Many situations call for system processing in which there is high assurance that actions presenting an unacceptable risk to secure and/or safe operation are not induced by hardware or software faults and/or malicious attack. For example, high assurance processing systems having security, data integrity, and safety requirements are commonly required in many applications, such as cryptographic systems, aircraft navigation and flight control systems, safety or medical operations, and so forth. In existing technology, high assurance systems are often implemented using techniques of physical redundancy to assure proper operation. While effective, physically replicating complex system elements is often times expensive in terms of hardware, complexity, power, and cost.
FIG. 1 shows a block diagram of a prior art processing system 20 that employs a parallel architecture configuration of elements for providing high assurance processing of payload data. In an example, processing system 20 may be a cryptographic system that provides redundant cryptographic services through the parallel processing architecture.
System 20 includes an input interface 22, an output interface 24, and at least two processors 26 and 28 interposed between input interface 22 and output interface 24. As shown, input interface 22 may have an input port 30 and at least two output ports 32 and 34. Output port 32 is connected to an input 36 of processor 26, and output port 34 is connected to an input 38 of processor 28. Likewise, output interface 24 may have at least two input ports 40 and 42 and an output port 44. An output 46 of processor 26 is connected to input port 40 and an output 48 of processor 28 is connected to input port 42.
In the exemplary illustration, payload data, in the form of a plain text (PT) data packet 50, may be received at input port 30 of input interface 22. Input interface 22 sends PT data packet 50 in an internal message 52 to each of processors 26 and 28. Each of the processors 26 and 28 processes PT data packet 50 contained in the received internal message 52 to produce processed payload data, in the form of a cipher text (CT) data packet 54. Each of processors 26 and 28 outputs CT data packet 54 in an internal message 56 to output interface 24. Output interface 24 compares CT data packet 54 received in each of internal messages 56, and if they match, output interface 24 releases the processed data packet, i.e., CT data packet 54.
While conventional parallel architecture designs, such as system 20, may meet the stringent requirements of high assurance processing, they often do so with severe restrictions on processor input/output speed, or they require specialized processing modules. Furthermore, the multiple input/output ports required for each of input and output interfaces 22 and 24 can have undesirably high power consumption requirements.
In parallel processing architectures, such as system 20, processors 26 and 28 must operate in synchronization. To assure they operate in synchronization, processors 26 and 28 may be run in lockstep fashion such that they perform their execution in unison. Should one processor vary its operation from the other, the comparison function performed at output interface 24 would find the problem. For high speed systems (such as those operating at multi-gigabit per second speeds), synchronizing the streams requires meticulous design with buffering being part of the solution, thereby further increasing the cost and complexity of such a parallel architecture processing system.
Parallel architecture processing systems can also suffer from problems related to signal integrity. Signal integrity is a measure of the quality of an electrical signal. In digital electronics, a stream of binary values is typically represented by a voltage, or current, waveform. Over short distances and at low bit rates, a channel or conductor can transmit this with acceptable reliability. However, at high bit rates (e.g., multi-gigabit per second) and over longer distances, various effects can degrade the signal to the point where errors occur, products fail to operate, or products become unreliable. The high interconnect density of a parallel architecture, such as system 20, the demand for smaller physical size of integrated circuits, and the higher transmission rates have exacerbated noise problems resulting in decreased signal integrity.