Securing data is one of the most crucial things in current and future data networks. The basic functionalities that are required are private and public key encryption, message authentication, and key exchange. In embedded systems, these functions require so much computing power that a microprocessor cannot handle them by itself, wherein especially a high data throughput is required. Additional hardware must be used to handle security functions. These additional hardware implementations have utilized microprocessors, Digital Signal Processors (DSP), Field Programmable Gate Arrays (FPGA) (referred to as conventional FPGA in the present description), or an Application Specific Integrated Circuit (ASIC).
A microprocessor offers a great flexibility. Its operation can be changed very easily and thus the adding of support for new algorithms is trivial and the device can change its behavior even “on-the-fly” (during operation).
However, strong encryption algorithms require so much computing power that high throughputs cannot be obtained. That is, microprocessors have a very low performance if they have to handle a large flow of data. Accordingly, since strong encryption algorithms require so much computing power, the throughput achieved by a software implementation is very low.
DSPs have the flexibility of a software implementation, a higher performance than microprocessors provided that multiplication and division operations are needed, and a possibility to add support for new algorithms.
However, DSPs perform other functions very poorly. Security functions do contain a lot more than just divisions and multiplications. This results in a poor performance comparison to FPGAs and ASICs.
Conventional FPGAs offer a high data throughput, but only a very limited flexibility which allows maintenance operations of the device, but no run-time flexibility (maintenance means in the present context that the behavior of the device can only be changed if the device is reset, reprogrammed, and booted up again). Stated in other words, conventional FPGA devices can be reconfigured to add support for new algorithms, but they cannot be reconfigured on-the-fly. Rather, it requires that the FPGA is reset, reconfigured and booted up again. During this procedure the conventional FPGA cannot operate. Hence, all the algorithms that are needed must be downloaded inside the FPGA at once. This leads to a poor utilization of silicon area, since only a small portion of the design is active at any given time. Depending on the application some algorithms may be idle even for days or months. However, a poor utilization of silicon area increases the system costs, since a large FPGA is needed. This means also a higher power consumption and a larger area required from a printed circuit board (PCB).
Therefore, conventional FPGAs offer only a limited flexibility. They are not suitable for real time-applications, where data security services must be always available.
A very high data throughput can be achieved using ASICs. However, ASIC designs have a long design cycle, and once the ASIC has been manufactured its configuration cannot be modified. As a consequence, when a support for a new algorithm is needed, a new ASIC has to be designed. Moreover, a new ASIC may also require some modifications to the Printed Circuit Board (PCB) or even a totally new PCB. As a conclusion, ASICs do not offer any flexibility at all.
Thus, since these known devices always sacrifice either a high data throughput or flexibility, both advantages are not achieved by these.