Scalable and Efficient Hardware Architectures for Authenticated Encryption in IoT Applications

Abstract

Internet of Things (IoT) is a key enabling technology, wherein sensors are placed ubiquitously to collect and exchange information with their surrounding nodes. Due to the inherent inter-connectivity, IoT devices are vulnerable to cyber-security attacks. To mitigate these vulnerabilities, cryptographic primitives can be employed, but they require significant computation, which restricts their adoption in IoT. Moreover, IoT systems have diverse requirements, ranging from high-throughput to the area constrained. This makes it hard to deploy appropriate security measures in a systematic manner. To address these issues, three generic implementation strategies (unrolled, round-based, and serialized) are proposed for developing highly efficient hardware architectures. They are applicable to all authenticated encryption schemes, and are lightweight and fast, compared to conventional public key encryption. In this paper, Ascon is implemented as an example based on those three strategies. (1) The unrolled architecture achieves throughput (TP) of 766.9 Mbps (Ascon-128) and 1389.2 Mbps (Ascon-128a), which are suitable for high-throughput IoT applications. (2) The round-based architecture achieves 0.153 (Ascon-128) and 0.244 (Ascon-128a) throughput-to-area ratio, which are respectively 73.8% and 40.2% better than state-of-the-art results. (3) A novel serialized implementation technique is proposed wherein the substitution-box (S-box) is processed in multiple-bit-per-cycle, in contrast to the conventional one-bit-per-cycle approach. The throughput of the two-bits-per-clock-cycle implementation is increased by 230.8% with only 36.8% additional hardware area. The proposed strategies allow us to scale the number of rounds (round-based) and bits-per-clock-cycle (serialized) to meet differing requirements in throughput and area which are demonstrated for smart city IoT applications. IEEE