In this Product How-To article , TI’s Carlos Betancourt and Greg Turner describe how the hardware accelerated cryptography modules built in to the company’s ARM-based Sitara processor family can be used to accelerate compute-intensive cryptographic algorithms and offload those tasks from the ARM core which can then devote the additional headroom to performance of real-time deterministic control functions.
In 2010, an estimated 8.6 million households had at least one person who experienced identity theft victimization, according to the Bureau of Justice Statistics. The list of security risks continues to grow when adding hacking, phishing, malware and viruses. In today’s hyper-connected world, the opportunities to be victimized by a scam or theft are a mouse click or a tap on a touch screen away. Important personal and confidential information is placed on the Internet and sent across wireless connections constantly by millions of people every day.
From personal computers to wireless mobile devices and even embedded processors deployed in a myriad of end user applications such as industrial controls, residential automation and home entertainment centers, technology has enhanced user experiences. It has also heightened the issue of security.
Failing to incorporate the proper security measures into a new product can cause its demise in the marketplace. Moreover, how security is implemented is often just as crucial to a product’s success. Many manufacturers utilize cryptography for security but the processing of complex cryptographic algorithms can be taxing for many processors, making the device or system seem unresponsive and sluggish.
Manufacturers must manage the tradeoffs: How to deploy the level of security needed to reassure users without slowing down the device to the point where the user experience is affected?
Many of manufactures have opted to move the cryptographic processing to their product’s hardware. Accelerating cryptographic processing in hardware instead of performing these algorithms entirely in software ensures that security measures do not get in the way of an engaging and satisfying user experience.
On the most basic level, cryptography is concerned with encoding or encrypting communications to keep the meaning hidden from everyone except those who are authorized of decoding or decrypting it. As such, cryptography involves a set of communication protocols often based on higher order mathematics. On one side of a communication channel, data is encrypted before it is transmitted. The receiving end will possess the decrypting algorithms so the data can be transformed back into a readily understandable form .
In symmetric-key cryptography, for instance, both the sender and the receiver have the same key, referred to as “private” key, which is used for encrypting and decrypting a message (Figure 1 below ). This private key must be kept secret to prevent others from being able to decrypt the message. The term “symmetric” is used because both ends use the same exact key. The problem with this scheme is delivering the private key to the receiver securely.
Click on image to enlarge.
Asymmetric-key cryptography, on the other hand, uses a pair of keys that are mathematically related in such a way that information can be encrypted with a key and decrypted with the other. However, one key cannot be created from the other. The key pair consists of a private key that must be kept secret and a “public” key that can be distributed widely.
There are two main uses of asymmetric key cryptography, Encryption (Figure 2 below, top ) and Authentication (Figure 2, below, bottom ). With public encryption a message can be encrypted with a public key and transmitted over to the owner of the private key. Only the holder of the private key will be able to decrypt the original message. Authentication can be achieved by encrypting a message with a sender’s private key.
Receivers who possess the corresponding sender’s public key will be able to decrypt the message and therefore know that the message is authentic because only the owner of the private key could have encrypted. Encryption and Authentication can even be combined. The sender can encrypt a message first with the receiver’s public key and then with the sender’s private key.
Click on image to enlarge.
Click on image to enlarge.
The receiver will use the sender’s public key to authenticate the message first, and then the receiver’s private key to decrypt the message. It is worth mentioning that public keys can be verified by a trusted third party to assure the user of the key that it is from the intended owner. A verified public key is called a “certificate.” Verisign is the best known certificate authority.
In contemporary computer and communication systems, cryptography is employed to secure data and achieve four purposes:
1. Confidentiality – Data is protected by hiding its meaning, often within nonsensical data.
2. Authentication – The person or party providing the data, document or content has been verified.
3. Data integrity – When data is received, the receiver is assured that the data has not been tampered with or changed.
4. Non-repudiation – When an individual takes responsibility for an action, such as a commitment to purchase something, that commitment cannot be denied or repudiated at a later time.
These different purposes for data security figure prominently in a wide variety of end user applications deployed extensively all over the world, including Web browsing, e-commerce, secure wireless communication links, virtual private networks (VPN) and many others.
Building on security
Many embedded systems are based on the Linux open source operating system and there are a number of specialized security frameworks that can be implemented in Linux systems. In addition, several open source cryptographic algorithms will plug into these security frameworks and provide them with cryptographic capabilities. Here are a few:
1. Specialized security frameworks . Some of the most prevalent open source security frameworks include the following:
* OpenSSL – Implements two secure communications protocols, the Transport Layer Security (TLS) and Secure Socket Layer (SSL) protocols.
* WPA Supplicant – Implements the IEEE 802.11i security mechanisms for wireless local area networks (Wi-Fi).
* Dropbear – Implements a secure server and client.
* OpenSSH – Implements a secure server, client and file transfer protocol (FTP) server.
* OCF-Linux – Implements a cryptographic framework and an application programming interface (API) that eases development with high-level cryptographic software.
2. Cryptographic algorithms. Some of the common cryptographic algorithms which are integrated into security applications are the following:
* Data Encryption Standard (DES) – The DES encryption algorithm was developed in the 1970s. Although it has been widely deployed over the years, it has subsequently been superseded by other algorithms.
* 3Data Encryption Standard (3DES) – 3DES performs DES encryption three times to strengthen the protection of the encrypted data and overcome some of vulnerabilities of the DES algorithm.
* Advanced Encryption Standard (AES) – AES is one of the most advanced cryptographic algorithms in widespread use today.
3. Hashing functions. Another type of cryptographic algorithm is known as “hashing” or a “hash function.” A hash function is applied to data to create a hash value or “digest”. Surreptitious or accidental changes to the data will change the hash value.
