(shè)計(jì)與實(shí)現(xiàn)[J]. 電子與信息學(xué)報(bào), 2019, 41(10): 2402–2408. doi: 10.11999/JEIT190003 ZHAO Jun, ZENG Xuewen, and GUO Zhichuan. Design and implementation of high speed PCIe cipher card supporting GM algorithms[J]. Journal of Electronics &Information Technology, 2019, 41(10): 2402–2408. doi: 10.11999/JEIT190003
[13]	JEDEC. JESD 84-B50 Embedded multi-media card (e·MMC) electrical standard (5.0)[S]. Arlington: JEDEC Solid State Technology Association, 2013.
[14]	Motorola, Inc. SPI block guide V03.06[S]. Motorola Inc. , 2001.
[15]	Serial ATA International Organization. Serial ATA revision 3.0[S]. Serial ATA International Organization, 2009.
[16]	PATTERSON D A, GIBSON G, and KATZ R H. A case for redundant arrays of inexpensive disks (RAID)[C]. Proceedings of the 1988 ACM SIGMOD International Conference on Management of Data, Chicago, USA, 1988: 109–116. doi: 10.1145/50202.50214.
[17]	CHANG Lipin and KUO T W. An adaptive striping architecture for flash memory storage systems of embedded systems[C]. Proceedings of the Eighth IEEE Real-Time and Embedded Technology and Applications Symposium, San Jose, USA, 2002: 187–196. doi: 10.1109/RTTAS.2002.1137393.
[18]	REDDY A K, PARAMASIVAM P, and VEMULA P B. Mobile secure data protection using eMMC RPMB partition[C]. Proceedings of 2015 International Conference on Computing and Network Communications, Trivandrum, India, 2015: 946–950. doi: 10.1109/CoCoNet.2015.7411305.
[19]	GREMBOWSKI T, LIEN R, GAJ K, et al. Comparative analysis of the hardware implementations of hash functions SHA-1 and SHA-512[C]. Proceedings of the 5th International Conference on Information Security, Sao Paulo, Brazil, 2002: 75–89. doi: 10.1007/3-540-45811-5_6.