Unified Compact ECC-AES Co-Processor with Group-Key Support for IoT Devices in Wireless Sensor Networks
Abstract
:1. Introduction
- S is a Sensor device only generating information that can be collected and processed by smart device B.
- B is a smart device that can generate and receive information from different devices (S, D1, D2), and communicate with the Gateway G for accessing the Internet.
- D1 and D2 are smart devices with sensors and programmable features that can be controlled by B or devices from the Internet through Gateway G.
- A is an actuator device that can be remotely controlled from the Internet through Gateway G.
- G is a Gateway providing access to the elements in the WSN to the Internet.
2. Security in Local Wireless Sensor Networks
2.1. Encryption of Communications
- Pre-shared keys [15,16]. The simplest method for distributing keys is to use a pre-shared key stored in the involved nodes before deployment. This method has the advantage of minimal memory and computation requirements, but also has three important drawbacks: if one of the nodes is compromised, the entire network will be compromised, and keys can not be changed without updating the firmware/software of all the nodes. Moreover, the use of the same key for all communications gives a lot of information to attackers in order to derive the key.
- List of pre-shared keys [15]. The method of pre-sharing a key can be improved by distributing a list of pre-shared keys to the nodes. In this case, any of the keys can be used in communications, thus making the derivation of the key by eavesdropping more difficult at the expense of more memory requirements. The other two drawbacks are not solved: key change is limited to the pre-shared list, thus if one node is compromised, again the entire network is compromised.
- Random and Multipath methods. More sophisticated proposals for distributing pre-shared keys based on random lists and multipath methods [17] provide mechanisms for avoiding the compromising of the entire network when one/some nodes is/are jeopardized. These methods are based on symmetric-key cryptosystems.
2.2. Authentication
2.3. Hardware/Software Protection
3. ECC Cryptography for IoT WSNs
- ECC operations are accelerated, thus allowing keys to be renewed frequently.
- MPU is freed of complex cryptographic operations.
3.1. ECC Key Management
3.2. Group Key Protocol for Local WSNs
- User computes the first common key .
- User computes and chooses that will be his new private key.
- User broadcasts
- Every user , computes
- User chooses a new private key given by .
- User computes the new key .
- User broadcasts the rekeying message
- Every user , computes .
4. ECC163AES128 Cryptoprocessor for IoT Devices
- ECC support for curves over field included in the FIPS standard [37], for achieving high security levels. To achieve lower area resources, we have selected the minor-size field available in ECC standards [35,36,37], but providing guaranteed security levels. We have also included support for pseudo-random curves, and not only Koblitz as it is usual in ECC co-processors.
- Group key management support. This implies to make available point addition/subtraction additionally to scalar-point operation.
- AES support. For freeing completely the MPU of cryptographic operations, we include in the same design AES-128 symmetric encryption according to standard [10].
- A 32-bit interface, for easing interconnectivity with 8-bit, 16-bit and 32-bit MPUs/CPUs
- Mode 0 (ECC): The processor operates in “ECC” mode, allowing to implement an ECC public-key cryptosystem.
- Mode 1 (AES): The processor operates in “AES” mode, allowing encrypting/decrypting using AES-128.
4.1. AES-128 Support
- First, we have designed a shared interface register between AES processing blocks, and ECC ones. This interface register has a 32-bit input, and a 163-bit output, as shown in Figure 3. In addition, it has a serial output (which will be commented later, when describing ECC-163 blocks), and control inputs for 32-bit parallel loading along to 32-bit displacement (load_desp) and 1-bit shifting (shift). The area requirement for this interface register is 163 LUTs. Note that there are no 128-bit (or 163-bit) parallel input to this register, saving 162 LUTs (if the parallel input is included, area occupancy is 325 LUTs). This area saving is 8% of the total area required by the entire cryptoprocessor.
- The absence of 128-bit parallel input in reg_interface prevents it from being used as the state register required by AES operations [10]. Therefore, the second novelty consists in introducing this register in the embedded RAM blocks, thus requiring 12 163-bit words for AES operations (11 words for key schedule and one additional for implementing the state register). Again, for optimizing resources, we will share embedded RAM blocks with ECC-163 processing blocks, it being the reason for defining a word-width of 163 bits.
