Article Preview
TopIntroduction
The overwhelming use of information and communication technology, ICT, in our daily life have created a security bottleneck. Previously, security was an afterward thoughts. For instance, the early version of internet protocol was designed with no security mechanism. After the rise of security concerns and the threats brought by cyber attacks, new ICT systems are designed with the security in mind. Cryptography in the ICT domain has been used to provide the following services: authentication, access control, privacy, data integrity, and non-repudiation.
The secure hash algorithm is a one-way function that aims at checking the integrity of the message. The National Institute of Standards and Technology, NIST, has devised an assorted version of the secure hash algorithm. SHA-256 is one the secure hash algorithm that was approved by the NIST in 2002. The SHA-256 has been intensively used in VPN, public key infrastructure, IPSec (Huitema, 2015), IEEE802.16, intelligent transportation systems, etc.
Hardware and software implementations of the SHA-256 have been proposed in several published reports (Lee, Chan, & Verbauwhede, 2007) (McEvoy, Crowe, Murphy, & Marnane, 2006) (Michail, Athanasiou, Kelefouras, Theodoridis, & Goutis, 2012) (Jeong & Kim, 2014). However, the implementation issues of SHA-256/224 for the exchange of safety messages in the Dedicated Short-Range Communication, DSRC, is an understudied topic.
DSRC uses the elliptic curve digital signature algorithm, ECDSA, for safety message exchange. Prior to its transmission over an insecure channel, the message digest for the safety message is computed using SHA-256/224, then the message digest is encrypted using the elliptic curve cryptography. In (Petit, 2009), the author showed that the time-complexity for the SHA-256 algorithm is O(nM), where M and n are, respectively, the message length and digest length. The ECDSA requires the following primitive operations: modular multiplication, hash function, inversion, and scalar multiplication. A software implementation of the ECDSA over the prime field, using P-224 and P-256 NIST curves, described in (Petit, 2009) shows that SHA-256 is slower than the modular multiplication but faster than the scalar multiplication and inversion. However, the author considered the implementation using Pentium D 3.4GHz workstation. The processor is a Netburst microarchitecture which is not included as an embedded processor core. Efficient implementation of ECDSA is based on SW executed on an embedded core (e.g. ARM M3) or in specific HW (ASIC or FPGA) that will be used as a dedicated accelerator. Additionally, the author didn’t consider speed-up techniques for the scalar multiplication (Ananyi, Alrimeih, & Rakhmatov, 2009).
This work proposes a high throughput architecture for the SHA-256/224 algorithm compliant with the Dedicated Short Range Communication (DSRC) standard for safety message exchange. Specifically, the paper:
- •
Analyzes the throughput requirements for the SHA256/244 units;
- •
Derives a high-throughput architecture using loop-unrolling of the message scheduler unit, retiming, pipelining and a three-operand adder architecture suitable for FPGA implementation;
- •
Elaborates an architecture that decouples the compressor and the message scheduler;
- •
Devises a retimed compressor architecture that is 13.3% faster than state of the art compressor architecture;
- •
Describe and reports design methodologies using high-level synthesis.
The rest of the paper unfolds as follows. First, we analyze the throughput of the DSRC safety messages. Then, we present the SHA-256/224 algorithm. Subsequently, we summarize related work. Afterward, we describe high-level transformation techniques to obtain a high-throughput architecture that meets the DSRC data-rate requirements. After, we propose a multi-operand adder architecture suitable for the FPGA implementation. Later we report the implementation results for the SHA-256 compliant with the Dedicated Short Range Communication (DSRC) standard. Finally, we conclude the paper.