A security coprocessor for next generation IP telephony: Architecture, abstraction, and strategies

In this dissertation, four approaches to improve Voice over Internet Protocol (VoIP) security is proposed. The first two approaches are aimed at encrypting/decrypting and authenticating VoIP packets, whereas the last two approaches are aimed at key exchange and user authentication.;For the second contribution, a high speed, deep-pipelined architecture for AES algorithm based on the composite field approach targeting VoIP applications is proposed. A new algorithm for finding the isomorphic mapping matrix to work for any irreducible polynomial, not only the primitive polynomials, is proposed. Moreover, the modified algorithm is used to find the optimum matrix that gives the minimum delay. The matrix is then used to implement the SubBytes/InvSubBytes transformation using composite fields, which in turn allows us to design a very high speed deep-pipelined architecture. As a result of using the optimized matrix, a processing throughput of 49.401 Gbps is achieved, which is twice as fast as the fastest design introduced before. Another feature of this architecture is the separation of the encryption circuit from the decryption circuit to allow concurrent encryption and decryption, which facilitates full duplex encryption/decryption for VoIP applications.;For the third contribution, a high speed, low area ALU to perform field operations required for cryptographic applications is proposed. Although the proposed architecture works for any cryptographic application, an ECC implementation for VoIP applications is targeted. A processor array design space exploration for GF(2m) multiplier is conducted. This exploration results in different processor array configurations. Among these configurations, the fastest one is chosen since VoIP applications are targeted. The multiplier architecture is then modified to work as a squarer. Based on the multiplier architecture, a unified architecture to calculate addition, multiplication, squaring, and inversion is proposed. The overall area is optimized by using three types of processing elements instead of using a regular processing element everywhere. NIST-recommended irreducible polynomials is used, which makes our design secure and more suitable for cryptographic applications. The proposed architecture is implemented for GF(2 163), GF(2283), and GF(2 571) on a Xilinx XC2V4000-6 device to verify the proposed architecture and measure its performance. A maximum frequency of 264 MHz is achieved, which allows the architecture to calculate GF(2 163) multiplication in 640 ns and inversion in 14.357 mu s..;As a fourth contribution, a high speed ECC architecture based on a high-radix scalar multiplication is proposed. This architecture is optimized for VoIP applications. First, a new high-radix scalar multiplication algorithm is proposed. Then, a merged double-and-add elliptic curve ALU based on the proposed algorithm is designed. The merged double-and-add ALU combines point doubling and adding operations on one architecture, which in turn reduces the critical path delay. The ECC processor utilizes the previously proposed field ALU, which implements addition, squaring, multiplication, and division over GF(2m). A maximum frequency of 253 MHz is achieved, which allows the architecture to calculate GF(2163) scalar multiplication for radix 28 in 9 mus. At a minimum our results for GF(2163), show a speedup ranging from 1:5 to 326 times in comparison to previous FPGA implementations and a speedup ranging from 1:1 to 5:6 times in comparison to previous ASIC implementations.;For the first contribution, a reconfigurable, high throughput hardware implementation for the different block cipher operational modes is proposed. The proposed architecture is unified; and it combines multiple related functions on the same architecture. In other words, it has the ability to encrypt/decrypt a plaintext/ciphertext efficiently using different operational modes. Moreover, it has the ability to ensure data integrity using different operational modes. The proposed architecture is tested using the most widely used block ciphers: DES, TDES, AES-128, AES-192, AES-256, and IDEA. The proposed architecture implementation is analyzed and evaluated by comparing it against other implementations.