4.2. ECC-163 Support
Algorithm 1 Montgomery ladder algorithm |
Require: k, P Ensure: 1: 2: for do 3: if then 4: 5: else 6: 7: end if 8: end for 9: return |
Algorithm 2 Montgomery ladder over projective coordinates, making explicit field operations |
Require: k, Ensure: 1: 2: for do 3: if then 4: 5: 6: else 7: 8: 9: end if 10: end for 11: 12: 13: return |
- Addition. Addition over is performed by xoring bit-by-bit the binary representation of each field element. Its implementation requires m XOR gates.
- Multiplication. In order to optimize area resources, we have selected a bit-serial implementation [47] requiring only 511 LUTs in a Spartan 6 device for . This implementation requires m clock cycles for completing multiplication (combinational multipliers such as [48,49] can perform multiplication in only one cycle but at the expense of immoderate area requirements). Digit-serial implementations can diminish the number of clock cycles, but generating an increase in area resources [41].
- Inversion. Inversion is the most costly operation, but usign Algorithm 2, it is required only three times. It can be computed attending to two mathematical theorems: the Extended Euclides Algorithm (EEA) and the Little Fermat Theorem (LFT). On the one hand, there are EEA implementations allowing inversion in m clock cycles [51,52], or digit-serial implementations [41], reducing the number of clock cycles at the expense of higher area requirements. On the other hand, the Little Fermat Theorem establishes that the multiplicative inverse in a finite field can be obtained from:IEEE standard 1363–2000 [35] proposes an algorithm applying successive squarings, completing the inversion in m clock cycles. Another possibility is the use of the Itoh–Tsujii Algorithm (ITA) [53,54], optimizing the number of steps for the exponentiation calculus. Taking into account that our design is oriented to optimize area resources, we have selected the inversion algorithm of [35], enabling the computing of inversion using multiplications and squarings, thus avoiding to introduce a specific inversion unit.
- The use of the shared interface register (reg_interface) as the index k, taking advantage of the serial output (Figure 3) along to the control signal shift. This avoids the use of any other register in the processing unit.
- The register bank, implemented into embedded RAM blocks, is shared with AES support, thus making available 12 registers because of AES key schedule requirements. Therefore, there are more registers available than strictly required by Algorithm 2. Taking advantage of that, the use of pseudo-random curves can be enabled without extra area requirements.
4.2.1. Mode “0”, Oper “00”: SP_B-163
4.2.2. Mode “0”, Oper “00” Result Retrieval
4.2.3. Mode “0”, Oper “01”: SP_Custom
4.2.4. Mode “0”, Oper “10”: PA_B-163
4.3. Control Unit
- IO/loading set. This set of micro-instructions controls the loading of external data, and operations with the reg_interfaz register.
- AES set. This set includes instructions for performing AES operations.
- ECC set. Includes micro-instructions related to ECC operations
- MEM_A set. Set of instructions for exchanging values among registers in dp_RAM, using port A of dp_RAM.
- MEM_B set. Set of instructions for exchanging values among registers in dp_RAM, using port B of dp_RAM.
