Design and performance analysis of a reconfigurable, unified HMAC-hash unit for IPSec authentication

Files

Khan_E_PhD.pdf (21.55 MB)

Date

2009-12-15T23:06:57Z

Authors

Khan, Esam Ali Hasan

Journal Title

Journal ISSN

Volume Title

Publisher

Abstract

In this dissertation, we discuss the design of a reconfigurable, unified HMAC-hash unit for IPSec authentication. The proposed unit is reconfigurable at runtime to enable implementing any of six standard algorithms: MD5, SHA-1, RIPEMD-160. HMAC-MD5. HMAC-SHA-1, and HMAC-RIPEMD-160. The designed unit can be used for IPSec or any other security application that uses hash functions, such as digital signature. We applied speedup techniques, such as pipelining and parallelism, to enhance the design of the HMAC-hash unit. We also proposed a key reuse technique to improve the HMAC through-put. We used an emerging system design methodology in designing the HNLAC-hash unit. This methodology uses a high level language, Handel-C, to implement the designed unit and directly map it to FPGA platforms. We used the available constructs of Handel-C to conduct a design space exploration of the HMAC-hash unit. The performance of the designed unit was analyzed and compared to performance reported in previous work. To our knowledge, this work is the first in the literature that integrates six standard hash algorithms in one unified, reconfigurable unit. It is also the first in the literature that implements HMAC-RIPEMD-160 on FPGA. The work reported in this dissertation is the first to integrate HMAC with three hash functions. The achieved throughput is 173.69 Mbps for MD5 and 139.38 Mbps for each of SHA-I and RIPEMD-160. Compared to results reported in previous work, our unit achieves better throughput than those integrating three or more hash functions and a comparable throughput to those integrating two hash functions. We achieved better maximum frequency, which is 44.1 MHz. than all other work. We achieved comparable results to those integrating HMAC with some hash functions. The area utilization of the designed unit is less than 33% of the available logic on the FPGA chip we used. Thus, the designed unit can fit on a single FPGA chip as an SoC.

Description

Keywords

IPSec (computer network protocol)

Citation

URI

http://hdl.handle.net/1828/1981

Collections

ETD (Electronic Theses and Dissertations)
Theses (Electrical and Computer Engineering)
 
University of Victoria Libraries

We acknowledge and respect the Lək̓ʷəŋən (Songhees and Esquimalt) Peoples on whose territory the university stands, and the Lək̓ʷəŋən and W̱SÁNEĆ Peoples whose historical relationships with the land continue to this day.