面向云计算的性能与功耗可配置安全终端技术研究

【作者】 黄伟；

【导师】 韩军； 曾晓洋；

【作者基本信息】 复旦大学 ， 微电子学与固体电子学， 2011， 硕士

【摘要】 随着”云计算”概念的提出以来,云计算及其相关的应用现在已经取得了蓬勃发展。云计算的核心思想是将网络连接的计算资源由”云”的提供商统一管理和调度,根据用户的需求来分配计算力,存储空间等服务。基于此,面向云计算的安全终端需要能够提供大数据量加解密的能力,另外,由于”云”具有超强的计算能力,对当前现有的安全密码强度是一个巨大的挑战,安全终端也需要提高各种密码算法现有的安全强度,增大密钥的长度,使其能够具有很好的灵活性去处理更长密钥的算法。然而作为终端,除了达到所必须的性能要求外,功耗也是设计考虑中非常重要的因素,以延长终端工作的时间。本论文通过对云计算终端进行需求分析,从两方面入手,提出相应的解决方案：本文首先设计了一个应用于安全领域ASIP,进而对此ASIP进行扩展提出了VLIW结构的高性能安全处理器SophSEC,用于支持常见的当前三大类密码算法：对称,哈希和公钥算法。然后,本论文分析了当前常见的多核互联架构,提出了共享总线的SoC安全平台和基于片上网络的NoC安全平台。其中SoC平台集成了MIPS,数据封装处理器PP及多个安全处理器SophSEC,采用AMBATMAHB总线进行互联,以达到较高性能与较小的面积功耗开销,适用于较小型的安全终端,如手持终端或移动终端等；而NoC平台应用Mesh互联网络集成多个MIPS及SophSEC处理器以达到高性能密码算法处理的要求,适用于较大型的安全终端,如家庭网关,无线AP等。为了验证本论文所设计的安全终端,安全处理器SophSEC及SoC平台已经过SMIC 0.13μm CMOS工艺流片,NoC平台经过Mentor公司的硬件仿真仪进行实现和验证,并采用synopsys公司的Design Compiler进行了逻辑综合。经测试表明,所设计的SoC平台面积为321.5K等效与非门,对AES-128, SMS4,SHA-1,RSA-1024算法以及CCMP协议的性能分别达到了564Mbps,212Mbps, 256Mbps,19Kbps和131Mbps,功耗为325mW@100M Hz。NoC平台面积为3.08M等效与非门,对AES-128, SMS4, SHA-1和RSA-1024算法的性能分别为3.54Gbps,2.08Gbps,1.64Gbps和66.7KbpS。所设计的平台达到了预期的指标,在实现高性能的数据加解密处理的前提下,同时具有性能功耗可配置且便于扩展的优点,十分适用于面向云计算的安全终端,具有很好的应用前景。更多还原

【Abstract】 Along with concept of the "Cloud Computing", Cloud computing and its relative applications has achieved vigorous development. The key thought of the cloud computing is that a good deal of computing resource connected by network is managed and dispatched uniformly by provider, and distribute the computing resource according to users’ demand. Based on this thought, cloud computing-oriented security terminals must have the ability to encrypt and decrypt massive data. In addition, current safe cryptography intensity confronts a big challenge because of the strong computing ability of cloud. The cloud computing-oriented termainals need to improve the current security intensity for various cryptography algorithms, and increase the key-length, which demands the high-level security calcation for terminals. What’s more, as a terminal, especial for a mobile one, power comsuption is very important factor in the design except for the performance requirement. Security terminals must try to reduce the power consumption to extend the working hours.Based on the analysis of cloud computing-oriented terminals requirements, our paper proposes a high efficiency hardware design to support the demands of the security terminals. Firstly, we propose a security domain application specific instruction set processor (ASIP), and based on this ASIP, we give an extended VLIW AS IP, SophSEC, with high performance, and it can support three main types of ciphters, symmetric-key algorithms, hash functions, and public-key algorithms. At the same time, we analyze the characteristic of popular multi-core platform:the SoC based on system bus and NoC Platform, and present the hardware design of high efficienty SoC and NoC platform. Here, SoC Platform integrates MIPS, PP and multiple SophSEC, and cores are connected by AMBATM AHB Bus. The SoC Platfomr is used for minitype terminals with reasonable performance and low area cost or power consumption, such as handheld and mobile terminals. And NoC Platfomr integrates multiple MIPSs and SophSECs, and achieves high performance of cryptography algorithms. This platform is used for large-scale terminals, such as domestic gateway or wireless AP.In order to verify the proposed security terminals, the proposed cryptography ASIP, SophSEC, and SoC Platform are implemented into chip by the SMIC 0.13μm standard CMOS technology, and the NoC array is also synthesized by Mentor’s Veloce Solo Emulater and Design Compiler. The testing results indicates that, the SoC platform area is 321.5K equivalent XOR gates, the throughput are 564Mbps, 212Mbps,256Mbps,19Kbps和131Mbps for AES-128, SMS4, SHA-1, RSA-1024 and CCMP respectively, and the chip’s power consumption is 325mW@100M Hz。The NoC area is 3.08M gates, and the throughtput are 3.54Gbps,2.08Gbps,1.64Gbps, and 66.7Kbps for AES-128, SMS4, SHA-1, RSA-1024 respectively。Both platform achieve the target of performance, area and power consumption, and have the ability to support the encryption and decryption for massive data, and has the advantage of performance & power scalability and easy to extend. Our proposed Platforms are very suitable for the cloud computing-oriented security terminal, and also have a good prospective for applications.更多还原