網路技術的發展促使網路應用的大量成長，也使得高效能網路封包處理的需求持續地增加。高階網路設備通常用來解決這樣的網路問題。如果網路設備也要處理機密的電子商務資料或影音服務資料，它一定要提供安全處理功能，例如加密與解密。這意指每一個網路設備需要一個或多個能夠有效地處理密碼演算法與網路安全協定功能的安全處理器。針對產品的開發而言，知道如何使用一個創意且有效的方式去設計這樣的前瞻密碼處理器和如何符合成本效益地整合多個處理器在單一晶片都是重要的。針對如何在合理成本考量下去解決效能的問題，此篇論文提出數個前瞻安全處理器和相關的擴充性架構，也包含其中設計細節。整篇論文可分成三個部份來探討。第一部份提出可用來檢查資料完整性及驗證的雜湊演算法處理器和雜湊式訊息驗證碼處理器。此部份包含一個整合了安全雜湊演算法1和訊息摘要5演算法的雜湊演算法處理器核心。這個核心可以使用於低成本應用也能用於高效能的應用。在這個核心裡面，我們使用一個移位暫存器方法，在兩個雜湊演算法裡的字組擴展步驟能夠以較低硬體成本的方式實現。相比其他設計，我們的混合式雜湊處理器核心有類似的效能但有較低的硬體成本。為了能夠應用於高速網路系統，我們也設計一個管線的雜湊演算法處理器核心。這個核心已經被整合到一個網際網路安全協定處理器上。以非管線式的雜湊處理器核心為基礎，我們也設計一個雜湊式訊息驗證碼處理器去處理在網路安全協定中需要的訊息驗證工作。這個處理器支援字組填補自動化和能夠針對連續使用相同金鑰的處理作金鑰排程(消除金鑰計算時間)。第二部份提出具有多個可組態參數的前瞻加密標準核心的密碼架構。這個多核心架構能夠達到高效能與增強安全性。這個架構減少主處理器的中斷處理負擔也使用共同的控制介面去簡化此架構的管理。相比於傳統的方法，此架構有較好的效能與等效邏輯閘數目比率。除此之外，此架構包含四個安全屬性，相比於其他架構，它有較高的安全性。在最後的部份，我們描述一個網狀結構的網際網路安全協定處理器。這個內含數十個前瞻加密標準核心和雜湊演算法核心的處理器能夠同時處理七十二個網路封包。它提供一個通用的結構去處理不同網路安全協定與密碼演算法組合的運算。它也利用多重平行方式去增強其效能。除此之外，瓦片狀的相互連結架構也用來解決匯流排引起的握手與競爭問題。在此架構中，我們設計網路安全協定特定的低延遲繞送硬體。相比於四種用於網路單晶片的路由器，它有較低的等效邏輯閘數目。除此之外，相較於先前的方法，這個網路安全協定處理器有較高的效能與等效邏輯閘數目比率。規則的結構能提供高的擴充性，因此，連接多個網路安全協定處理器能夠進一步提升處理效能。另外，我們也發展一個自動程序用來減少設計驗證的複雜度。

Advances in network technology stimulate an enormous growth in the number of applications.
These also lead to a growing demand for handling a considerable number of packets over the Internet.
High-end network equipment is usually used to confront the
traffic problem.
If the equipment is required to deal with sensitive network
traffic from electronic commerce or secure audio/video services, it must be equipped with security processing functions.
This means that one or more powerful security processors for
cryptographic algorithms and network security protocols
are needed in the network equipment.
For product development, it is important to know how to
design such an advanced cryptographic processor in
an innovative and efficient way, and how to integrate multiple processors into a single chip cost-effectively.
This thesis describes design details for advanced
security processors and scalable architectures which tackle
the performance problem at reasonable cost.
The details are divided into three major parts.
The first part presents hash and HMAC processors, which
are used for purposes of data integrity and authentication.
In this part, a novel hash processor core with integrated SHA-1 and MD5 algorithms is proposed for cost-oriented and
performance-oriented applications.
