A security coprocessor for next generation IP telephony: architecture, abstraction, and strategies




Fayed, Mohamed Abdelfattah

Journal Title

Journal ISSN

Volume Title



In this dissertation, four approaches to improve Voice over Internet Protocol (VoIP) security is proposed. The first two approaches are aimed at encrypting/decrypting and authenticating VoIP packets, whereas the last two approaches are aimed at key exchange and user authentication. For the first contribution, a reconfigurable, high throughput hardware implementation for the different block cipher operational modes is proposed. The proposed architecture is unified: and it combines multiple related functions on the same architecture. In other words, it has the ability to encrypt/decrypt a plaintext/ciphertext efficiently using different operational modes. Moreover, it has the ability to ensure data integrity using different operational modes. The proposed architecture is tested using the most widely used block ciphers: DES, TDES, AES-128 AES-192, AES-256, and IDEA. The proposed architecture implementation i, ;anal z d and evaluated in comparing it against other iniplenientaticls. Eta, the second contribution, a high speed, deep-pipelined architecture for AES algorithm based on the composite field approach targeting VoIP applications is proposed. A new algorithm for finding the isomorphic mapping matrix to work for any irreducible polynomial, not only the primitive polynomials, is proposed. Moreover, the modified algorithm is used to find the optimum matrix that gives the minimum delay. The matrix is then used to implement the SubBytes/InvSubBytes transformation using composite fields, which in turn allows Its to design a very high speed deep-pipelined architecture. As a result of using the optimized matrix, a processing throughput of 49.401 Gbps is achieved, which is twice as fast as the fastest design introduced before. Another feature of this architecture is the separation of the encryption circuit from the decryption circuit to allow concurrent encryption and decryption, which facilitates full duplex encryption/decryption for VolP applications. For the third contribution. a high speed. low area ALU to perform field operations required for cryptographic applications is proposed. Although the proposed architecture- works for any cryptographic application, an ECC implementation for VoIP applications is targeted. A processor array design space exploration for GF(2m) multiplier is conducted, fins exploration results in different processor array configurations. Among these configurations, the fastest one is chosen since VolP applications are targeted. The multiplier architecture is then modified to work as a squarer. Based on the multiplier architecture, a unified architecture to calculate addition, multiplication, squaring, and inversion is proposed. The overall area is optimized by using three type's ''1 processing elements instead NI using a . e!;'tdeir processing element everywhere. NIST-recommended irreducible polynomials is used. which makes our deign secure and more suitable for cryptographic applications. The proposed architecture is implemented for GF(2 163). GF(2 283) and GF(2 571) on a Xilinx XC2V 4000-6 device to verify the proposed architecture and measure its performance. A maximum frequency of 261 MHz is achieved- which allows the architecture to calculate GE(2 163) multiplication in 640 ns and inversion in 1-40.357. As a fourth contribution. a high speed ECC architecture based on a high-radix scalar multiplication is proposed. This architecture is optimized for VoIP applications First. a new high-radix scalar multiplication algorithm is proposed. Then. a merged double-and-add elliptic curve ALU based on the proposed algorithm is designed. The merged double-and-add ALU combines point doubling and adding operations on one architecture. which in turn reduces the critic-al path delay. The ECC' processor utilizes the previously proposed field ALU. which implements Addition. squaring. multiplication. and division over GF(2m) A maximum frequency of 253 MHz is achieved. which allows the architecture to calculate GF(2 163) scalar multiplication for radix 2 8 in 9 u.s. At a minimum our results for GF(2 163). show a speedup ranging from 1.5 to 326 times in comparison to previous FPGA implementations and a speedup ranging from 1.1 to .5.6 times in comparison to previous ASPIC implementations.



Internet, VoIP