Font Size: a A A

A Security Coprocessor Based On RISC-Ⅴ Custom Instructions

Posted on:2023-08-06Degree:MasterType:Thesis
Country:ChinaCandidate:L H PanFull Text:PDF
GTID:2558306767964579Subject:Cyberspace security
Abstract/Summary:
With the development of Internet of Things(Io T)technology and the further formation of an intelligent society,embedded Io T devices are increasingly used in the field of livelihood.And with the wide deployment of Io T devices,their information security issues are getting more and more serious.The RISC-Ⅴ instruction set architecture is an open-source reduced instruction set.Its modular design philosophy enhances the scalability of the processor structure and makes it useful in both high-performance processor and embedded systems.In addition,the RISC-Ⅴ architecture is also extensible,providing easy implementation of the domain-specific architec-ture.RISC-Ⅴ-based security domain-specific architectures are one of the future directions for security systems in lightweight devices.Random number generation,key exchange and data encryption are basic information security requirements for Io T devices.This paper proposes a prototype RISC-Ⅴ extended instruction-driven security coprocessor designed to provide basic security services for the Io T field.A true random number generator(TRNG)is one of the indispensable components of a se-curity system and is the basis for providing security for most cryptographic algorithms.The entropy of random number is one of the important indicators to measure the performance of TRNGs.In this paper,we improve on the existing digital circuit-based true random number generator architecture to obtain higher entropy and provide 32-bit true random number services for applications through RISC-Ⅴ extended instruction channels.With different entropy indi-cators and three standard test suites,this paper demonstrates that the proposed TRNG has the highest entropy level among the existing implementations compared,with a Min-Entropy of0.9995 per bit.The proposed TRNG provides true random number services not only for the application directly,but also other functional modules of the coprocessor.ECDH is a very widely used key exchange protocol whose security relies on the discrete logarithm problem on the elliptic curve(ECDLP),and therefore cannot be separated from the scalar multiplication operation on the elliptic curve.However,the design of the ECDH pro-tocol does not take care of two characteristics of Io T,i.e.,resource-constrained and network heterogeneity.To address these two characteristics,this paper improves the ECDH protocol and proposes the asymmetric ECDH(Asy ECDH)protocol,which aims to adapt the distribu-tion of the protocol computation to the resources of the constrained devices.The security and performance of the improved protocol are analyzed and evaluated in the article.Support for the Asy ECDH key exchange protocol is also integrated in the security coprocessor for providing session keys to AES application modules.the AES module implements parallel memory access through a separate memory channel of the NICE interface for efficient implementation of AES application tasks.This paper also presents the prototype construction of a secure coprocessor based on the FPGA platform.With the designed three types of custom instructions and software-compiled generic instructions,the prototype coprocessor can perform random number generation,key exchange,and AES applications in different work modes.Thanks to the AES key cache and key exchange modules set internally,the coprocessor allows not provide any interface to read session keys,thus providing good forward secrecy in the face of malware.Finally,the article conducts functional verification and performance evaluation experiments on the coprocessor prototype,and the experimental results illustrate higher throughput rates for larger workloads when performing AES application tasks,and the ability to execute cryptographic instructions at a throughput rate of about 500 Mbps even when allocating less than 500 bytes of memory space.This paper also conducts ASIC post-simulation experiments based on TSMC-65nm process,and the results show that the energy efficiency of the AES module is about 5.69p J/bit-1when performing encryption tasks,which has the same implementation area and energy efficiency level compared to similar implementations.
Keywords/Search Tags:RISC-Ⅴ instruction set architecture, security coprocessor, ECDH, true random number generator, AES
Related items