Based on a shift-register approach, word expansion steps for
both MD5 and SHA-1 can be performed at lower cost.
The hybrid hash core has a similar performance with a lower
hardware cost in comparison with existing designs.
A pipeline version is also developed for high-speed network
systems and has been integrated into an IPsec processor.
Based on the non-pipelined hash processor core,
we also design an HMAC processor for message authentication
required by network security protocols such as IPsec and SSL/TLS.
The HMAC design has automatic word padding and supports key
scheduling for successive HMAC tasks using the same key
(removing key computation time).
The second part is the design of a multi-core configurable
crypto architecture including several configurable AES processor cores which implement AES algorithm and extended AES version.
Each configurable AES processor core, providing such a
flexibility to configure parameters defined in the AES algorithm, is used to reinforce the security in data communication.
With the multi-core configurable AES architecture, both high
encryption throughput and enhancing security level are
achieved.
In the architecture, a linked-list data structure is exploited to reduce the interrupt handling load of the host processor.
Also, the management of the architecture is simplified by a
shared control interface.
For 128-bit AES in the CBC mode, the architecture obtains better Gbps/Kgates ratio than conventional methods.
The proposed architecture with four security properties leads to higher security than other AES architectures.
The final part describes the design of a mesh-structured IPsec processor, which plays an important role in dealing with complex cryptographic operations of IP security protocol suite.
The proposed IPsec processor, consisting of dozens of AES and hash cores, can handle at most 72 IP packets simultaneously.
It provides a general scheme that handles IPsec crypto functions, including a combination of protocols and algorithms.
It also employs multi-level parallelism to enhance performance.
Besides, a tile and interconnection architecture
is designed to solve both handshake and contention issues induced by bus architectures.
In the architecture, the low-latency IPsec-specific routing
hardware has lower gate count than four kinds of routers
used in NoCs (Networks-on-Chips).
Also, the IPsec processor has higher Mbps/Kgates ratio than
previous work.
Regular structure provides high scalability, so multiple
IPsec processors can be connected directly to raise the
performance.
An automated procedure is also developed to reduce the
verification effort.

[1] Semiconductor Industry Association, “International technology roadmap for semiconductors (ITRS), 2007 edition”, Dec. 2007.
[2] M. Levy, “Multiprocessing becomes mainstream”, Embedded Computing Design, vol. 3, no. 1, pp. 10–12, Jan. 2005.
[3] N. R. Potlapally, S. Ravi, A. Raghunathan, R. B. Lee, and N. K. Jha, “Configuration and extension of embedded processors to optimize IPSec protocol execution”, IEEE Trans. on VLSI Systems, vol. 15, no. 5, pp. 605–609, May 2007.
[4] J. Thoguluva, A. Raghunathan, and S. T. Chakradhar, “Efficient software architecture for IPSec acceleration using a programmable security processor”, in Proc. Conf. Design, Automation, and Test in Europe (DATE), Munich, Mar. 2008, pp. 1148–1153.
[5] R. Friend, “Making the gigabit IPsec VPN architecture secure”, Computer, vol. 37, no. 6, pp. 54–60, June 2004.
[6] W. J. Dally and B. Towles, “Route packets, not wires: On-chip interconnection networks”, in Proc. IEEE/ACM Design Automation Conf. (DAC), Las Vegas, June 2001, pp. 684–689.
[7] L. Benini and G. D. Micheli, “Networks on chips: A new SoC paradigm”, Computer, vol. 35, no. 1, pp. 70–78, Jan. 2002.
[8] L. Pileggi, H. Schmit, A. J. Strojwas, P. Gopalakrishnan, V. Kheterpal, A. Koorapaty, C. Patel,
V. Rovner, and K. Y. Tong, “Exploring regular fabrics to optimize the performance-cost trade-off”, in Proc. IEEE/ACM Design Automation Conf. (DAC), Anaheim, June 2003, pp. 782–787.
