English
Start your crypto engine--cryptographic acceleration in SoCs
By Michael Bowler, Al Hawtin, Elliptic Semiconductor Inc.
April 21, 2006
Cryptographic offload engines span such markets as DRM, VPN, Storage and MACsec. Implementing configurable engines enables you to meet performance requirements while preserving gate count economics required by end market cost goals of SoC designers. Here's how.
Encryption requirements are now found in almost every new SoC design. From digital rights management, through storage security and virtual private network (VPN) applications, security is becoming a mandatory feature. The throughput requirement in modern networks is also rising significantly and as such the processing required for encryption and decryption is substantial. This article focuses on symmetric offload in a packet processing system for IPsec but the concepts apply equally well to SSL, SRTP and link security. The assumption is that the keys have already been derived through an administrative process or key exchange through asymmetric cryptography in software and therefore the SoC designer is focusing on the bulk encryption and hashing of packets in a virtual private networking (VPN) enabled gateway design.
A typical SoC architecture for such a gateway is shown in Figure 1. This approach to cryptographic offload is sometimes referred to as look-aside security offload in contrast to a flow through engine which captures VPN traffic directly from the MAC and processes it in line without significant processor interaction. The crypto engines presented in this paper are optimal in gate count and throughput for applications in gateways, security appliances and handheld devices. The engines scale well in throughput from 1 Mbps up to 1 Gbps. Flow-through engines are best suited for ultra-high performance applications at 1 to 10 Gbps rates in high end security appliances.
April 21, 2006
Cryptographic offload engines span such markets as DRM, VPN, Storage and MACsec. Implementing configurable engines enables you to meet performance requirements while preserving gate count economics required by end market cost goals of SoC designers. Here's how.
Encryption requirements are now found in almost every new SoC design. From digital rights management, through storage security and virtual private network (VPN) applications, security is becoming a mandatory feature. The throughput requirement in modern networks is also rising significantly and as such the processing required for encryption and decryption is substantial. This article focuses on symmetric offload in a packet processing system for IPsec but the concepts apply equally well to SSL, SRTP and link security. The assumption is that the keys have already been derived through an administrative process or key exchange through asymmetric cryptography in software and therefore the SoC designer is focusing on the bulk encryption and hashing of packets in a virtual private networking (VPN) enabled gateway design.
A typical SoC architecture for such a gateway is shown in Figure 1. This approach to cryptographic offload is sometimes referred to as look-aside security offload in contrast to a flow through engine which captures VPN traffic directly from the MAC and processes it in line without significant processor interaction. The crypto engines presented in this paper are optimal in gate count and throughput for applications in gateways, security appliances and handheld devices. The engines scale well in throughput from 1 Mbps up to 1 Gbps. Flow-through engines are best suited for ultra-high performance applications at 1 to 10 Gbps rates in high end security appliances.
|
E-mail This Article | 
|
|
Printer-Friendly Page |
Related Articles
- Select the Right Microcontroller IP for Your High-Integrity SoCs
- Right-Sizing Your Cryptographic Processing Solution
- DSP options to accelerate your DSP+FPGA design
- Soc Design -> Soft design for cryptographic engine
- The Ideal Crypto Coprocessor with Root of Trust to Support Customer Complete Full Chip Evaluation: PUFcc gained SESIP and PSA Certified™ Level 3 RoT Component Certification
New Articles
- Accelerating RISC-V development with Tessent UltraSight-V
- Automotive Ethernet Security Using MACsec
- What is JESD204C? A quick glance at the standard
- Optimizing Power Efficiency in SOC with PVT Sensor-Assisted DVFS Technology
- Bandgap Reference (BGR) Circuit Design and Transient Analysis in 90nm VLSI Technology
Most Popular
- System Verilog Assertions Simplified
- Accelerating RISC-V development with Tessent UltraSight-V
- System Verilog Macro: A Powerful Feature for Design Verification Projects
- Understanding Logic Equivalence Check (LEC) Flow and Its Challenges and Proposed Solution
- Design Rule Checks (DRC) - A Practical View for 28nm Technology