5. Results
5.1. Comparison to Other Designs
5.2. Proof of Concept
6. Conclusions
Acknowledgments
Author Contributions
Conflicts of Interest
References
- Weber, R.J. Internet of things—New security and privacy challenges. Comput. Law Secur. Rev. 2010, 26, 23–30. [Google Scholar] [CrossRef]
- Miorandi, D.; Sicari, S.; De Pellegrini, F.; Chlamtac, I. Internet of things: Vision, applications and research challenges. Ad Hoc Netw. 2012, 10, 1497–1516. [Google Scholar] [CrossRef]
- Roman, R.; Zhou, J.; López, J. On the features and challenges of security and privacy in distributed internet of things. Comput. Netw. 2013, 57, 2266–2279. [Google Scholar] [CrossRef]
- Xu, T.; Wendt, J.B.; Potkonjak, M. Security of IoT systems: Design challenges and opportunities. In Proceedings of the 2014 IEEE/ACM International Conference on Computer-Aided Design, San Jose, CA, USA, 2–6 November 2014; IEEE Press: Piscataway, NJ, USA, 2014; pp. 417–423, ISBN 978-1-4799-6277-8. [Google Scholar]
- Granjal, J.; Monteiro, E.; Silva, J.S. Security for the internet of things: A survey of existing protocols and open research issues. IEEE Commun. Surv. Tutor. 2015, 17, 1294–1312. [Google Scholar] [CrossRef]
- Chan, H.; Perrig, A. Security and privacy in sensor networks. Computer 2003, 36, 103–105. [Google Scholar] [CrossRef]
- Perrig, A.; Stankovic, J.; Wagner, D. Security in wireless sensor networks. Commun. ACM 2004, 47, 53–57. [Google Scholar] [CrossRef]
- He, D.; Chan, S.; Guizani, M. Cyber Security Analysis and Protection of Wireless Sensor Networks for Smart Grid Monitoring. IEEE Wirel. Commun. 2017. [Google Scholar] [CrossRef]
- Ma, D.; Tsudik, G. Security and privacy in emerging wireless networks. IEEE Wirel. Commun. 2010, 17. [Google Scholar] [CrossRef]
- FIPS. Announcing the Advanced Encryption Standard (AES); FIPS PUB 197; Federal Information Processing Standards Publication: Gaithersburg, MD, USA, 2003.
- Rivest, R.L.; Shamir, A.; Adleman, L. A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 1978, 21. [Google Scholar] [CrossRef]
- Somani, U.; Lakhani, K.; Mundra, M. Implementing digital signature with RSA encryption algorithm to enhance the Data Security of cloud in Cloud Computing. In Proceedings of the 1st International Conference on Parallel Distributed and Grid Computing (PDGC), Solan, India, 28–30 October 2010; pp. 211–216, ISBN 978-1-4244-7675-6. [Google Scholar]
- Koblitz, N. Elliptic curve cryptosystems. Math. Comput. 1987, 48, 203–209. [Google Scholar] [CrossRef]
- Bos, J.W.; Halderman, J.A.; Heninger, N.; Moore, J.; Naehrig, M.; Wustrow, E. Elliptic curve cryptography in practice. In Proceedings of the International Conference on Financial Cryptography and Data Security, Christ Church, Barbados, 3–7 March 2014; Springer: Berlin/Heidelberg, Germany, 2014; pp. 157–175, ISBN 978-3-662-45471-8. [Google Scholar]
- Xiao, Y.; Rayi, V.K.; Sun, B.; Du, X.; Hu, F.; Galloway, M. A survey of key management schemes in wireless sensor networks. Comput. Commun. 2007, 30, 2314–2341. [Google Scholar] [CrossRef]
- Eschenauer, L.; Gligor, V.D. A key-management scheme for distributed sensor networks. In Proceedings of the 9th ACM Conference on Computer and Communications Security, Washington, DC, USA, 18–22 November 2002; ACM: New York, NY, USA, 2002; pp. 41–47, ISBN 1-58113-612-9. [Google Scholar]
- Chan, H.; Perrig, A.; Song, D. Random key predistribution schemes for sensor networks. In Proceedings of the 2003 IEEE Symposium on Security and Privacy, Berkeley, CA, USA, 11–14 May 2003; pp. 197–213, ISBN 0-7695-1940-7. [Google Scholar]
- Lopez-Ramos, J.A.; Rosenthal, J.; Schipani, D.; Schnyder, R. An application of group theory in confidential network communications. Math. Methods Appl. Sci. 2016. [Google Scholar] [CrossRef]
- Xilinx. Avnet Spartan 6 LX9 Microboard. Available online: http://www.xilinx.com/products/boards-and-kits/1-3i2dfk.html (accessed on 4 December 2017).