[9] A. Jantsch and H. Tenhunen, “Will networks on chip close the productivity gap?”, in Networks on Chip. Jan. 2003, pp. 3–18, Springer.
[10] Semiconductor Industry Association, “International technology roadmap for semiconductors (ITRS), 1998 update”, Apr. 1999.
[11] William Stallings, Cryptography and Network Security: Principles and Practices, Prentice-Hall Inc., Upper Saddle River, NJ, 2003.
[12] NIST, Advanced Encryption Standard (AES), National Technical Information Service, Springfield, VA 22161, Nov. 2001.
[13] S. Kent and R. Atkinson, Security Architecture for the Internet Protocol, IETF Network Working Group, 1998, RFC 2401.
[14] C. R. Davis, IPSec: Securing VPNs, McGraw-Hill, 2001.
[15] S. Kent and R. Atkinson, IP Authentication Header, IETF Network Working Group, 1998, RFC 2402.
[16] S. Kent and R. Atkinson, IP Encapsulating Security Payload (ESP), IETF Network Working Group, 1998, RFC 2406.
[17] C. Madson and R. Glenn, “The use of HMAC-MD5-96 within ESP and AH”, RFC 2403, the Internet Society, Nov. 1998.
[18] C. Madson and R. Glenn, “The use of HMAC-SHA-1-96 within ESP and AH”, RFC 2404, the Internet Society, Nov. 1998.
[19] NIST, Secure Hash Standard (SHS), National Technical Information Service, Springfield, VA 22161, Aug. 2002.
[20] R. L. Rivest, “The MD5 message-digest algorithm”, RFC 1321, the Internet Society, Apr. 1992.
[21] NIST, The Keyed-Hash Message Authentication Code (HMAC), National Technical Information Service, Springfield, VA 22161, Mar. 2002.
[22] A. Frier, P. Karlton, and P. Kocher, The SSL Protocol Version 3.0, Netscape, Nov. 1996.
[23] T. Dierks and C. Allen, The TLS Protocol Version 1.0, IETF NetworkWorking Group, 1999, RFC 2246.
[24] IEEE, IEEE 802.11i Standard, IEEE Standards Department, Piscataway, July 2004.
[25] N. Sklavos, P. Kitsos, K. Papadomanolakis, and O. Koufopavlou, “Random number generator architecture and VLSI implementation”, in Proc. IEEE Int’l Symp. on Circuits and Systems (ISCAS), Scottsdale, Arizona, May 2002, vol. IV, pp. 854–857.
[26] J. Deepakumara, Howard M., and R. Venkatesan, “FPGA implementation of MD5 hash algorithm”, in Proc. Canadian Conf. on Electrical and Computer Engineering, Toronto,
May 2001, vol. 2, pp. 919–924.
[27] M. McLoone and J. V. McCanny, “A single-chip IPSEC cryptographic processor”, in Proc. IEEE Workshop on Singal Processing Systems (SIPS), San Diego, Oct. 2002, pp. 133–138.
[28] M. McLoone and J. V.McCanny, “Efficient single-chip implementation of SHA-384 & SHA-512”, in Proc. IEEE Int’l Conf. on Field-Programmable Technology (FPT), Hong Kong, Dec. 2002, pp. 311–314.
[29] Y.-K. Kang, D.-W. Kim, T.-W. Kwon, and J.-R. Choi, “An efficient implementation of hash function processor for IPSEC”, in Proc. 3rd IEEE Asia-Pacific Conf. on ASIC, Taipei, Aug. 2002, pp. 93–96.
[30] M.-Y. Wang, C.-P. Su, C.-T. Huang, and C.-W. Wu, “An HMAC processor with integrated SHA-1 and MD5 algorithms”, in Proc. Asia and South Pacific Design Automation Conf.
(ASP-DAC), Yokohama, Jan. 2004, pp. 456–458.
