Abstract
Modern mobile devices like cell phones or PDAs allow for a level of network connectivity similar to that of standard PCs, making access to the Internet possible from anywhere at anytime. Going along with this evolution is an increasing demand for cryptographically secure network connections with such resource-restricted devices. The Secure Sockets Layer (SSL) protocol is the current de-facto standard for secure communication over an insecure network like the Internet and provides protection against eavesdropping, message forgery and replay attacks. To achieve this, the SSL protocol employs a set of computation-intensive cryptographic algorithms, in particular public-key algorithms, which can result in unacceptably long delays on devices with modest processing capabilities. In this paper we introduce a hardware/software co-design approach for accelerating SSL protocol execution in resource-restricted devices. The software part of our co-design consists of MatrixSSLTM, a lightweight SSL implementation into which we integrated elliptic curve cryptography (ECC) to speed up the public-key operations performed during the SSL handshake. The hardware part comprises a SPARC V8 compliant processor core with instruction set extensions to support the low-level arithmetic operations carried out in ECC. Our co-design executes a full SSL handshake using an elliptic curve over a 192-bit prime field in less than 300 msec when the SPARC processor is clocked at 20 MHz. A pure software implementation like OpenSSL is, depending on the field type and order, up to a factor of 10 slower than our co-design solution.
Chapter PDF
Similar content being viewed by others
Keywords
- Elliptic Curve
- Elliptic Curve Cryptography
- Modular Exponentiation
- Secure Socket Layer
- Transport Layer Security
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Apostolopoulos, G., Peris, V.G., Pradhan, P., Saha, D.: Securing electronic commerce: Reducing the SSL overhead. IEEE Network 14(4), 8–16 (2000)
Argyroudis, P.G., Verma, R., Tewari, H., O’Mahony, D.E.: Performance analysis of cryptographic protocols on handheld devices. In: Proceedings of the 3rd IEEE International Symposium on Network Computing and Applications (NCA 2004), pp. 169–174. IEEE Computer Society Press, Los Alamitos (2004)
Berbecaru, D.G.: On measuring SSL-based secure data transfer with handheld devices. In: Proceedings of 2nd IEEE International Symposium on Wireless Communication Systems (ISWCS 2005), pp. 409–413. IEEE, Los Alamitos (2005)
Blake, I.F., Seroussi, G., Smart, N.P.: Advances in Elliptic Curve Cryptography. Cambridge University Press, Cambridge (2005)
Blake-Wilson, S., Bolyard, N., Gupta, V., Hawk, C., Möller, B.: Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS). Internet Engineering Task Force, Network Working Group, RFC 4492 (May 2006)
Brown, M.K., Cheung, D.C., Hankerson, D.R., López Hernández, J.C., Kirkup, M.G., Menezes, A.J.: PGP in constrained wireless devices. In: Proceedings of the 9th USENIX Security Symposium (SECURITY 2000), pp. 247–261. USENIX Association (2000)
Coarfa, C., Druschel, P., Wallach, D.S.: Performance analysis of TLS Web servers. ACM Transactions on Computer Systems 24(1), 39–69 (2006)
Dierks, T., Rescorla, E.K.: The Transport Layer Security (TLS) Protocol Version 1.1. Internet Engineering Task Force, Network Working Group, RFC 4346 (2006)
Freier, A.O., Karlton, P., Kocher, P.C.: The SSL Protocol Version 3.0. Internet Draft (November 1996), http://wp.netscape.com/eng/ssl3/draft302.txt
Gaisler, J.: The LEON-2 Processor User’s Manual (Version 1.0.10) (January 2003), http://www.gaisler.com/doc/leon2-1.0.10.pdf
Großschädl, J., Kamendje, G.-A.: Architectural enhancements for Montgomery multiplication on embedded RISC processors. In: Zhou, J., Yung, M., Han, Y. (eds.) ACNS 2003. LNCS, vol. 2846, pp. 418–434. Springer, Heidelberg (2003)
Großschädl, J., Savaş, E.: Instruction set extensions for fast arithmetic in finite fields GF(p) and GF(2m). In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 133–147. Springer, Heidelberg (2004)
Großschädl, J., Tillich, S., Szekely, A., Wurm, M.: Cryptography instruction set extensions to the SPARC V8 architecture (submitted for publication) (2007)
Gupta, V., Gupta, S.: Experiments in wireless internet security. In: Proceedings of the 3rd IEEE Conference on Wireless Communications and Networking (WCNC 2002), vol. 2, pp. 860–864. IEEE, Los Alamitos (2002)
