|本期目录/Table of Contents|

[1]杨文勇,黄 鹭,吴孔程,等.基于现场可编程门阵列的Linux统一加密设置认证算法的流水线架构[J].厦门大学学报(自然科学版),2018,57(04):572-580.[doi:10.6043/j.issn.0438-0479.201710021]
 YANG Wenyong,HUANG Lu,WU Kongcheng,et al.A Pipelined Implementation of the Linux Unified Key Setup Authentication Scheme on Field-programmable Gate Array[J].Journal of Xiamen University(Natural Science),2018,57(04):572-580.[doi:10.6043/j.issn.0438-0479.201710021]
点击复制

基于现场可编程门阵列的Linux统一加密设置认证算法的流水线架构(PDF/HTML)
分享到:

《厦门大学学报(自然科学版)》[ISSN:0438-0479/CN:35-1070/N]

卷:
57卷
期数:
2018年04期
页码:
572-580
栏目:
研究论文
出版日期:
2018-07-31

文章信息/Info

Title:
A Pipelined Implementation of the Linux Unified Key Setup Authentication Scheme on Field-programmable Gate Array
文章编号:
0438-0479(2018)04-0572-09
作者:
杨文勇1黄 鹭2吴孔程2曹春晖2赵禀睿2李晓潮2*
1.厦门城市职业学院电子与信息工程系,福建 厦门 361008; 2.厦门大学信息科学与技术学院,福建 厦门 361005
Author(s):
YANG Wenyong1HUANG Lu2WU Kongcheng2CAO Chunhui2ZHAO Bingrui2LI Xiaochao2*
1.Department of Electronics and Information Engineering,Xiamen City University,Xiamen 361008,China; 2.School of Information Science and Engineering,Xiamen University,Xiamen 361005,China
关键词:
Linux统一加密设置认证 密钥派生函数 安全散列算法 高级加密标准AES ST-box 流水线架构
Keywords:
Linux unified key setup(LUKS) authentication password-based key derivation function(PBKDF2)secure hash algorithm(SHA-1) avanced encryption standard(AES)ST-box pipelined architecture
分类号:
TP 309.7
DOI:
10.6043/j.issn.0438-0479.201710021
文献标志码:
A
摘要:
Linux统一加密设置(LUKS)是Linux操作系统的标准磁盘加密认证规范并得到广泛应用.由于其算法构成复杂且所需资源较多,如何利用单个现场可编程门阵列(FPGA)的有限资源来实现整个算法并获得高吞吐率是研究工作的重点和难点.为此,研究了一种高能效的LUKS认证算法流水线架构,包括采用4级流水线的安全散列算法(SHA-1)和8级流水线的基于密码的密钥派生函数(PBKDF2)-基于哈希消息验证代码(HMAC)-SHA-1),并使用块随机存取存储器(BRAM)实现了基于S盒和T盒(ST-box)映射表的高级加密标准(AES)-128-电子密码本模式(ECB)算法,以节省FPGA的查找表资源用于上述的流水线架构实现.运行结果显示本设计的密码遍历速度达到了342 s-1,功耗仅为5.27 W,每个密钥的平均计算能量为0.015 J.口令恢复速度超过了工作频率为700 MHz、480核的GTX 480图像处理器(GPU),同时其能耗仅为GPU的1/13.
Abstract:
Linux unified key setup(LUKS)is regarded as the most popular full disk encryption solution implemented in Linux.A high throughput and pipelined architecture of LUKS authentication scheme is implemented on a field-programmable gate array(FPGA)with limited resources,including the four-stage pipeline structure of secure hash algorithm(SHA-1)algorithm,the eight-stage pipeline structure of password-based key derivation function(PBKDF2)-hash-based message authentication code(HMAC)-SHA-1 algorithm and the hardware design of advanced encryption standard(AES)-128-electronic code book(ECB)algorithm based on S-box and T-box(ST-box).Results show that the recovery speed of a password is 342 s-1,power consumption is only 5.27 W,and the average calculation energy per password is 0.015 J.With the authentication system running in the 195 MHz,the password recovery speed is faster than the 480 cores GTX 480 GPU running in 700 MHz,while its power consumption is only 1/13 of the GPU.