- De Canniere, C.T. A stream cipher construction inspired by block cipher design principles. In Proceedings of the 9th International Conference on Information Security (ISC’06), Samos, Greece, 30 August–2 September 2006; Springer: Berlin/Heidelberg, Germany, 2006; pp. 171–186. [Google Scholar]
- Malan, D.J.; Welsh, M.; Smith, M.D. A public-key infrastructure for key distribution in TinyOS based on elliptic curve cryptography. In Proceedings of the First Annual IEEE Communications Society Conference on Sensor and Ad Hoc Communications and Networks, Santa Clara, CA, USA, 4–7 October 2004; ISBN 0-7803-8796-1. [Google Scholar]
- Park, Y.; Park, Y. Three-factor user authentication and key agreement using elliptic curve cryptosystem in wireless sensor networks. Sensors 2016, 16, 2123. [Google Scholar] [CrossRef] [PubMed]
- Jung, J.; Moon, J.; Lee, D.; Won, D. Efficient and Security Enhanced Anonymous Authentication with Key Agreement Scheme in Wireless Sensor Networks. Sensors 2017, 17, 644. [Google Scholar] [CrossRef] [PubMed]
- Vanstone, S.A. Efficient and Security Enhanced Anonymous Authentication with Key Agreement Scheme in Wireless Sensor Networks. Comput. Secur. 2003, 22, 412–415. [Google Scholar] [CrossRef]
- Lauter, K. The Advantages of Elliptic Curve Cryptography for Wireless Security. IEEE Wirel. Commun. 2004, 11, 62–67. [Google Scholar] [CrossRef]
- Batina, L.; Mentens, N.; Sakiyama, K.; Preneel, N.; Verbauwhede, I. Low-Cost Elliptic Curve Cryptography for Wireless Sensor Networks. In Security and Privacy in Ad-Hoc and Sensor Networks; Lecture Notes in Computer Science; Springer: Berlin/Heidelberg, Germany, 2004; Volume 4357, pp. 6–17. ISBN 978-3-540-69172-3. [Google Scholar]
- Pecori, R. S-Kademlia: A trust and reputation method to mitigate a Sybil attack in Kademlia. Comput. Netw. 2016, 94, 205–218. [Google Scholar] [CrossRef]
- Pecori, R. A comparison analysis of trust-adaptive approaches to deliver signed public keys in P2P systems. In Proceedings of the 7th International Conference on New Technologies, Mobility and Security (NTMS), Paris, France, 27–29 July 2015; pp. 1–5, ISBN 978-1-4799-8784-9. [Google Scholar]
- Levis, P.; Madden, S.; Polastre, J.; Szewczyk, R.; Whitehouse, K.; Woo, A.; Gay, D.; Hill, J.; Welsh, M.; Brewer, E.; et al. TinyOS: An operating system for sensor networks. Ambient Intell. 2005, 35, 115–148. [Google Scholar]
- Karlof, C.; Sastry, N.; Wagner, D. TinySec: A link layer security architecture for wireless sensor networks. In Proceedings of the 2nd International Conference on Embedded Networked Sensor Systems (SenSys’04), Baltimore, MD, USA, 3–5 November 2004; pp. 162–175, ISBN 1-58113-879-2. [Google Scholar]
- Castillo, E.; Meyer-Baese, U.; García, A.; Parrilla, L.; Lloris, A. IPP@HDL: Efficient Intellectual Property Protection Scheme for IP Cores. IEEE Trans. Very Large Scale Integr. Syst. 2007, 15, 578–591. [Google Scholar] [CrossRef]
- Parrilla, L.; Castillo, E.; Todorovich, E.; García, A.; Morales, D.P.; Botella, G. Improvements for the applicability of power-watermarking to embedded IP cores protection: E-coreIPP. Digit. Signal Process. 2015, 44, 110–122. [Google Scholar] [CrossRef]
- Parrilla, L.; Castillo, E.; Meyer-Baese, U.; García, A.; González, D.; Todorovich, E.; Boemo, E.I.; Lloris, A. Watermarking strategies for IP protection of micro-processor cores. In Proceedings of the Independent Component Analyses, Wavelets, Neural Networks, Biosystems, and Nanoengineering VIII, Orlando, FL, USA, 13 April 2010. [Google Scholar] [CrossRef]
- Parrilla, L.; Castillo, E.; Morales, D.P.; García, A. Hardware activation by means of PUFs and elliptic curve cryptography in field-programmable devices. Electronics 2016, 5, 5. [Google Scholar] [CrossRef]
- IEEE. IEEE Standard Specifications for Public-Key Cryptography; IEEE Std 1363-2000; IEEE: Piscataway, NJ, USA, 2000; ISBN 978-0-7381-1957-1. [Google Scholar]
- IEEE. IEEE Standard Specifications for Public-Key Cryptography—Amendment 1: Additional Techniques; IEEE Std 1363a-2004; IEEE: Piscataway, NJ, USA, 2004; ISBN 978-0-7381-4004-9. [Google Scholar]
- FIPS. Digital Signature Standard (DSS); FIPS PUB 186-4; FEderal Information Processing Standards Publication: Gaithersburg, MD, USA, 2013.
