Article

Improving DES coprocessor throughput for short operations

Authors:

Mark Lindemann,

Sean W. SmithAuthors Info & Claims

SSYM'01: Proceedings of the 10th conference on USENIX Security Symposium - Volume 10

Article No.: 6

Published: 13 August 2001 Publication History

Abstract

Over the last several years, our research team built a commercially-offered secure coprocessor that, besides other features, offers high-speed DES: over 20 megabytes/second. However, it obtains these speeds only on operations with large data lengths. For DES operations on short data (e.g., 8-80 bytes), our commercial offering was benchmarked at less than 2 kilobytes/second. The programmability of our device enabled us to investigate this issue, identify and address a series of bottlenecks that were not initially apparent, and ultimately bring our short-DES performance close to 3 megabytes/second. This paper reports the results of this real-world systems exercise in hardware cryptographic acceleration--and demonstrates the importance of, when designing specialty hardware, not overlooking the software aspects governing how a device can be used.

References

[1]

{1} D.G. Abraham, G.M. Dolan, G.P. Double, J.V. Stevens. "Transaction Security Systems." IBM Systems Journal. 30: 206-229. 1991.

Digital Library

Google Scholar

[2]

{2} J. Dyer, R. Perez, S.W. Smith, M. Lindemann. "Application Support Architecture for a High-Performance, Programmable Secure Coprocessor." 22nd National Information Systems Security Conference. October 1999.

Google Scholar

[3]

{3} N. Itoi. "Secure Coprocessor Integration with Kerberos V5." USENIX Security Symposium 2000.

Digital Library

Google Scholar

[4]

{4} C. S. Jutla. Encryption Modes with Almost Free Message Integrity. Draft Research Report, IBM T.J. Watson Research Center, July 2000.

Digital Library

Google Scholar

[5]

{5} U. Mattsson, Personal communication, Protegrity Inc. Publication Performance Report on Secure Coprocessors, 1999.

Google Scholar

[6]

{6} National Institute of Standards and Technology. Security Requirements for Cryptographic Modules. Federal Information Processing Standards Publication 140-1, 1994.

Google Scholar

[7]

{7} C. Smith. Performance Engineering of Software Systems. Addison-Wesley, 1990.

Digital Library

Google Scholar

[8]

{8} S.W. Smith, D. Safford. "Practical Server Privacy Using Secure Coprocessors." IBM Systems Journal, to appear.

Digital Library

Google Scholar

[9]

{9} S.W. Smith, S.H. Weingart. "Building a High-Performance, Programmable Secure Coprocessor." Computer Networks (Special Issue on Computer Network Security.) 31: 831-860. April 1999.

Digital Library

Google Scholar

Cited By

View all

Lee MKim EYousif M(2005)Security Enhancement in InfiniBand ArchitectureProceedings of the 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS'05) - Papers - Volume 0110.1109/IPDPS.2005.396Online publication date: 4-Apr-2005
https://dl.acm.org/doi/10.1109/IPDPS.2005.396
Petroni NFraser TMolina JArbaugh W(2004)Copilot - a coprocessor-based kernel runtime integrity monitorProceedings of the 13th conference on USENIX Security Symposium - Volume 1310.5555/1251375.1251388(13-13)Online publication date: 13-Aug-2004
https://dl.acm.org/doi/10.5555/1251375.1251388
Mogul J(2003)TCP offload is a dumb idea whose time has comeProceedings of the 9th conference on Hot Topics in Operating Systems - Volume 910.5555/1251054.1251059(5-5)Online publication date: 18-May-2003
https://dl.acm.org/doi/10.5555/1251054.1251059
Show More Cited By

Index Terms

Improving DES coprocessor throughput for short operations

Recommendations

Improving DES coprocessor throughput for short operations
SSYM'01: Proceedings of the 10th conference on USENIX Security Symposium - Volume 10

Over the last several years, our research team built a commercially-offered secure coprocessor that, besides other features, offers high-speed DES: over 20 megabytes/second. However, it obtains these speeds only on operations with large data lengths. ...
FPGA implementation and performance evaluation of a high throughput crypto coprocessor

This paper describes the FPGA implementation of FastCrypto, which extends a general-purpose processor with a crypto coprocessor for encrypting/decrypting data. Moreover, it studies the trade-offs between FastCrypto performance and design parameters, ...
Image Coprocessor: A Real-Time Approach Towards Object Tracking
ICDIP '09: Proceedings of the International Conference on Digital Image Processing

Real time object tracking finds its applications in diverse fields. An online embedded system for image tracking should be fast, accurate, robust and efficient. This paper presents a hardware based architecture and implementation of an Image Coprocessor ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

SSYM'01: Proceedings of the 10th conference on USENIX Security Symposium - Volume 10

August 2001

350 pages

Publisher

USENIX Association

United States

Publication History

Published: 13 August 2001

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
8
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 13 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Lee MKim EYousif M(2005)Security Enhancement in InfiniBand ArchitectureProceedings of the 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS'05) - Papers - Volume 0110.1109/IPDPS.2005.396Online publication date: 4-Apr-2005
https://dl.acm.org/doi/10.1109/IPDPS.2005.396
Petroni NFraser TMolina JArbaugh W(2004)Copilot - a coprocessor-based kernel runtime integrity monitorProceedings of the 13th conference on USENIX Security Symposium - Volume 1310.5555/1251375.1251388(13-13)Online publication date: 13-Aug-2004
https://dl.acm.org/doi/10.5555/1251375.1251388
Mogul J(2003)TCP offload is a dumb idea whose time has comeProceedings of the 9th conference on Hot Topics in Operating Systems - Volume 910.5555/1251054.1251059(5-5)Online publication date: 18-May-2003
https://dl.acm.org/doi/10.5555/1251054.1251059
Burnside MKeromytis ARomanow AMogul J(2003)High-speed I/OProceedings of the ACM SIGCOMM workshop on Network-I/O convergence: experience, lessons, implications10.1145/944747.944756(220-227)Online publication date: 25-Aug-2003
https://dl.acm.org/doi/10.1145/944747.944756
Smith SSafford D(2001)Practical server privacy with secure coprocessorsIBM Systems Journal10.1147/sj.403.068340:3(683-695)Online publication date: 1-Mar-2001
https://dl.acm.org/doi/10.1147/sj.403.0683

Abstract

References

Cited By

Index Terms

Recommendations