Cryptographic protection of block-oriented storage devices using AES-XTS in FPGA

In recent years security has been a common concern for the data in-transit between communication networks as well as data at-rest in storage devices. Storage encryption (data at-rest) has now become an important aspect in today’s computing environment. User data stored in computing devices that inc...

Full description

Bibliographic Details
Main Author: Ahmed, Shakil
Format: Thesis
Language:English
Published: 2013
Subjects:
Online Access:http://psasir.upm.edu.my/id/eprint/47942/1/FK%202013%2032R.pdf
_version_ 1796974888118910976
author Ahmed, Shakil
author_facet Ahmed, Shakil
author_sort Ahmed, Shakil
collection UPM
description In recent years security has been a common concern for the data in-transit between communication networks as well as data at-rest in storage devices. Storage encryption (data at-rest) has now become an important aspect in today’s computing environment. User data stored in computing devices that includes computers, personal digital assistant (PDA), flash drives and external hard drive are getting vulnerable to security attacks. Keeping this in view, IEEE P1619 Security in Storage Working Group (SISWG) proposed a standard for security of static data. One of the components of this standard is the cryptographic protection of data on block-storage devices. This standard uses AESXTS as a building block for the protection of data. For an effective storage encryption implementation, two well known methods are software based encryption and hardware based encryption. Software based encryption is relatively slow, consumes more power and also not secure but one of its advantage is that is economically feasible. Hardware based encryption are more secure since it is embedded into the drive and cannot be altered easily compared to software based encryption. At the same time, efforts have been made for the standardization of hardware-based encryption that could promote interoperability between products. Implementations based on hardware are further categorized into two; Application Specific Integrated Circuits (ASICs) and FPGAs (Field Programmable Gate Arrays). FPGAs offer several advantages in comparison to ASICS which are its time to market and overall cost. Although ASIC implementation of Hard disk drives (HDDs) could be more cost effective for high volume production and more enhanced performance but our work is targeting an initial level of implementation on FPGA whose initial cost of manufacturing is almost negligible. In this thesis, different FPGA implementations of AES-XTS are proposed. First we present our sub-module optimizations with the comparison to other existing submodules. These designed sub-modules namely substitution box, TBOX and tweak value computation, were optimized in terms of area being utilized by FPGA. These different sub-modules were then integrated into different AES-XTS designs. Four different kind of designs namely iterative, iterative based memory, parallel and pipelined designs were given. These different designs were being compared in terms of several performance parameters to few available AES-XTS designs to date. In order to implement the designs Xilinx ISE webpack software was used, a well known FPGA simulator. Several parameters are being measured and compared to show the performance of implemented designs. In addition AES-XTS decryption modules were also designed. Also the parallel AES-XTS encryption and decryption design were used to develop integrated chip of AES-XTS on FPGA. The results show that pipelined implementation has outperformed all other implementations. In terms of throughput, the pipelined implementation has shown an improvement of 7.5% to that of unrolled parallel design and about 10 fold increase to iterative design. Further the proposed designs have provided comparative solution for currently available AES-XTS designs which showed significant improvements. The pipelined algorithm has provided an improvement of around 2.8 fold increase in efficiency (Mbps/Slice) to current AES-XTS available design. Also Integrated AES-XTS core has shown an improvement of around 2.4 fold increase in efficiency (Mbps/Slice) to existing AES integrated designs.
first_indexed 2024-03-06T09:03:34Z
format Thesis
id upm.eprints-47942
institution Universiti Putra Malaysia
language English
last_indexed 2024-03-06T09:03:34Z
publishDate 2013
record_format dspace
