System-on-Programmable-Chip AES-GCM implementation for wire-speed cryptography for SAS

Rodríguez, Mikel; Astarloa, Armando; Lázaro, Jesús; Bidarte, Unai; Jiménez, Jaime

doi:10.1109/dcis.2018.8681469

Cited by 5 publications

(6 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In addition, the ChaCha20-Poly1305 cipher suite was introduced in the protocol to increase the performance and resistance of side-channel attacks in software implementations. As such, the cipher suites used in the current version of TLS are AES-GCM [24,25], AES-CCM [26,27], and ChaCha20-Poly1305 [28]. Figure 2 shows the handshake protocol in TLS 1.3.…”

Section: Transport Layer Securitymentioning

confidence: 99%

ChaCha20–Poly1305 Authenticated Encryption with Additional Data for Transport Layer Security 1.3

et al. 2022

View full text Add to dashboard Cite

Transport Layer Security (TLS) provides a secure channel for end-to-end communications in computer networks. The ChaCha20–Poly1305 cipher suite is introduced in TLS 1.3, mitigating the sidechannel attacks in the cipher suites based on the Advanced Encryption Standard (AES). However, the few implementations cannot provide sufficient speed compared to other encryption standards with Authenticated Encryption with Associated Data (AEAD). This paper shows ChaCha20 and Poly1305 primitives. In addition, a compatible ChaCha20–Poly1305 AEAD with TLS 1.3 is implemented with a fault detector to reduce the problems in fragmented blocks. The AEAD implementation reaches 1.4-cycles-per-byte in a standalone core. Additionally, the system implementation presents 11.56-cycles-per-byte in an RISC-V environment using a TileLink bus. The implementation in Xilinx Virtex-7 XC7VX485T Field-Programmable Gate-Array (FPGA) denotes 10,808 Look-Up Tables (LUT) and 3731 Flip-Flops (FFs), represented in 23% and 48% of ChaCha20 and Poly1305, respectively. Finally, the hardware implementation of ChaCha20–Poly1305 AEAD demonstrates the viability of using a different option from the conventional cipher suite based on AES for TLS 1.3.

show abstract

Section: Transport Layer Securitymentioning

confidence: 99%

ChaCha20–Poly1305 Authenticated Encryption with Additional Data for Transport Layer Security 1.3

et al. 2022

View full text Add to dashboard Cite

show abstract

“…This new revision of the IEC 62351-6 standard includes AES Galois/Counter Mode (AES-GCM), to allow to provide both data authentication and encryption. This algorithm has proven to be extremely efficient and achieves both high data throughput and low latency when implemented in hardware [5], [36]- [38]. However, encryption is still a challenge.…”

Section: B State Of the Art In Iec 62361-6mentioning

confidence: 99%

“…If a key is available, this section provides to the AES-GCM engine all the parameters needed to perform frame protection. analyzed in [5] and it has been specifically designed to support different latency/silicon-resources trade-off attending the targeted performance. It has four main phases that are carried out for each frame that needs to be processed:…”

Section: Encryption/decryption Controllermentioning

confidence: 99%

See 1 more Smart Citation

A Fixed-Latency Architecture to Secure GOOSE and Sampled Value Messages in Substation Systems

Rodríguez¹,

Lázaro

Bidarte

et al. 2021

IEEE Access

Self Cite

View full text Add to dashboard Cite

International Electrotechnical Commission (IEC) 62351-6 standard specifies the security mechanisms to protect real-time communications based on IEC 61850. Generic Object Oriented Substation Events (GOOSE) and Sampled Value (SV) messages must be generated, transmitted and processed in less than 3 ms, which challenges the introduction of IEC 62351-6. After evaluating the security threats to IEC 61850 communications and the state of the art in GOOSE and SV security, this work presents a novel architecture based on wire-speed processing able to provide message authentication and confidentiality. This architecture has been implemented and tested to evaluate its performance, resource usage, and the latency introduced. Other proposals in the scientific literature do not support real-time traffic, so they are not suitable for GOOSE and SV messages. Whereas the others exceed the target latency of 3 ms or do not comply with the standards, our design authenticates and encrypts real-time IEC 61850 data in less than 7 µs -predictable latency-, and complies with IEC 62351:2020.

show abstract

“…As presented in this paper, the security means for stringent real-time traffic requires wire-speed cryptography to ensure low and deterministic latency times and robust security key management schemes [66]. For example, in the context of the electric sector, the scheduled traffic in a TSN network can be composed of layer-2 GOOSE and sampled measured value (SMV), previously described.…”

Section: Wire-speed Cryptography For Real-time Trafficmentioning

confidence: 99%

A Survey on Vulnerabilities and Countermeasures in the Communications of the Smart Grid

Lázaro

Astarloa

Rodríguez³

et al. 2021

Electronics

Self Cite

View full text Add to dashboard Cite

Since the 1990s, the digitalization process has transformed the communication infrastructure within the electrical grid: proprietary infrastructures and protocols have been replaced by the IEC 61850 approach, which realizes interoperability among vendors. Furthermore, the latest networking solutions merge operational technologies (OTs) and informational technology (IT) traffics in the same media, such as time-sensitive networking (TSN)—standard, interoperable, deterministic, and Ethernet-based. It merges OT and IT worlds by defining three basic traffic types: scheduled, best-effort, and reserved traffic. However, TSN demands security against potential new cyberattacks, primarily, to protect real-time critical messages. Consequently, security in the smart grid has turned into a hot topic under regulation, standardization, and business. This survey collects vulnerabilities of the communication in the smart grid and reveals security mechanisms introduced by international electrotechnical commission (IEC) 62351-6 and how to apply them to time-sensitive networking.

show abstract

System-on-Programmable-Chip AES-GCM implementation for wire-speed cryptography for SAS

Cited by 5 publications

References 12 publications

ChaCha20–Poly1305 Authenticated Encryption with Additional Data for Transport Layer Security 1.3

ChaCha20–Poly1305 Authenticated Encryption with Additional Data for Transport Layer Security 1.3

A Fixed-Latency Architecture to Secure GOOSE and Sampled Value Messages in Substation Systems

A Survey on Vulnerabilities and Countermeasures in the Communications of the Smart Grid

Contact Info

Product

Resources

About