[31] C.-P. Su, Design and Test of an Advanced Cryptographic Processor, PhD dissertation, Dept. Electrical Engineering, National Tsing Hua University, Hsinchu, Taiwan, June 2004.
[32] NIST, Data Encryption Standard (DES), National Technical Information Service, Spring-field, VA 22161, Oct. 1999.
[33] P. Chown, Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security
(TLS), IETF Network Working Group, 2002, RFC 3268.
[34] S. Frankel, R. Glenn, and S. Kelly, The AES-CBC Cipher Algorithm and Its Use with IPsec, IETF Network Working Group, 2003, RFC 3602.
[35] C.-P. Su, C.-L. Horng, C.-T. Huang, and C.-W. Wu, “A configurable AES processor for enhanced security”, in Proc. Asia and South Pacific Design Automation Conf. (ASP-DAC), Shanghai, Jan. 2005, pp. 361–366.
[36] D. Geer, “Chip makers turn to multicore processors”, IEEE Computer, vol. 38, no. 5, pp. 11–13, May 2005.
[37] C. H. Kim and J.-J. Quisquater, “Faults, injection methods, and fault attacks”, IEEE Design & Test of Computers, vol. 24, no. 6, pp. 544–545, Nov.-Dec. 2007.
[38] S. Burugapalli and W. K. Al-Assadi, “Secured hardware design—an overview”, in Proc. IEEE Region 5 Conference, Kansas City, MO, Apr. 2008, pp. 1–4.
[39] S. Borkar, “Thousand core chips—a technology perspective”, in Proc. IEEE/ACM Design Automation Conf. (DAC), San Diego, CA, June 2007, pp. 746–749.
[40] C.-H. Yen, T.-Y. Pai, and B.-F. Wu, “The implementations of the reconfigurable Rijndael
algorithm with throughput of 4.9Gbps”, in Proc. 16th VLSI Design/CAD Symp., Hualien, Aug. 2005.
[41] M.-H. Jing, Z.-H. Chen, J.-H. Chen, and Y.-H. Chen, “Reconfigurable system for high-speed and diversified AES using FPGA”, Microprocessors and Microsystems, vol. 31, no. 2, pp. 94–102, Mar. 2007.
[42] A. Satoh, S. Morioka, K. Takano, and S. Munetoh, “A compact Rijndael hardware architecture with S-box optimization”, in ASIACRYPT 2001. 2001, vol. 2248 of LNCS, pp. 239–254, Springer-Verlag.
[43] I. Verbauwhede, P. Schaumont, and H. Kuo, “Design and performance testing of a 2.29-GB/s Rijndael processor”, IEEE Jour. of Solid-State Circuits, vol. 38, no. 3, pp. 569–572, Mar. 2003.
[44] C.-P. Su, T.-F. Lin, C.-T. Huang, and C.-W. Wu, “A high-throughput low-cost AES processor”, IEEE Communications Magazine, vol. 41, no. 12, pp. 86–91, Dec. 2003.
[45] Simon Stanley, Security Processors, Feb. 2003.
[46] Intel Corporation, “Intel IXP2850 network processor product brief”, http://www.intel.com/, 2003.
[47] J. L. Hennessy and D. A. Patterson, Computer Architecture: A Quantitative Approach, Morgan
Kaufmann, San Francisco, CA, second edition, 1996.
[48] P. Chodowiec, P. Khuon, and K. Gaj, “Fast implementations of secret-key block ciphers using
mixed inner- and oouter-round pipelining”, in Proc. Int’l Symp. on Field Programmable Gate Arrays, Monterey, CA, Feb. 2001, pp. 94–102.
[49] M. Alam, W. Badawy, and G. Jullien, “A novel pipelined threads architecture for AES encryption
algorithm”, in Proc. IEEE Int’l Conf. Application-Specific Systems, Architectures, and Processors, San Jose, CA, July 2002, pp. 296–302.