Gupta, V., Gupta, S., Chang Shantz, S., Stebila, D.: Performance analysis of elliptic curve cryptography for SSL. In: Proceedings of the 3rd ACM Workshop on Wireless Security (WiSe 2002), pp. 87–94. ACM Press, New York (2002)
Gupta, V., Stebila, D., Fung, S., Chang Shantz, S., Gura, N., Eberle, H.: Speeding up secure Web transactions using elliptic curve cryptography. In: Proceedings of the 11th Annual Network and Distributed System Security Symposium (NDSS 2004), pp. 231–239 (2004)
Gura, N., Chang Shantz, S., Eberle, H., Gupta, S., Gupta, V., Finchelstein, D., Goupy, E., Stebila, D.: An end-to-end systems approach to elliptic curve cryptography. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 349–365. Springer, Heidelberg (2003)
Gutmann, P.: Performance characteristics of application-level security protocols (2005), http://www.cs.auckland.ac.nz/~pgut001/pubs/app_sec.pdf
Hankerson, D.R., Menezes, A.J., Vanstone, S.A.: Guide to Elliptic Curve Cryptography. Springer, Heidelberg (2004)
Institute of Electrical and Electronics Engineers (IEEE). IEEE Std 1363-2000: IEEE Standard Specifications for Public-Key Cryptography (August 2000)
Karatsuba, A.A., Ofman, Y.P.: Multiplication of multidigit numbers on automata. Soviet Physics - Doklady 7(7), 595–596 (1963)
Koç, Ç.K., Acar, T., Kaliski, B.S.: Analyzing and comparing Montgomery multiplication algorithms. IEEE Micro 16(3), 26–33 (1996)
Koschuch, M., Großschädl, J., Payer, U., Hudler, M., Krüger, M.: Workload characterization of a lightweight SSL implementation resistant to side-channel attacks. In: Franklin, M.K., Hui, L.C.K., Wong, D.S. (eds.) CANS 2008. LNCS, vol. 5339, pp. 349–365. Springer, Heidelberg (2008)
Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)
Montgomery, P.L.: Modular multiplication without trial division. Mathematics of Computation 44(170), 519–521 (1985)
National Institute of Standards and Technology (NIST). Recommendation for Key Management – Part 1: General (Revised). Special Publication 800-57 (March 2007), http://csrc.nist.gov/publications/PubsSPs.html
National Security Agency (NSA). NSA Suite B Cryptography. Fact sheet (March 2008), http://www.nsa.gov/ia/programs/suiteb_cryptography/
OpenSSL Project. OpenSSL 0.9.7k. (September 2006), http://www.openssl.org
PeerSec Networks, Inc. MatrixSSL 1.7.1. (2005), http://www.matrixssl.org
Potlapally, N.R., Ravi, S., Raghunathan, A., Jha, N.K.: A study of the energy consumption characteristics of cryptographic algorithms and security protocols. IEEE Transactions on Mobile Computing 5(2), 128–143 (2006)
Potlapally, N.R., Ravi, S., Raghunathan, A., Lakshminarayana, G.: Optimizing public-key encryption for wireless clients. In: Proceedings of the 37th IEEE International Conference on Communications (ICC 2002), vol. 2, pp. 1050–1056. IEEE, Los Alamitos (2002)
Ravi, S., Raghunathan, A., Potlapally, N.R.: Securing wireless data: System architecture challenges. In: Proceedings of the 15th International Symposium on System Synthesis (ISSS 2002), pp. 195–200. ACM Press, New York (2002)
Rescorla, E.K.: SSL and TLS: Designing and Building Secure Systems. Addison-Wesley, Reading (2000)
Standards for Efficient Cryptography Group (SECG). SEC 1: Elliptic Curve Cryptography (2000), http://www.secg.org/download/aid-385/sec1_final.pdf
Wolf, W.H.: Hardware-software co-design of embedded systems. Proceedings of the IEEE 28(7), 967–989 (1994)
Zhao, L., Iyer, R., Makineni, S., Bhuyan, L.: Anatomy and performance of SSL processing. In: Proceedings of the 5th International Symposium on Performance Analysis of Systems and Software (ISPASS 2005), pp. 197–206. IEEE Computer Society Press, Los Alamitos (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Koschuch, M., Großschädl, J., Page, D., Grabher, P., Hudler, M., Krüger, M. (2009). Hardware/Software Co-design of Public-Key Cryptography for SSL Protocol Execution in Embedded Systems. In: Qing, S., Mitchell, C.J., Wang, G. (eds) Information and Communications Security. ICICS 2009. Lecture Notes in Computer Science, vol 5927. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-11145-7_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-11145-7_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-11144-0
Online ISBN: 978-3-642-11145-7
eBook Packages: Computer ScienceComputer Science (R0)