Hardware implementation of message authentication algorithms for Internet security

Thesis (M.Eng.)--Memorial University of Newfoundland, 2002. Engineering and Applied Science Bibliography: leaves 143-152 Verification of integrity and authenticity of information is a prime requirement in computer networks. In open networks such as the Internet, a strong mechanism to provide these s...

Full description

Bibliographic Details
Main Author: Deepakumara, Janaka T., 1965-
Other Authors: Memorial University of Newfoundland. Faculty of Engineering and Applied Science
Format: Thesis
Language:English
Published: 2002
Subjects:
Online Access:http://collections.mun.ca/cdm/ref/collection/theses3/id/47015
Description
Summary:Thesis (M.Eng.)--Memorial University of Newfoundland, 2002. Engineering and Applied Science Bibliography: leaves 143-152 Verification of integrity and authenticity of information is a prime requirement in computer networks. In open networks such as the Internet, a strong mechanism to provide these security services is essential With the introduction of Internet Protocol Security (IPSEC), the need has arisen to have a simple, efficient and widely available Message Authentication Code (MAC) mechanism. The standard approach for message authentication in Internet applications has been based on the use of cryptographic hash functions such as Secure Hash Algorithm-1 (SHA-1) and Message Digest 5 (MD5). The wide availability of software implementations, efficiency in software and freedom of license and export restrictions are some of the reasons for adoption of hash-based MACs or HMACs. In high-speed network applications hardware encryption and authentication have become essential to meet the performance requirements. Field Programmable Gate Arrays (FPGAs) are an attractive option because they are capable of providing the required speed, algorithm agility and flexibility of dynamic system evolution. When these factors are considered, FPGA devices are a promising alternative for implementing cryptographic algorithms. -- In this research, FPGA implementations of MD5, SHA-1 and HMAC using SHA-1 as the basis hash algorithm have been carried out. MD5 and SHA-1 have been implemented using an iterative and full loop unrolled architectures. The target device has been selected as the XILINX Virtex series FPGA. Performance analysis in terms of hardware utilization and speed are executed. Different design optimization techniques are also discussed. -- The Internet is one of the main areas of application of cryptographic hash functions and the size of the message has a considerable impact on the performance of these algorithms. Hence the performance of HMAC both in hardware and software are investigated using four Internet traffic models. The same analysis is performed on CBC- MAC-AES for performance comparison. -- Due to the sequential nature of the structure of these algorithms, it is difficult to make them fast enough to ensure suitability for very high-speed applications. Therefore some alternative methods have to be investigated for high-speed applications. One of the proposed algorithms based on universal hashing, the Universal Message Authentication Code (UMAC), is analyzed for its hardware performance. Finally the conclusion and recommendations for future research are presented.