参考文献/References:

[1] MALVONI K,KNEZOVIC J.Are your passwords safe:energy-efficient bcrypt cracking with low-cost parallel hardware[C]∥WOOT’14 8th Usenix Workshop on Offensive Technologies Proceedings 23rd USENIX Security Symposium.San Diego:USENIX,2014.doi:10.13140/2.1.3267.0081.
[2] LEE H,PAIK Y,JUN J,et al.High-throughput low-area design of AES using constant binary matrix-vector multiplication[J].Microprocessors and Microsystems,2016,47:360-368.
[3] MICHAIL H E,ATHANASIOU G S,KELEFOURAS V I,et al.Area-throughput rrade-offs for SHA-1 and SHA-256 Hash functions’ pipelined designs[J].Journal of Circuits,Systems and Computers,2016,25(4):1650032.
[4] Li X,Cao C,Li P,et al.Energy-efficient hardware implementation of LUKS PBKDF2 with AES on FPGA[C]∥Trustcom/BigDataSE/ISPA,Tianjin:IEEE,2016:402-409.
[5] 王文功,于松林,李玉峰,等.基于SHA-1算法的硬件设计及实现[J].电子设计工程,2017,25(4):14-17.
[6] 刘恒,黄凯,修思文,等.多种哈希算法的可重构硬件架构设计[J].计算机工程与科学,2016,38(3):411-417.
[7] 龚向东,王佳,张准,等.基于FPGA的AES算法硬件实现优化及IP核应用[J].电子设计工程,2017,25(12):1-5.
[8] FRUHWIRTH C.LUKS on-disk format specification version 1.2.2.[EB/OL].[2017-8-30].https:∥zh.scribd.com/document/352872322/On-Disk-Format.
[9] BOSSI S,VISCONTI A.What users should know about full disk encryption based on LUKS[C]∥International Conference on Cryptology and Network Security.Marrakesh:Springer,2015:225-237.
[10] STEVENS M,KARPMAN P,PEYRIN T.Freestart collision for full SHA-1[C]∥Annual International Conference on the Theory and Applications of Cryptographic Techniques.Berlin:Springer,2016:459-483.
[11] MICHAIL H,KAKAROUNTAS A,MILIDONIS A,et al.A top-down design methodology for ultrahigh-performance hashing cores[J].IEEE Transactions on Dependable and Secure Computing,2009,6(4):255-268.
[12] MAKKAD R K,SAHU A K.Novel design of fast and compact SHA-1 algorithm for security applications[C]∥IEEE International Conference on Recent Trends in Electronics,Information & Communication Technology(RTEICT).Bangalore:IEEE,2016:921-925.
[13] LEE H,LEE S,KIM J,et al.Parallelizing SHA-1[J].IEICE Electronics Express,2015,12(12):20150371.
[14] VISCONTI A,BOSSI S,RAGAB H,et al.On the weaknesses of PBKDF2[C]∥International Conference on Cryptology and Network Security.Marrakesh:Springer,2015:119-126.
[15] JOHNSON T,ROGGOW D,JONES P H,et al.An FPGA architecture for the recovery of WPA/WPA2 keys[J].Journal of Circuits,Systems and Computers,2015,24(7):1550105.
[16] KUNDI D S,AZIZ A,IKRAM N.A high performance ST-box based unified AES encryption/decryption architecture on FPGA[J].Microprocessors and Microsystems,2016,41:37-46.
[17] KUNDI D S,AZIZ A,KAZMI M.An efficient single unit T-box/T-1-box implementation for 128-bit AES on FPGA[J].Security and Communication Networks,2015,8(9):1725-1731.

备注/Memo

备注/Memo:
收稿日期:2017-10-29 录用日期:2018-06-14
基金项目:福建省高校重点实验室建设资金; 厦门市科技局科技专项; 2017年厦门大学教学改革研究项目
*通信作者:leexcjeffrey@xmu.edu.cn
引文格式:杨文勇,黄鹭,吴孔程,等.基于现场可编程门阵列的Linux统一加密设置认证算法的流水线架构[J].厦门大学学报(自然科学版),2018,57(4):572-581.
Citation:YANG W Y,HUANG L,WU K C,et al.A pipelined implementation of the Linux unified key setup authentication scheme on field-programmable gate array[J].J Xiamen Univ Nat Sci,2018,57(4):572-580.(in Chinese)
更新日期/Last Update: 1900-01-01