Cryptographic protection of block-oriented storage devices using AES-XTS in FPGA
In recent years security has been a common concern for the data in-transit between communication networks as well as data at-rest in storage devices. Storage encryption (data at-rest) has now become an important aspect in today’s computing environment. User data stored in computing devices that inc...
Main Author: | |
---|---|
Format: | Thesis |
Language: | English |
Published: |
2013
|
Subjects: | |
Online Access: | http://psasir.upm.edu.my/id/eprint/47942/1/FK%202013%2032R.pdf |
_version_ | 1796974888118910976 |
---|---|
author | Ahmed, Shakil |
author_facet | Ahmed, Shakil |
author_sort | Ahmed, Shakil |
collection | UPM |
description | In recent years security has been a common concern for the data in-transit between communication networks as well as data at-rest in storage devices. Storage encryption
(data at-rest) has now become an important aspect in today’s computing environment. User data stored in computing devices that includes computers, personal digital assistant (PDA), flash drives and external hard drive are getting vulnerable to security attacks. Keeping this in view, IEEE P1619 Security in Storage Working Group (SISWG)
proposed a standard for security of static data. One of the components of this standard is the cryptographic protection of data on block-storage devices. This standard uses AESXTS
as a building block for the protection of data. For an effective storage encryption implementation, two well known methods are software based encryption and hardware
based encryption.
Software based encryption is relatively slow, consumes more power and also not secure but one of its advantage is that is economically feasible. Hardware based encryption are more secure since it is embedded into the drive and cannot be altered easily compared to software based encryption. At the same time, efforts have been made for the standardization of hardware-based encryption that could promote interoperability between products. Implementations based on hardware are further categorized into two;
Application Specific Integrated Circuits (ASICs) and FPGAs (Field Programmable Gate Arrays). FPGAs offer several advantages in comparison to ASICS which are its time to
market and overall cost. Although ASIC implementation of Hard disk drives (HDDs) could be more cost effective for high volume production and more enhanced performance but our work is targeting an initial level of implementation on FPGA whose initial cost of manufacturing is almost negligible.
In this thesis, different FPGA implementations of AES-XTS are proposed. First we present our sub-module optimizations with the comparison to other existing submodules.
These designed sub-modules namely substitution box, TBOX and tweak value computation, were optimized in terms of area being utilized by FPGA. These different sub-modules were then integrated into different AES-XTS designs. Four different kind of designs namely iterative, iterative based memory, parallel and pipelined designs were given. These different designs were being compared in terms of several performance parameters to few available AES-XTS designs to date. In order to implement the designs Xilinx ISE webpack software was used, a well known FPGA simulator. Several parameters are being measured and compared to show the
performance of implemented designs. In addition AES-XTS decryption modules were also designed. Also the parallel AES-XTS encryption and decryption design were used
to develop integrated chip of AES-XTS on FPGA. The results show that pipelined implementation has outperformed all other implementations. In terms of throughput, the
pipelined implementation has shown an improvement of 7.5% to that of unrolled parallel design and about 10 fold increase to iterative design. Further the proposed designs have provided comparative solution for currently available AES-XTS designs which showed significant improvements. The pipelined algorithm has provided an improvement of
around 2.8 fold increase in efficiency (Mbps/Slice) to current AES-XTS available design. Also Integrated AES-XTS core has shown an improvement of around 2.4 fold
increase in efficiency (Mbps/Slice) to existing AES integrated designs. |
first_indexed | 2024-03-06T09:03:34Z |
format | Thesis |
id | upm.eprints-47942 |
institution | Universiti Putra Malaysia |
language | English |
last_indexed | 2024-03-06T09:03:34Z |
publishDate | 2013 |
record_format | dspace |
