Design of an Integrated Cryptographic SoC Architecture for Resource-Constrained Devices

Abstract

One of the active research areas in recent years that has seen researchers from numerous related fields converging and sharing ideas and developing feasible solutions is the area of hardware security. The hardware security discipline deals with the protection from vulnerabilities by way of physical devices such as hardware firewalls or hardware security modules rather than installed software programs. These hardware security modules use physical security measures, logical security controls, and strong encryption to protect sensitive data that is in transit, in use, or stored from unauthorized interferences. Without mechanisms to circumvent the ever-evolving attacking strategies on hardware devices and the data that they process or store, billions of dollars will always be lost to attackers who ply their trade by targeting such vulnerable devices. This paper, therefore, proposes an integrated cryptographic SoC architecture solution to this menace. The proposed architecture provides security by way of key exchange, management, and encryption. The proposed architecture is based on a True Random Number generator core that generates secret keys that are used in Elliptic Curve Diffie-Hellman Key Exchange to perform elliptic curve scalar multiplication to obtain public and shared keys after the exchange of the public keys. The proposed architecture further relies on a Key Derivation Function based on the CubeHash algorithm to obtain Derived Keys that provide the needed security using the ChaCha20_Poly1305 Authenticated Encryption with Associated (AEAD) Data Core. The proposed Integrated SoC architecture is interconnected by AMBA AHB-APB on-chip bus and the system is scheduled and controlled using the PicoRV32 opensource RISC-V processor. The proposed architecture is tested and verified on the Virtex-4 FPGA board using a custom-designed GUI desktop application.