IPsec Implementation in Embedded Systems for Partial Recon gurable Platforms




Salman, Ahmad

Journal Title

Journal ISSN

Volume Title



Internet Protocol Security (IPsec) provides essential security against attacks on data transmitted over the Internet through di erent security services provided by cryptographic algorithms like encryption modules and hash functions. Due to the importance of IPsec, it has been implemented in hardware and software with di erent designs and parameters to suit di erent platforms and provide better solutions. Among the popular implementations of IPsec in hardware are those that target FPGA platforms because of the exibility they o er the designer, ease of programming and high speeds that cannot be achieved through software. Due to the fact that FPGAs are resource limited devices, even e cient imple- mentations of IPsec with all the services it provides might not t on low cost devices or low area devices that are meant for light weight implementations. A solution to this prob- lem can be Partial Recon guration which allows some IPsec services to be available in the system and the remaining services can be recalled when needed by an application. Partial Recon guration is a con guration method for FPGAs that allows certain portions of the device to be recon gured during run-time without a ecting other portions in the system or their functionality. In this thesis we will investigate the e ect of implementing IPsec services using Partial Recon guration in terms of speed, area and recon guration time. For that, we built an embedded system controlled through an embedded processor to provide self recon guration of the system through a software application. We also imple- mented di erent versions of the embedded system using Microblaze and PowerPC embedded processors targeting two di erent platforms (Virtex-4 and Virtex-II-Pro) to perform thor- ough testing on the proposed design and analyze the results.



Partial Reconfiguarion, Embedded, FPGA, SHA - 256, IPsec, AES