spelling upm.eprints-479422016-07-28T07:40:04Z http://psasir.upm.edu.my/id/eprint/47942/ Cryptographic protection of block-oriented storage devices using AES-XTS in FPGA Ahmed, Shakil In recent years security has been a common concern for the data in-transit between communication networks as well as data at-rest in storage devices. Storage encryption (data at-rest) has now become an important aspect in today’s computing environment. User data stored in computing devices that includes computers, personal digital assistant (PDA), flash drives and external hard drive are getting vulnerable to security attacks. Keeping this in view, IEEE P1619 Security in Storage Working Group (SISWG) proposed a standard for security of static data. One of the components of this standard is the cryptographic protection of data on block-storage devices. This standard uses AESXTS as a building block for the protection of data. For an effective storage encryption implementation, two well known methods are software based encryption and hardware based encryption. Software based encryption is relatively slow, consumes more power and also not secure but one of its advantage is that is economically feasible. Hardware based encryption are more secure since it is embedded into the drive and cannot be altered easily compared to software based encryption. At the same time, efforts have been made for the standardization of hardware-based encryption that could promote interoperability between products. Implementations based on hardware are further categorized into two; Application Specific Integrated Circuits (ASICs) and FPGAs (Field Programmable Gate Arrays). FPGAs offer several advantages in comparison to ASICS which are its time to market and overall cost. Although ASIC implementation of Hard disk drives (HDDs) could be more cost effective for high volume production and more enhanced performance but our work is targeting an initial level of implementation on FPGA whose initial cost of manufacturing is almost negligible. In this thesis, different FPGA implementations of AES-XTS are proposed. First we present our sub-module optimizations with the comparison to other existing submodules. These designed sub-modules namely substitution box, TBOX and tweak value computation, were optimized in terms of area being utilized by FPGA. These different sub-modules were then integrated into different AES-XTS designs. Four different kind of designs namely iterative, iterative based memory, parallel and pipelined designs were given. These different designs were being compared in terms of several performance parameters to few available AES-XTS designs to date. In order to implement the designs Xilinx ISE webpack software was used, a well known FPGA simulator. Several parameters are being measured and compared to show the performance of implemented designs. In addition AES-XTS decryption modules were also designed. Also the parallel AES-XTS encryption and decryption design were used to develop integrated chip of AES-XTS on FPGA. The results show that pipelined implementation has outperformed all other implementations. In terms of throughput, the pipelined implementation has shown an improvement of 7.5% to that of unrolled parallel design and about 10 fold increase to iterative design. Further the proposed designs have provided comparative solution for currently available AES-XTS designs which showed significant improvements. The pipelined algorithm has provided an improvement of around 2.8 fold increase in efficiency (Mbps/Slice) to current AES-XTS available design. Also Integrated AES-XTS core has shown an improvement of around 2.4 fold increase in efficiency (Mbps/Slice) to existing AES integrated designs. 2013-10 Thesis NonPeerReviewed application/pdf en http://psasir.upm.edu.my/id/eprint/47942/1/FK%202013%2032R.pdf Ahmed, Shakil (2013) Cryptographic protection of block-oriented storage devices using AES-XTS in FPGA. PhD thesis, Universiti Putra Malaysia. Data encryption (Computer science) Data structures Computer science
spellingShingle Data encryption (Computer science)
Data structures
Computer science
Ahmed, Shakil
Cryptographic protection of block-oriented storage devices using AES-XTS in FPGA
title Cryptographic protection of block-oriented storage devices using AES-XTS in FPGA
title_full Cryptographic protection of block-oriented storage devices using AES-XTS in FPGA
title_fullStr Cryptographic protection of block-oriented storage devices using AES-XTS in FPGA
title_full_unstemmed Cryptographic protection of block-oriented storage devices using AES-XTS in FPGA
title_short Cryptographic protection of block-oriented storage devices using AES-XTS in FPGA
title_sort cryptographic protection of block oriented storage devices using aes xts in fpga
topic Data encryption (Computer science)
Data structures
Computer science
url http://psasir.upm.edu.my/id/eprint/47942/1/FK%202013%2032R.pdf
work_keys_str_mv AT ahmedshakil cryptographicprotectionofblockorientedstoragedevicesusingaesxtsinfpga