Efficient small-sized implementation of the keyed-hash message authentication code (original) (raw)
Related papers
Maximizing the hash function of authentication codes
Potentials, …, 2006
A DESIGN APPROACH to create smallsized, high-speed implementations of the keyed-hash message authentication code (HMAC) is the focus of this article. The goal of this approach is to increase the HMAC throughput to a level that can be used in modern telecommunication applications such as virtual private networks (VPNs) and the oncoming 802.11n. We focus on increasing the maximum operating frequency that, compared to commercially available IP cores, ranges from 30% to 390%. The proposed implementation doesn't introduce significant area penalty. More specifically, the overall increase in lookup tables required by our implementation is less than 10% compared to that of other implementations.
2005
In this paper an efficient implementation, in terms of performance, of the keyed-hash message authentication code (HMAC) using the SHA-256 hash function is presented. This mechanism is used for message authentication in combination with a shared secret key. The proposed hardware implementation, invokes a partially unrolled implementation for the underlying hash function leading to a high-throughput and low-power implementation for the whole HMAC construction. Special care has been taken so that the proposed implementation doesn't introduce extra design complexity; while in parallel functionality was kept to the required levels.
High-speed FPGA implementation of secure hash algorithm for IPSec and VPN applications
The Journal of …, 2006
Hash functions are special cryptographic algorithms, which are applied wherever message integrity and authentication are critical. Implementations of these functions are cryptographic primitives widely used in common cryptographic schemes and security protocols such as Internet Protocol Security (IPSec) and Virtual Private Network (VPN). In this paper, a novel FPGA implementation of the Secure Hash Algorithm 1 (SHA-1) is proposed. The proposed architecture exploits the benefits of pipeline and re-timing of execution through pre-computation of intermediate temporal values. Pipeline allows division of the calculation of the hash value in four discreet stages, corresponding to the four required rounds of the algorithm. Re-timing is based on the decomposition of the SHA-1 expression to separate information dependencies and independencies. This allows pre-computation of intermediate temporal values in parallel to the calculation of other independent values. Exploiting the information dependencies, the fundamental operational block of SHA-1 is modified so that maximum operation frequency is increased by 30% approximately with negligible area penalty compared to other academic and commercial implementations. The proposed SHA-1 hash function was prototyped and verified using a XILINX FPGA device. The implementation's characteristics are compared to alternative implementations proposed by the academia and the industry, which are available in the international IP market. The proposed implementation achieved a throughput that exceeded 2,5 Gbps, which is the highest among all similar IP cores for the targeted XILINX technology.
HW/SW Co-design Integrating High-Speed Authentication Module for IPSec/IPv6
2010 Fifth International Conference on Digital Telecommunications, 2010
E.U. has set a special goal for 2010 which is the adoption, by at least 25%, of IPv6. IPv6 incorporates the usage of IPSec which provides cryptographic services to every data packet which is transmitted via Internet. This means that there is a major need for High Speed designs of IPSec protocol. It has been shown that the limiting factor of IPSec performance is the incorporated hash function. Hash functions, form a special family of cryptographic algorithms that satisfy current requirements for security, confidentiality and validity for several applications in technology. In this paper we propose a hardware design and implementation that increases throughput and frequency significantly and at the same time keeps the area small enough for the hash function RIPEMD-160. This technique involves the application of partial unrolling and spatial pre-computation. The proposed technique leads to an implementation with 35% higher throughput than the conventional one.
High throughput implementation of the new Secure Hash Algorithm through partial unrolling
… Systems Design and …, 2005
A design approach to create small-sized high-speed implementation of the new version of Secure Hash Algorithm is proposed. The resulted design can be easily embedded to operate in HMAC IP cores, providing a high degree of security. The proposed implementation does not introduce significant area penalty, compared to other competitive designs. However the achieved throughput presents an increase compared to commercially available IP cores that range from 43%-1830%.
