Transcript IC-SOC
Design Driver :
Network Security Processor
Cheng-Wen Wu
August 2004
Design Technology Center
National Tsing Hua University
Outlines
Overall Architecture of NSP
Architecture of Crypto-Processor
Current Status
icsoc4.8
Network Security Processor
Applications: IPSec, SSL, VPN, etc.
Functionalities:
Public key: RSA
Private key: AES
HMAC
Truly random number generator
Target technology: 0.25m to 0.18m
Clock rate: 200MHz or higher (internal)
32-bit data and instruction word
Throughput: 10Gbps (OC192)
Power: 1 to 10mW/MHz at 3V (LP to HP)
Die size: 50mm2
On-chip bus: AMBA
icsoc4.8
NSP Architecture
Local
SRAM
CPU
Local
SRAM
CP
Status
Registers
RAM
AMBA
AHB
Arbiter
External
Memory
Interface
icsoc4.8
AHB
MUXes
DMA
Controller
AHB
Decoder
Test
Controller
B
R
I
D
G
E
APB
BIST
AMBA
Advanced Microcontroller Bus Architecture
Standard system bus for ARM-based chip
Open standard for SOC on-chip bus
Flexible
and suitable for a wide range of SOC
applications
icsoc4.8
Crypto-Processor Architecture
icsoc4.8
Encryption Modules
AES core
Supports AES (ECB, CBC mode) encryption and
decryption with128-, 192-, and 256-bit keys
On-the-fly key scheduling
AHB slave interface
RSA core
New engine based on Montgomery algorithm
AHB slave interface; 12k bit local RAM
HMAC core
Supports HMAC-SHA-1 and HMAC-MD5 algorithms with
shared data-path
AHB slave interface
icsoc4.8
AES Core
Reduce hardware complexity of S-Box based on
composite field arithmetic
4-stage pipelined encryption/decryption datapath
icsoc4.8
Silicon Prototype
Technology
0.25 μm CMOS
Package
128CQFP
Core Size
1,279x 1,271 μm2
Gate Count
63.4K
Max. Freq.
250 MHz
2.977Gbps(128-bit key)
Throughput
2.510Gbps(196-bit key)
2.169Gbps(256-bit key)
icsoc4.8
RSA Core
on an improved word-based Montgomery’s
modular multiplication algorithm
Supports both GF(p) and GF(2^n) multiplications
Scalable architecture for different key length
Based
icsoc4.8
Silicon Prototype
icsoc4.8
Technology
0.25um CMOS
Package
128CQFP
Core size
2.282x2.284mm2
Gate count
(32-b word)
210K
Clock rate
200MHz
Throughput
(1024-b RSA)
276K
HMAC Core
Hashing: the mapping from an arbitrary length
message to a fixed length hash value
A security
engine for IPSec/SSL applications
An HMAC core supports both SHA-1 and MD-5
algorithms
Hardware is shared by SHA-1 and MD-5
Supports
various security requirements
Reduces hardware cost
For high performance and low power applications
icsoc4.8
HMAC Architecture
DATA
Counter
Data Length
Register
Padding Logic
32
AHB Wrapper
Constants
Controller
32
Word Expansion Unit
tj 32
Mj 32
Integrated SHA-1/MD5 Unit
160
160
Message Digest Register
icsoc4.8
Silicon Prototype
icsoc4.8
Technology
0.25um standard
CMOS 5 layer metal
Supply Voltage
2.5 V
Gate Count
50K
Chip Size
1.68x1.69 mm2
Package
128pin CQFP
Clock Speed
71.4 MHz
Power
Consumption
42.5 mW
Status
Crypto-Processor (CP)
CP-1 (August 2003)
Descriptor-based controller
RSA, AES
CP-2 (June 2004)
RSA, AES, HMAC, RNG
Parallel architecture
Low power technique
Network security processor (NSP)
ARM
+ CP + AMBA
Architecture evaluation
Performance/power
icsoc4.8
analysis
CP2 Tape-Out (June 2004)
CP2
Dynamic Voltage
Generator
icsoc4.8
NSP Prototyping Platform
Logic Module
CM920T
AHB Bridge
AHB
Memory
Cryptographic
Processor
GPIF-AHB
Wrapper
ARM Integrator
PC
USB 2.0 Development Board
icsoc4.8
Future Test Chips Tape-Out
Multiple-clock domain (September 2004)
ARM + CP2 (Winter 2004)
Low-power (Winter 2004)
icsoc4.8
Thank You
icsoc4.8