DOI QR코드

DOI QR Code

A Security SoC supporting ECC based Public-Key Security Protocols

ECC 기반의 공개키 보안 프로토콜을 지원하는 보안 SoC

  • Kim, Dong-Seong (School of Electronic Engineering, Kumoh National Institute of Technology) ;
  • Shin, Kyung-Wook (School of Electronic Engineering, Kumoh National Institute of Technology)
  • Received : 2020.07.28
  • Accepted : 2020.08.01
  • Published : 2020.11.30

Abstract

This paper describes a design of a lightweight security system-on-chip (SoC) suitable for the implementation of security protocols for IoT and mobile devices. The security SoC using Cortex-M0 as a CPU integrates hardware crypto engines including an elliptic curve cryptography (ECC) core, a SHA3 hash core, an ARIA-AES block cipher core and a true random number generator (TRNG) core. The ECC core was designed to support twenty elliptic curves over both prime field and binary field defined in the SEC2, and was based on a word-based Montgomery multiplier in which the partial product generations/additions and modular reductions are processed in a sub-pipelining manner. The H/W-S/W co-operation for elliptic curve digital signature algorithm (EC-DSA) protocol was demonstrated by implementing the security SoC on a Cyclone-5 FPGA device. The security SoC, synthesized with a 65-nm CMOS cell library, occupies 193,312 gate equivalents (GEs) and 84 kbytes of RAM.

모바일 장치와 IoT의 보안 프로토콜 구현에 적합한 경량 보안 SoC 설계에 대해 기술한다. Cortex-M0을 CPU로 사용하는 보안 SoC에는 타원곡선 암호 (elliptic curve cryptography) 코어, SHA3 해시 코어, ARIA-AES 블록 암호 코어 및 무작위 난수 생성기 (TRNG) 코어 등의 하드웨어 크립토 엔진들이 내장되어 있다. 핵심 연산장치인 ECC 코어는 SEC2에 정의된 20개의 소수체와 이진체 타원곡선을 지원하며, 부분곱 생성 및 가산 연산과 모듈러 축약 연산이 서브 파이프라인 방식으로 동작하는 워드 기반 몽고메리 곱셈기를 기반으로 설계되었다. 보안 SoC를 Cyclone-5 FPGA 디바이스에 구현하고 타원곡선 디지털 서명 프로토콜의 H/W-S/W 통합 검증을 하였다. 65-nm CMOS 셀 라이브러리로 합성된 보안 SoC는 193,312 등가 게이트와 84 kbyte의 메모리로 구현되었다.

Keywords

References

  1. A. P. Deb Nath, S. Ray, A. Basak, and S. Bhunia, "Systemon-chip security architecture and CAD framework for hardware patch," 2018 23rd Asia and South Pacific Design Automation Conference (ASP-DAC), pp. 733-738, 2018.
  2. P. Choi, "Design and Implementation of High-Performance and Low-Complexity Security System on Chip (SoC)," Ph.D Dissertation, Hanyang University, Aug. 2017.
  3. NIST Std. FIPS-197, Advanced Encryption Standard, National Institute of Standard and Technology (NIST), Nov. 2001.
  4. KS X 1213, 128 bit Block Encryption Algorithm ARIA, Korean Agency for Technology and Standards, Dec. 2004.
  5. NIST Std. FIPS PUB 186-2, Digital Signature Mechanism with Appendix (Part 3) Korean Certificate- based Digital Signature Algorithm using Elliptic Curve, Telecommunications Technology Association, Dec. 2012.
  6. R. Rivest, A. Shamir, and L. Adleman, "A method for obtaining Digital Signatures and Public-Key Cryptosystem," Communications of Association for Computing Machinery (ACM), vol. 21, no. 2, pp. 120- 126, Feb. 1978. https://doi.org/10.1145/359340.359342
  7. NIST std. FIPS 180-2, Secure Hash Standard (SHS), National Institute of Standard and Technology (NIST), Oct. 2001.
  8. NIST std. FIPS PUB 202, SHA3 Standard: PermutationBased Hash and Extendable-Output function, Aug. 2015.
  9. D. Johnson and A. Menezes, "The Elliptic Curve Digital Signature Algorithm (ECDSA)," University of Waterloo, 1999. Available: http://cacr.math.waterloo.ca
  10. Certicom, Standards for Efficient Cryptography, SEC 2: Recommended Elliptic Curve Domain Parameters, Version 1.0, Sep. 2000.
  11. D.S. Kim, "Design of Security SoC Embedded with ECC Core and SHA3 Hash Core," Master Thesis, Kumoh National Institute of Technology, Feb. 2020.
  12. D. S. Kim and K. W. Shin, "Montgomery Multiplier Supporting Dual-Field Modular Multiplication," Journal of the Korea Institute of Information and Communication Engineering, vol. 24, no. 6, pp. 736-743, Jun. 2020.
  13. D. S. Kim and K. W. Shin, "An Optimized Hardware Implementation of SHA-3 Hash Functions," Journal of the Institute of Korean Electrical and Electronics Engineers, vol. 22, no. 4, pp. 886-895, Dec. 2018.
  14. K. B. Kim and K. W. Shin, "A Unified ARIA-AES Cryptographic Processor Supporting Four Modes of Operation and 128/256-bit Key Lengths," Journal of the Korea Institute of Information and Communication Engineering, vol. 21, no. 4, pp. 795-803, Apr. 2017. https://doi.org/10.6109/jkiice.2017.21.4.795