Java cryptography on KVM and its performance and security optimization using HW/SW co-design techniques

  • Authors:

  • Yusuke Matsuoka;Patrick Schaumont;Kris Tiri;Ingrid Verbauwhede

  • Affiliations:

  • University of California, Los Angeles, CA;University of California, Los Angeles, CA;University of California, Los Angeles, CA;University of California, Los Angeles, CA

  • Venue:
  • Proceedings of the 2004 international conference on Compilers, architecture, and synthesis for embedded systems
  • Year:
  • 2004

Quantified Score

Hi-index 0.00

Visualization

Abstract

This paper describes a design approach to include and optimize Java based cryptographic applications into resource limited embedded devices.For easy prototyping and to be platform independent, the security applications are first developed in Java. Two Java cryptographic libraries, the Bouncy Castle API and the IAIK API are ported to a real embedded device for cost and performance evaluation. It requires 0.88Mbytes to 1.2Mbytes in the KVM footprint size and a few milliseconds to run secret key algorithms and message digests on a typical embedded device.In a second step, the performance critical components of the security applications are moved to hardware acceleration units. The GEZEL design environment is used for the hardware modeling and the co-simulation between software on KVM and the hardware co-processor. Moving the AES algorithm from the SH3-DSP microprocessor to a hardware co-processor shows a performance gain of 10.4x including the overhead in Java, C, and hardware interfaces.Then in a third step, the security critical components are realized by means of a special dynamic differential logic (DDL) style, which makes the secure modules resistant against side channel attacks. All key related actions and cryptographic algorithms are restricted to the secure co-processor. The overall performance gain is 25x compared to a pure Java implementation.