- Chelton, W.N.; Benaissa, M. Fast Elliptic Curve Cryptography on FPGA. IEEE Trans. Very Large Scale Integr. Syst. 2008, 16, 198–205. [Google Scholar] [CrossRef]
- Orlando, G.; Paar, C. A High Performance Reconfigurable Elliptic Curve Processor for GF(2m). In Proceedings of the International Conference on Cryptographic Hardware and Embedded Systems, Worcester, MA, USA, 17–18 August 2000; Springer: Heidelberg, Germany, 2000; Volume 1965, pp. 41–56, ISBN 978-3-540-41455-1. [Google Scholar]
- Pu, Q.; Huang, J. A Microcoded Elliptic Curve Processor for GF(2m) Using FPGA Technology. In Proceedings of the 2006 International Conference on Communications, Circuits and Systems, Guilin, China, 25–28 June 2006; Volume 4, pp. 2771–2775, ISBN 0-7803-9584-0. [Google Scholar]
- Sutter, G.; Deschamps, J.; Imaña, J. Efficient Elliptic Curve Point Multiplication using Digit Serial Binary Field Operations. IEEE Trans. Ind. Electron. 2013, 60, 217–225. [Google Scholar] [CrossRef]
- Ansari, B.; Hasan, M.A. High-performance architecture of elliptic curve scalar multiplication. IEEE Trans. Comput. 2008, 57, 1443–1453. [Google Scholar] [CrossRef]
- Bengherbia, B.; Zmirli, M.O.; Toubal, A.; Guessoum, A. FPGA-based wireless sensor nodes for vibration monitoring system and fault diagnosis. Measurement 2017, 101, 81–92. [Google Scholar] [CrossRef]
- De La Piedra, A.; Braeken, A.; Touhafi, A. Sensor systems based on FPGAs and their applications: A survey. Sensors 2012, 12, 12235–12264. [Google Scholar] [CrossRef]
- Chodowiec, P.; Gaj, K. Very compact FPGA implementation of the AES algorithm. In International Workshop on Cryptographic Hardware and Embedded Systems; Springer: Berlin/Heidelberg, Germany, 2003. [Google Scholar]
- Hankerson, D.; Menezes, A.J.; Vanstone, S. Guide to Elliptic Curve Cryptography; Springer Science & Business Media: Berlin, Germany, 2006; ISBN 0-387-95273-X. [Google Scholar]
- Deschamps, J.P. Hardware Implementation of Finite-Field Arithmetic; McGraw-Hill, Inc.: New York, NY, USA, 2009; ISBN 9780071545815. [Google Scholar]
- Karatsuba, A. The complexity of computations. Proc. Steklov Inst. Math. 1995, 211, 169–183. [Google Scholar]
- Rodríguez-Henríquez, F.; Koc, C.K. On Fully Parallel Karatsuba Multipliers for GF(2m). In Proceedings of the International Conference on Computer Science and Technology (CST 2003); Cancun, Mexico, 19–21 May 2003; pp. 405–410. [Google Scholar]
- Lloris, A.; Castillo, E.; Parrilla, L.; García, A. Algebraic Circuits; Springer: Berlin/Heidelberg, Germany, 2014; ISBN 978-3-642-54648-8. [Google Scholar]
- Brunner, H.; Curiger, A.; Hofstetter, M. On Computing Multiplicative Inverses in GF(2m). IEEE Trans. Comp. 1993, 42, 1010–1015. [Google Scholar] [CrossRef]
- Yan, Z.; Sarwate, D.V. New Systolic Architectures for Inversion and Division in GF(2m). IEEE Trans. Comput. 2003, 52, 1514–1519. [Google Scholar] [CrossRef]
