Boost MCU security AND performance with hardware accelerated crypto

Carlos Betancourt and Greg Turner, Texas Instruments

April 11, 2012

Carlos Betancourt and Greg Turner, Texas Instruments

Moving cryptography from software to hardware
Last year, manufacturers started to create processors that have hardware-based accelerators on it. These hardware accelerators operate separately from the ARM core so that when cryptographic security processing is required, it does not steal processing cycles away from the ARM core. Thus, almost all of the cryptographic processing is offloaded from the ARM to distinct security accelerators elsewhere in the hardware.

This offloads the processing of computationally-intense security algorithms from the ARM core, retaining processing cycles on the ARM for those tasks it is particularly well suited to perform, such as operating system housekeeping tasks, the user interface, graphics, the Wi-Fi wireless communications stack, control software and most application software. (Figure 3, below).

This shift to a more effective method of cryptographic processing has been accomplished seamlessly and in a manner that is transparent to developers. When executing security algorithms in the past, the ARM core would call a security API, and the required algorithm would be processed on the ARM.

Now, with separate hardware-based security accelerators, the ARM still calls the same security API, but the subsequent processing of the security algorithm now takes place on the distinct hardware accelerator module, not on the ARM.

Since the ARM acts in the same way with regards to the security API, shifting cryptographic processing from the ARM to a separate hardware module has limited effects on the rest of the system’s software.

One approach to implementing hardware-based cryptographic acceleration is to use OCF-Linux. OCF-Linux is a Linux port of the OpenBSD/FreeBSD Cryptographic Framework (OCF) which brings hardware cryptographic acceleration to the Linux kernel and applications.

ARM processor manufacturers can develop low-level device drivers that program the hardware accelerators to perform the supported cryptographic algorithms and use OCF-Linux to abstract an API to higher-level applications such as OpenSSL.

OpenSSL in turn exposes the standard API for cryptography to end-user applications. This typical software stack is shown in Figure 2. In fact, this hardware accelerated implementation can be precluded by a software-only implementation that makes it transparent to end user applications. OpenSSL contains software-only implementations of the various cryptographic algorithms, which as mentioned previously, run in the ARM and consume cycles.

Developers can therefore start by using OpenSSL and use its standard API to implement their end user applications; this would comprise the top two layers in the software stack in Figure 4 below. Subsequently, by adding the OCF-Linux and ARM processor crypto module layers that leverage the silicon hardware accelerators, developers can migrate to a hardware-accelerated cryptographic implementation.

Note that such migration would be transparent to end user applications since they continue to use the same standard OpenSSL API, the only difference is that OpenSSL will now re-direct execution down to the OCF-Linux layer.

Tests have demonstrated that hardware-based cryptographic acceleration of OpenSSL can lower the CPU utilization by as much as 50 percent. This has far reaching effects on the ARM core’s processing bandwidth.

In fact, developers might contemplate utilizing this newfound processing headroom for enhancing the user experience with exciting application features that previously could not be supported.

Making a difference
Differentiating features or capabilities which make a product stand out in the marketplace can come from various sources. Top-notch cryptographic security protection might distinguish one system. Another might receive a lot of buzz for an enhanced user application or feature not found on competing products.

The hardware-based cryptographic acceleration on ARM processors makes both of these possibilities probable. In all likelihood, cryptographic algorithms will execute more effectively when they are processed by a hardware module dedicated to security rather than being processes as just another piece of software running on the system’s main CPU.

Offloading the cryptographic processing from the ARM core also gives developers the processing headroom they need to create the next great enhancement the market is looking for. Both the user and the manufacturer end up as winners.

References
[1] “Network Security with OpenSSL,” John Viega, Matt Messier, Pravir Chandra. O'Reilly Media, Inc., June 17, 2002

Carlos Betancourt is a Sitara ARM processor product marketing manager at Texas Instruments (TI). He manages Sitara product lines with responsibilities that include marketing, external communications, new product definition and business development. He joined TI in 1999 and has had various roles in applications and systems engineering within TI's Wireless, Analog and Embedded Processing business units. Carlos received a B.S and M.S degree in Electrical Engineering from the University of Texas at El Paso.

Greg Turner is a member of the Applications Development team for Sitara ARM processor at Texas Instruments . He is responsible for the cryptographic applications that are part of the Sitara Software Development Kit (SDK). Since 2000, he has had various roles in software development for TI's Wireless and Embedded Processing business units. Greg received a B.S. and M.S degree in Electrical Engineering from the University of Texas at Arlington.