[50] D. Carlson, D. Brasili, A. Hughes, A. Jain, T. Kiszely, P. Kodandapani, A. Vardharajan, T. Xanthopoulos, and V. Yalala, “A high performance SSL IPSEC protocol aware security processor”, in Proc. IEEE Int’l Solid-State Cir. Conf. (ISSCC), San Francisco, CA, Feb. 2003,
pp. 142–483.
[51] K. U. Jarvinen, M. T. Tommiska, and J. O. Skytta, “A fully pipelined memoryless 17.8 Gbps AES-128 encryptor”, in Proc. Int’l Symp. on Field-Programmable Gate Arrays (FPGA), Monterey, 2003, pp. 207–215, ACM Press.
[52] A. Hodjat and I. Verbauwhede, “Minimum area cost for a 30 to 70 Gbits/s AES processor”, in Proc. IEEE Computer Society Annual Symp., Lafayette, Louisiana, Feb. 2004, pp. 83–88.
[53] E. J. Swankoski, R. R. Brooks, V. Narayanan, M. Kandemir, and M. J. Irwin, “A parallel architecture for secure FPGA symmetric encryption”, in Proc. 18th Int’l Parallel and Distributed Processing Symp., Santa Fe, New Mexico, Apr. 2004, p. 132.
[54] M.-Y. Wang, C.-P. Su, C.-L. Horng, C.-W. Wu, and C.-T. Huang, “Single- and multi-core configurable AES architectures for flexible security”, IEEE Trans. on VLSI Systems, 2008 (accepted).
[55] M. Neve, E. Peeters, D. Samyde, and J.-J. Quisquater, “Memories: A survey of their secure uses in smart cards”, in Proc. IEEE Int’l Security in Storage Workshop, Washington, DC, Oct. 2003, pp. 62–72.
[56] P. P. Pande, C. Grecu,M. Jones, A. Ivanov, and R. Saleh, “Performance evaluation and design trade-offs for network-on-chip interconnect architectures”, IEEE Trans. on Computers, vol. 54, no. 8, pp. 1025–1040, Aug. 2005.
[57] H. Matsutani, M. Koibuchi, Y. Yamada, A. Jouraku, and H. Amano, “Non-minimal routing strategy for application-specific networks-on-chips”, in Proc. Int’l Conf. on Parallel Processing, June 2005, pp. 273–280.
[58] S. Kumar, A. Jantsch, J.-P. Soininen, M. Forsell, M. Millberg, J. Oberg, K. Tiensyrja, and A. Hemani, “A network on chip architecture and design methodology”, in Proc. IEEE Computer Society Annual Symp. on VLSI, Pittsburgh, PA, Apr. 2002, pp. 105–112.
[59] J. Hu and R. Marculescu, “DyAD—smart routing for networks-on-chip”, Technical report, ECE Dept., Carnegie Mellon Univ., Pittsburgh, PA, Apr. 2004.
[60] M. B. Taylor, J. Kim, J.Miller, D.Wentzlaff, F. Ghodrat, B. Greenwald, H. Hoffman, P. Johnson,
W. Lee, A. Saraf, N. Shnidman, V. Strumpen, S. Amarasinghe, and A. Agarwal, “A 16-issue multiple-program-counter microprocessor with point-to-point scalar operand network”,
in Proc. IEEE Int’l Solid-State Cir. Conf. (ISSCC), Feb. 2003, pp. 170–171, 1.
[61] S. Vangal, J. Howard, G. Ruhl, S. Dighe, H. Wilson, J. Tschanz, D. Finan, P. Iyer, A. Singh, T. Jacob, S. Jain, S. Venkataraman, Y. Hoskote, and N. Borkar, “An 80-tile 1.28TFLOPS network-on-chip in 65nm CMOS”, in Proc. IEEE Int’l Solid-State Cir. Conf. (ISSCC), Feb. 2007, pp. 98–589.