spelling | upm.eprints-479422016-07-28T07:40:04Z http://psasir.upm.edu.my/id/eprint/47942/ Cryptographic protection of block-oriented storage devices using AES-XTS in FPGA Ahmed, Shakil In recent years security has been a common concern for the data in-transit between communication networks as well as data at-rest in storage devices. Storage encryption (data at-rest) has now become an important aspect in today’s computing environment. User data stored in computing devices that includes computers, personal digital assistant (PDA), flash drives and external hard drive are getting vulnerable to security attacks. Keeping this in view, IEEE P1619 Security in Storage Working Group (SISWG) proposed a standard for security of static data. One of the components of this standard is the cryptographic protection of data on block-storage devices. This standard uses AESXTS as a building block for the protection of data. For an effective storage encryption implementation, two well known methods are software based encryption and hardware based encryption. Software based encryption is relatively slow, consumes more power and also not secure but one of its advantage is that is economically feasible. Hardware based encryption are more secure since it is embedded into the drive and cannot be altered easily compared to software based encryption. At the same time, efforts have been made for the standardization of hardware-based encryption that could promote interoperability between products. Implementations based on hardware are further categorized into two; Application Specific Integrated Circuits (ASICs) and FPGAs (Field Programmable Gate Arrays). FPGAs offer several advantages in comparison to ASICS which are its time to market and overall cost. Although ASIC implementation of Hard disk drives (HDDs) could be more cost effective for high volume production and more enhanced performance but our work is targeting an initial level of implementation on FPGA whose initial cost of manufacturing is almost negligible. In this thesis, different FPGA implementations of AES-XTS are proposed. First we present our sub-module optimizations with the comparison to other existing submodules. These designed sub-modules namely substitution box, TBOX and tweak value computation, were optimized in terms of area being utilized by FPGA. These different sub-modules were then integrated into different AES-XTS designs. Four different kind of designs namely iterative, iterative based memory, parallel and pipelined designs were given. These different designs were being compared in terms of several performance parameters to few available AES-XTS designs to date. In order to implement the designs Xilinx ISE webpack software was used, a well known FPGA simulator. Several parameters are being measured and compared to show the performance of implemented designs. In addition AES-XTS decryption modules were also designed. Also the parallel AES-XTS encryption and decryption design were used to develop integrated chip of AES-XTS on FPGA. The results show that pipelined implementation has outperformed all other implementations. In terms of throughput, the pipelined implementation has shown an improvement of 7.5% to that of unrolled parallel design and about 10 fold increase to iterative design. Further the proposed designs have provided comparative solution for currently available AES-XTS designs which showed significant improvements. The pipelined algorithm has provided an improvement of around 2.8 fold increase in efficiency (Mbps/Slice) to current AES-XTS available design. Also Integrated AES-XTS core has shown an improvement of around 2.4 fold increase in efficiency (Mbps/Slice) to existing AES integrated designs. 2013-10 Thesis NonPeerReviewed application/pdf en http://psasir.upm.edu.my/id/eprint/47942/1/FK%202013%2032R.pdf Ahmed, Shakil (2013) Cryptographic protection of block-oriented storage devices using AES-XTS in FPGA. PhD thesis, Universiti Putra Malaysia. Data encryption (Computer science) Data structures Computer science |
spellingShingle | Data encryption (Computer science) Data structures Computer science Ahmed, Shakil Cryptographic protection of block-oriented storage devices using AES-XTS in FPGA |
title | Cryptographic protection of block-oriented storage devices using AES-XTS in FPGA |
title_full | Cryptographic protection of block-oriented storage devices using AES-XTS in FPGA |
title_fullStr | Cryptographic protection of block-oriented storage devices using AES-XTS in FPGA |
title_full_unstemmed | Cryptographic protection of block-oriented storage devices using AES-XTS in FPGA |
title_short | Cryptographic protection of block-oriented storage devices using AES-XTS in FPGA |
title_sort | cryptographic protection of block oriented storage devices using aes xts in fpga |
topic | Data encryption (Computer science) Data structures Computer science |
url | http://psasir.upm.edu.my/id/eprint/47942/1/FK%202013%2032R.pdf |
work_keys_str_mv | AT ahmedshakil cryptographicprotectionofblockorientedstoragedevicesusingaesxtsinfpga |