- Itoh, T.; Tsujii, S. A Fast Algorithm For Computing Multiplicative Inverses in GF(2m) Using Normal Bases. Inf. Comput. 1998, 78, 171–177. [Google Scholar] [CrossRef]
- Parrilla, L.; Lloris, A.; Castillo, E.; Garcia, A. Minimum-clockcycle Itoh-Tsujii algorithm hardware implementation for cryptography applications over GF(2m) fields. Electron. Lett. 2012, 48, 1126–1128. [Google Scholar] [CrossRef]
- Lee, J.; Kapitanova, K.; Son, S.H. The price of security in wireless sensor networks. Comput. Netw. 2010, 54, 2967–2978. [Google Scholar] [CrossRef]
- Leong, P.H.W.; Leung, I.K. A microcoded elliptic curve processor using FPGA technology. IEEE Trans. Very Large Scale Integr. Syst. 2002, 10, 550–559. [Google Scholar] [CrossRef]
- Wallner, D. T80 Core. Available online: http://opencores.org/project,t80 (accessed on 4 December 2017).
- Wold, K.; Tan, C.H. Analysis and enhancement of random number generator in FPGA based on oscillator rings. Int. J. Reconfig. Comput. 2009, 4. [Google Scholar] [CrossRef]
- Thomas, D.B.; Luk, W. Fpga-optimised uniform random number generators using luts and shift registers. In Proceedings of the 2010 International Conference on Field Programmable Logic and Applications (FPL), Milano, Italy, 31 August–2 September 2010; pp. 77–82. [Google Scholar]
Mode | Oper | Operation Name | Function |
---|---|---|---|
00 | SP_B163 | Scalar-Point operation over theNIST B-163 Curve | |
0 | 01 | SP_Custom | Scalar-Point operation over a custom curve in |
(ECC) | 10 | PA_B163 | Point addition over the B-163 curve |
11 | PA_Custom | Point addition over a custom curve in | |
00 | key_schedule | Generates the key schedule, and stores it in the RAM | |
1 | 01 | encrypt | Encrypts a 128-bit block using the key schedule in memory |
(AES) | 10 | decrypt | Decrypts a 128-bit block using the key schedule in memory |
11 | reserved | Reserved for future use |
Signal | I/O | Width | Function |
---|---|---|---|
reset | input | 1 | resets the core |
clk | input | 1 | clock input |
start | input | 1 | control signal, starting operations |
ack_proc | input | 1 | control signal, acknowledging data reception from the MPU |
mode | input | 1 | selects mode of the cryptoprocessor (‘0’ for ECC, ‘1’ for AES) |
oper | input | 2 | selects the operation to perform. (See Table 1) |
i_port | input | 32 | data required by the core for performing the different operations |
ready | output | 1 | control signal, indicating the core is ready for receiving data |
done | output | 1 | control signal, indicating the core has finished an operation |
o_port | output | 32 | output for providing the result from the operation completed by the core |
Set | Micro-Instruction | Function |
---|---|---|
NOP | No I/O operation | |