[62] S. Bell, J. Amann B. Edwards, R. Conlin, K. Joyce, V. Leung, J. MacKay, M. Reif, L. Bao, J. Brown, M. Mattina, C.-C. Miao, C. Ramey, D.Wentzlaff,W. Anderson, E. Berger, N. Fairbanks, D. Khan, F. Montenegro, J. Stickney, and J. Zook, “TILE64 processor: A 64-core SoC with mesh interconnect”, in Proc. IEEE Int’l Solid-State Cir. Conf. (ISSCC), Feb. 2008, pp. 88–598.
[63] M.-Y. Wang and C.-W. Wu, “A mesh-structured scalable IPsec processor”, IEEE Trans. on VLSI Systems, 2009 (accepted).
[64] M. Han, J. Kim, and S. Sohn, “Network processor architecture for IPSec”, in Proc. 6th
Int’l Conf. on Advanced Communication Technology, Phoenix Park, Korea, Feb. 2004, pp. 485–487.
[65] Y.-N. Lin, C.-H. Lin, Y.-D. Lin, and Y.-C. Lai, “VPN gateways over network processors: Implementation and evaluation”, in Proc. 11th IEEE Real Time and Embedded Technology and Applications Symp., San Francisco, CA, Mar. 2005, pp. 480–486.
[66] S.-W. Lee, Y.-S. Jeon, K.-Y. Kim, and J.-S. Jang, “Implementation of VPN router hardware platform using network processor”, in Proc. 8th Int’l Conf. on Advanced Communication Technology, Phoenix Park, Korea, Feb. 2006, pp. 671–674.
[67] L. Wu, C. Weaver, and T. Austin, “CryptoManiac: A fast flexible architecture for secure communication”, in Proc. 28th Ann. Int’l Symp. on Computer Architecture, 2001, pp. 110–119.
[68] Z. Ahmed, M. M. Rahmatullah, and H. Jamal, “Security processor for bulk encryption”, in Proc. 16th Int’l Conf. on Microelectronics, Tunis, Tunisia, Dec. 2004, pp. 446–449.
[69] A. Hodjat and I. Verbauwhede, “High-throughput programmable cryptocoprocessor”, IEEE Micro, vol. 24, no. 3, pp. 34–45, May/Jun. 2004.
[70] P. Bellows, J. Flidr, T. Lehman, B. Schott, and K. D. Underwood, “GRIP: A reconfigurable architecture for host-based gigabit-rate packet processing”, in Proc. 10th IEEE Symp. on Field-Programmable Custom Computing Machines, Napa, CA, Apr. 2002, pp. 121–130.
[71] O. Y. H. Cheung and P. H. W. Leong, “Implementation of an FPGA based accelerator for virtual private networks”, in Proc. IEEE Int’l Conf. on Field-Programmable Technology, Hong Kong, Dec. 2002, pp. 34–41.
[72] J. Lu and J. Lockwood, “IPSec implementation on Xilinx Virtex-II Pro FPGA and its application”,
in Proc. 19th IEEE Int’l Parallel and Distributed Processing Symp., Denver, CO, Apr. 2005, pp. 158b–158b.
[73] Y. Hasegawa, S. Abe, H. Matsutani, H. Amano, K. Anjo, and T. Awashima, “An adaptive cryptographic accelerator for IPsec on dynamically reconfigurable processor”, in Proc. IEEE Int’l Conf. on Field-Programmable Technology, Singapore, Dec. 2005, pp. 163–170.
[74] C.-S. Ha, J. H. Lee, D. S. Leem,M.-S. Park, and B.-Y. Choi, “ASIC design of IPSec hardware accelerator for network security”, in Proc. 4th IEEE Asia-Pacific Conf. on Advanced System Integrated Circuits (AP-ASIC), Fukuoka, Aug. 2004, pp. 168–171.
[75] PMC-Sierra, System Packet Interface Level 3: OC-48 System Interface for Physical and Link Layer Devices, The Optical Internetworking Forum, 2000, http://www.oiforum.com.
[76] D. Harkins and D. Carrel, The Internet Key Exchange (IKE), IETF NetworkWorking Group, 1998, RFC 2409.