Hashing is particularly useful in certain cryptographic operations such as digital signatures, data integrity, non-repudiation, message authentication and other forms of authentication. Several hashing algorithms have been standardized and are in common use today, including the following:
* Message Digest Algorithm (MD5) – Although this hashing function has been widely deployed, it has certain vulnerabilities in some applications.
* Secure Hash Algorithm (SHA) – SHA has gone through several generations, the strongest of which is a 256-bit function.
4. Random number generators . Another important aspect of many security applications is a random number generator. Random numbers are used by several of the functions which comprise a security subsystem, including encryption algorithms and hashing functions.
It should be noted that random numbers generated in software are not always true random numbers. Hardware-generated random numbers are more often truly random.
5. Hardware acceleration vs. software execution. How and where cryptographic algorithms are processed is another important consideration for developers. Saddling the system’s main CPU with the burden of processing computationally-intense cryptographic code will siphon processing cycles away from the system’s user applications and possibly detract from the user experience.
Some embedded processors, such as several of TI’s Sitara devices , have been equipped with hardware-based accelerators dedicated to cryptographic processing.
These specialized accelerators offload the bulk of the cryptographic processing from the system’s CPU so that the CPU’s processing bandwidth is retained for end user application processing. As a result, the overall throughput of the system is optimized.
Moving cryptography from software to hardware
Last year, manufacturers started to create processors that have hardware-based accelerators on it. These hardware accelerators operate separately from the ARM core so that when cryptographic security processing is required, it does not steal processing cycles away from the ARM core. Thus, almost all of the cryptographic processing is offloaded from the ARM to distinct security accelerators elsewhere in the hardware.
This offloads the processing of computationally-intense security algorithms from the ARM core, retaining processing cycles on the ARM for those tasks it is particularly well suited to perform, such as operating system housekeeping tasks, the user interface, graphics, the Wi-Fi wireless communications stack, control software and most application software. (Figure 3, below ).
This shift to a more effective method of cryptographic processing has been accomplished seamlessly and in a manner that is transparent to developers. When executing security algorithms in the past, the ARM core would call a security API, and the required algorithm would be processed on the ARM.
Now, with separate hardware-based security accelerators, the ARM still calls the same security API, but the subsequent processing of the security algorithm now takes place on the distinct hardware accelerator module, not on the ARM.
Since the ARM acts in the same way with regards to the security API, shifting cryptographic processing from the ARM to a separate hardware module has limited effects on the rest of the system’s software.
One approach to implementing hardware-based cryptographic acceleration is to use OCF-Linux. OCF-Linux is a Linux port of the OpenBSD/FreeBSD Cryptographic Framework (OCF) which brings hardware cryptographic acceleration to the Linux kernel and applications.
ARM processor manufacturers can develop low-level device drivers that program the hardware accelerators to perform the supported cryptographic algorithms and use OCF-Linux to abstract an API to higher-level applications such as OpenSSL.
OpenSSL in turn exposes the standard API for cryptography to end-user applications. This typical software stack is shown in Figure 2. In fact, this hardware accelerated implementation can be precluded by a software-only implementation that makes it transparent to end user applications. OpenSSL contains software-only implementations of the various cryptographic algorithms, which as mentioned previously, run in the ARM and consume cycles.
Developers can therefore start by using OpenSSL and use its standard API to implement their end user applications; this would comprise the top two layers in the software stack in Figure 4 below . Subsequently, by adding the OCF-Linux and ARM processor crypto module layers that leverage the silicon hardware accelerators, developers can migrate to a hardware-accelerated cryptographic implementation.
Note that such migration would be transparent to end user applications since they continue to use the same standard OpenSSL API, the only difference is that OpenSSL will now re-direct execution down to the OCF-Linux layer.
Tests have demonstrated that hardware-based cryptographic acceleration of OpenSSL can lower the CPU utilization by as much as 50 percent. This has far reaching effects on the ARM core’s processing bandwidth.
In fact, developers might contemplate utilizing this newfound processing headroom for enhancing the user experience with exciting application features that previously could not be supported.
Making a difference
Differentiating features or capabilities which make a product stand out in the marketplace can come from various sources. Top-notch cryptographic security protection might distinguish one system. Another might receive a lot of buzz for an enhanced user application or feature not found on competing products.
The hardware-based cryptographic acceleration on ARM processors makes both of these possibilities probable. In all likelihood, cryptographic algorithms will execute more effectively when they are processed by a hardware module dedicated to security rather than being processes as just another piece of software running on the system’s main CPU.
Offloading the cryptographic processing from the ARM core also gives developers the processing headroom they need to create the next great enhancement the market is looking for. Both the user and the manufacturer end up as winners.
 “Network Security with OpenSSL,” John Viega, Matt Messier, Pravir Chandra. O'Reilly Media, Inc., June 17, 2002
Carlos Betancourt is a Sitara ARM processor product marketing manager at Texas Instruments (TI). He manages Sitara product lines with responsibilities that include marketing, external communications, new product definition and business development. He joined TI in 1999 and has had various roles in applications and systems engineering within TI's Wireless, Analog and Embedded Processing business units. Carlos received a B.S and M.S degree in Electrical Engineering from the University of Texas at El Paso.
Greg Turner is a member of the Applications Development team for Sitara ARM processor at Texas Instruments . He is responsible for the cryptographic applications that are part of the Sitara Software Development Kit (SDK). Since 2000, he has had various roles in software development for TI's Wireless and Embedded Processing business units. Greg received a B.S. and M.S degree in Electrical Engineering from the University of Texas at Arlington.