IREADY | output ready set to ‘1’ | |
ILOAD | reg_interfaz loaded with block from i_port | |
ILOADKEY | reg_interfaz loaded with internal key block | |
ILOADREG | reg_interfaz loaded with internal register block | |
IO/loading set | ISHIFT | reg_interfaz shifted |
IDONE | output done set to ‘1’ | |
IDREADY | outputs done and ready set to ‘1’ | |
ISETA | set value of a parameter of elliptic curve to FIPS B-163 value | |
ILOADA | load value of a parameter corresponding to a custom elliptic curve | |
NOPAES | No AES operation | |
XORKEY | XOR with key AES operation | |
BLINITAES | AES block counter initialization | |
BLCNTAES | AES block counter update | |
AES set | ROUND_INIT | AES round counter initialization |
ROUND_CNT | AES round counter update | |
BLINITRNDCNT | AES block and round counters initialization | |
XORBLCNT | XOR with key and block counter update | |
XORRNDCNT | XOR with key and round counter update | |
NOPARITH | NO ECC operation | |
BLINITECC | ECC block counter initialization | |
BLCNTECC | ECC block counter updated | |
CNTLOAD | ECC loop counter initialization | |
ECC set | CNTCOUNT | ECC loop counter update |
MULINIT | Field multiplier initialization | |
MULCOUNT | Field multiplier initialization and ECC loop counter update | |
INITCNTINV | Field inversion counter initialization | |
CNTINV | Field inversion counter update |
Device | # LUTs/LEs | # BRAMs | Fmax (MHz) |
---|---|---|---|
Cyclone II | |||
EP2C20F484C7 | 2910 (LEs) | 26,532 bits | 103 |
(Intel) | |||
Cyclone II | |||
EP2C35F672C6 | 2983 (LEs) | 26,532 bits | 97.7 |
(Intel) | |||
Spartan 3AN | |||
xc3s700an-4fgg484 | 2824 (LUT4s) | 11 | 54.9 |
(Xilinx) | |||
Spartan 6 | |||
xc6slx9-2csg324 | 2101 (LUT6s) | 5 RAM16 +6 RAM8 | 61.0 |
(Xilinx) | |||
Spartan 6 | |||
xc6slx45t-3cfgg484 | 2122 (LUT6s) | 5 RAM16 +6 RAM8 | 67.0 |
(Xilinx) | |||
Virtex 6 | |||
xc6vlx240t-1ff1156 | 2121 (LUT6s) | 5 RAM36+ 6 RAM18 | 83.8 |
(Xilinx) |
Device | 53 Cycles | 117 Cycles | 171070 Cycles | 2174 Cycles |
---|---|---|---|---|
Cyclone II | 2.12 us @25 MHZ | 4.65 us @25 MHZ | 6.84 ms @25 MHZ | 87 us @25 MHZ |
EP2C20F484C7 | 1.06 us @50 MHZ | 2.34 us @50 MHZ | 3.42 ms @50 MHZ | 43.5 us @50 MHZ |
(Intel) | 0.52 us @Fmax | 1.14 us @Fmax | 1.67 ms @Fmax | 21.2 us @Fmax |
Cyclone II | 2.12 us @25 MHZ | 4.65 us @25 MHZ | 6.84 ms @25 MHZ | 87 us @25 MHZ |
EP2C35F672C6 | 1.06 us @50 MHZ | 2.34 us @50 MHZ | 3.42 ms @50 MHZ | 43.5 us @50 MHZ |
(Intel) | 0.54 us @Fmax | 1.20 us @Fmax | 1.75 ms @Fmax | 22.3 us @Fmax |
Spartan 3AN | 2.12 us @25 MHZ | 4.65 us @25 MHZ | 6.84 ms @25 MHZ | 87 us @25 MHZ |
xc3s700an-4fgg484 | 1.06 us @50 MHZ | 2.34 us @50 MHZ | 3.42 ms @50 MHZ | 43.5 us @50 MHZ |
(Xilinx) | 0.96 us @Fmax | 2.13 us @Fmax | 3.12 ms @Fmax | 39.7 us @Fmax |
Spartan 6 | 2.12 us @25 MHZ | 4.65 us @25 MHZ | 6.84 ms @25 MHZ | 87 us @25 MHZ |