Design and performance analysis of a unified, reconfigurable HMAC-Hash unit
Hash functions are important security primitives used for authentication and data integrity. Among the most popular hash functions are MD5, SHA-1, and RIPEMD-160, which are all based on the function MD4. This similarity can be exploited for designing a unified engine to perform all three hash functions. Hash message authentication code (HMAC) is a shared-key security algorithm that uses these hash functions alternatively for IPSec authentication. Since some other security applications, such as digital signature, also use these three hash functions, it is prudent to design a unified, reconfigurable engine that can perform any one of them alone or with HMAC. In this work, we design an HMAC-hash unit that can be reconfigured to perform one of six standard security algorithms; namely, MD5, SHA-1, RIPEMD-160, HMAC-MD5, HMAC-SHA-1, and HMAC-RIPEMD-160. This paper applied pipelining and parallelism to the design of the HMAC-hash unit to improve throughput, especially for large message sizes. We achieved higher throughput than engines that integrated three hash functions or more and comparable throughput to those integrated only two hash functions. Arabia. His research interests include system-on-a-chip (SoC) designs, hardware implementations of security and cryptographic algorithms, and compression and compaction of test vectors. He published several journal and conference papers in the areas of his research. . He teaches courses on digital systems design, computer architecture and parallel processing, VLSI system design methodology, fault-tolerant computing, digital system testing, data structures and non-numeric computation, and discrete mathematics and computing logic. His research interests include fault tolerance of parallel and distributed systems, computer network reliability-based optimization techniques, information security, VLSI design and implementation of algorithms, testing and design for testability, and multiple-valued logic system design. He is the author and coauthor of more than 130 scientific papers published in journals and conference proceedings. He has authored one book on
Hashing and Message Authentication Code Implementation. An Embedded Approach
Scientific Bulletin of Naval Academy, 2019
There are different methods by which a message hashing could be embedded in a communications network, therefore different approaches are described in this research to protect the hash value of a message. The structure of a cryptographically secure function (SHA-512) is presented along with the low-level algorithm sequence. Subsequently is detailed the Hash-based Message Authentication Code (HMAC) produced by concatenating a secret key and message, after which the composite message is hashed. However, the HMAC numerical structure and the specific operating algorithm are explained in detail to the logical gate level. Finally, several considerations regarding the low-level implementation of the code are concluded.
On the exploitation of a high-throughput SHA-256 FPGA design for HMAC
ACM Transactions on Reconfigurable Technology and Systems, 2012
High-throughput and area-efficient designs of hash functions and corresponding mechanisms for Message Authentication Codes (MACs) are in high demand due to new security protocols that have arisen and call for security services in every transmitted data packet. For instance, IPv6 incorporates the IPSec protocol for secure data transmission. However, the IPSec's performance bottleneck is the HMAC mechanism which is responsible for authenticating the transmitted data. HMAC's performance bottleneck in its turn is the underlying hash function. In this article a high-throughput and small-size SHA-256 hash function FPGA design and the corresponding HMAC FPGA design is presented. Advanced optimization techniques have been deployed leading to a SHA-256 hashing core which performs more than 30% better, compared to the next better design. This improvement is achieved both in terms of throughput as well as in terms of throughput/area cost factor. It is the first reported SHA-256 hashing...
Design and Implementation of SHA2 IP Core for lightweight applications
Protecting a system against intrusion and data theft requires it to provide appropriate levels of both design security and data security. To achieve this, an efficient crypto system should be employed in the design of embedded systems. In this paper, the design and implementation of a crypto hash SHA-256 logic core suitable for embedded environment in reconfigurable hardware is presented. It also discusses the various applications of the design in the embedded areas. Verilog HDL was used to model the hardware. With the Crypto SoC implemented in Altera Cyclone II FPGA running on 50 MHz system clock, a throughput of 560 Mbps was obtained for the SHA-256 core.
An FPGA design of a unified hash engine for IPSec authentication
Fifth International Workshop on System-on-Chip for Real-Time Applications (IWSOC'05), 2005
Hash functions are important security primitives used for authentication and data integrity. Among the most popular hash functions are MD5, SHA-1, and RIPEMD-160 that are used in conjunction with HMAC for IPSec. These three hash functions are based on an older one, MD4. Therefore, they have some similarities that can be exploited for designing a unified engine to perform the three hash functions. A unified engine design proves useful since the three algorithms are to be used by same implementation on the same core for authentication and data integrity using HMAC for IPSec. In this work, we design a SoC with a unified hash engine that can be reconfigured at runtime to perform one of the three hash functions. The results of our work show that the proposed engine has a balance between area and throughput compared to previous works.