Hardware implementation of message authentication algorithms for Internet security

Deepakumara, Janaka T. (2002) Hardware implementation of message authentication algorithms for Internet security. Masters thesis, Memorial University of Newfoundland.

[img] [English] PDF (Migrated (PDF/A Conversion) from original format: (application/pdf)) - Accepted Version
Available under License - The author retains copyright ownership and moral rights in this thesis. Neither the thesis nor substantial extracts from it may be printed or otherwise reproduced without the author's permission.

Download (20MB)
  • [img] [English] PDF - Accepted Version
    Available under License - The author retains copyright ownership and moral rights in this thesis. Neither the thesis nor substantial extracts from it may be printed or otherwise reproduced without the author's permission.
    (Original Version)

Abstract

Verification of integrity and authenticity of information is a prime requirement in computer networks. In open networks such as the Internet, a strong mechanism to provide these security services is essential With the introduction of Internet Protocol Security (IPSEC), the need has arisen to have a simple, efficient and widely available Message Authentication Code (MAC) mechanism. The standard approach for message authentication in Internet applications has been based on the use of cryptographic hash functions such as Secure Hash Algorithm-1 (SHA-1) and Message Digest 5 (MD5). The wide availability of software implementations, efficiency in software and freedom of license and export restrictions are some of the reasons for adoption of hash-based MACs or HMACs. In high-speed network applications hardware encryption and authentication have become essential to meet the performance requirements. Field Programmable Gate Arrays (FPGAs) are an attractive option because they are capable of providing the required speed, algorithm agility and flexibility of dynamic system evolution. When these factors are considered, FPGA devices are a promising alternative for implementing cryptographic algorithms. -- In this research, FPGA implementations of MD5, SHA-1 and HMAC using SHA-1 as the basis hash algorithm have been carried out. MD5 and SHA-1 have been implemented using an iterative and full loop unrolled architectures. The target device has been selected as the XILINX Virtex series FPGA. Performance analysis in terms of hardware utilization and speed are executed. Different design optimization techniques are also discussed. -- The Internet is one of the main areas of application of cryptographic hash functions and the size of the message has a considerable impact on the performance of these algorithms. Hence the performance of HMAC both in hardware and software are investigated using four Internet traffic models. The same analysis is performed on CBC- MAC-AES for performance comparison. -- Due to the sequential nature of the structure of these algorithms, it is difficult to make them fast enough to ensure suitability for very high-speed applications. Therefore some alternative methods have to be investigated for high-speed applications. One of the proposed algorithms based on universal hashing, the Universal Message Authentication Code (UMAC), is analyzed for its hardware performance. Finally the conclusion and recommendations for future research are presented.

Item Type: Thesis (Masters)
URI: http://research.library.mun.ca/id/eprint/947
Item ID: 947
Additional Information: Bibliography: leaves 143-152
Department(s): Engineering and Applied Science, Faculty of
Date: 2002
Date Type: Submission
Library of Congress Subject Heading: Computer security; Data encryption (Computer science)

Actions (login required)

View Item View Item

Downloads

Downloads per month over the past year

View more statistics