xc6slx9-2csg324 | 1.06 us @50 MHZ | 2.34 us @50 MHZ | 3.42 ms @50 MHZ | 43.5 us @50 MHZ |
(Xilinx) | 0.87 us @Fmax | 1.92 us @Fmax | 2.81 ms @Fmax | 35.7 us @Fmax |
Spartan 6 | 2.12 us @25 MHZ | 4.65 us @25 MHZ | 6.84 ms @25 MHZ | 87 us @25 MHZ |
SP-605 | 1.06 us @50 MHZ | 2.34 us @50 MHZ | 3.42 ms @50 MHZ | 43.5 us @50 MHZ |
(Xilinx) | 0.79 us @Fmax | 1.75 us @Fmax | 2.55 ms @Fmax | 32.5 us @Fmax |
Virtex 6 | 2.12 us @25 MHZ | 4.65 us @25 MHZ | 6.84 ms @25 MHZ | 87 us @25 MHZ |
xc6vlx240t-1ff1156 | 1.06 us @50 MHZ | 2.34 us @50 MHZ | 3.42 ms @50 MHZ | 43.5 us @50 MHZ |
(Xilinx) | 0.63 us @Fmax | 1.40 us @Fmax | 2.00 ms @Fmax | 26.0 us @Fmax |
Design | # LUTs/LEs | # BRAMs | AES Support | |||
---|---|---|---|---|---|---|
ECC163AES128 | 5 BRAM16 | |||||
(Spartan 6) | 2101 | 6 BRAM8 | Yes | 5.3 us | 17.1 ms | 218 us |
xc6slx9-2csg324 | (100%) | (100%) | (100%) | (100%) | ||
De la Piedra ECC-163 [44] | 2 RAM36 | |||||
(Artix 7) | 2412 | 21 RAM18 | Yes | 5.50 us | 83.9 ms | 253 us |
XC7A100TL | (115%) | 38 DSPs | (104%) | (490%) | (116%) | |
Leong ECC-155 [56] | 3736 | – | No | – | 24.9 ms | – |
(Virtex E) | ||||||
XCV1000-6 | ||||||
Orlando ECC-167 [39] | 3002 | 10 | No | – | 1.61 ms | – |
(Virtex E) | ||||||
XCV400E-8-BG-432 | ||||||
Pu ECC-167 [40] | 3023 | 10 | No | – | 1.58 ms | – |
(Virtex E) | ||||||
XCV400E-8-BG-432 |
Operation | Time (Node 01) | Time (Node 02) |
---|---|---|
Private key generation | 12 ms | 11 ms |
Public key derivation | 17 ms | 16 ms |
Public key transmission | 65 ms | 96 ms |
Public key reception | 96 ms | 66 ms |
Secret value derivation | 15 ms | 16 ms |
Total time | 205 ms | 205 ms |
© 2018 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).
Share and Cite
Parrilla, L.; Castillo, E.; López-Ramos, J.A.; Álvarez-Bermejo, J.A.; García, A.; Morales, D.P. Unified Compact ECC-AES Co-Processor with Group-Key Support for IoT Devices in Wireless Sensor Networks. Sensors 2018, 18, 251. https://doi.org/10.3390/s18010251
Parrilla L, Castillo E, López-Ramos JA, Álvarez-Bermejo JA, García A, Morales DP. Unified Compact ECC-AES Co-Processor with Group-Key Support for IoT Devices in Wireless Sensor Networks. Sensors. 2018; 18(1):251. https://doi.org/10.3390/s18010251
Chicago/Turabian StyleParrilla, Luis, Encarnación Castillo, Juan A. López-Ramos, José A. Álvarez-Bermejo, Antonio García, and Diego P. Morales. 2018. "Unified Compact ECC-AES Co-Processor with Group-Key Support for IoT Devices in Wireless Sensor Networks" Sensors 18, no. 1: 251. https://doi.org/10.3390/s18010251
APA StyleParrilla, L., Castillo, E., López-Ramos, J. A., Álvarez-Bermejo, J. A., García, A., & Morales, D. P. (2018). Unified Compact ECC-AES Co-Processor with Group-Key Support for IoT Devices in Wireless Sensor Networks. Sensors, 18(1), 251. https://doi.org/10.3390/s18010251