Security, a critical feature in today’s networks, enables secure financial transactions such as on-line banking. Network security also enables sharing data across different global locations. Here we discuss a data encryption system used in IP networks.
ENCRYPTION ENGINE
Figure 1 shows a high-level block diagram of the encryption engine in a Stratix II FPGA.
The system receives data from a PC through the USB 2.0 port interface through a FIFO UART, and sends or receives data to and from the LAN network. The data receive speed on the UART is of the order of 450Kbps which is substantially high for the type of solution required. The LAN interface is for 10/100Mbps network.
Since encryption algorithms are typically highly computation intensive it becomes imperative that it is designed in the hardware. Besides, a custom UART is also needed that can handle huge buffers at very high speeds. These system requirements could have been implemented using a processor and a number of ASICs or an FPGA on the PCB. The high-speed traffic of data between the ASICs would have posed serious timing and frequency related issues making the development process tedious and costly. Fortunately, using NIOS II processor and the system on a programmable chip (SOPC) approach to this design helps meet the requirements in minimum time and optimum effort.
Figure 1 reveals the custom logic used inside the FPGA to create such a system. A careful system design ensures proper hardware and software partitioning of requirements, with a bearing on performance and other design criteria.
SOPC DESIGN
The comprehensive range of IPs available for FPGA platform covering embedded processors, interfaces, peripherals, DSP, and communication makes SOPC an attractive proposition.
Embedded systems design needs to address typical constraints like time-to-market, cost, power, and form factor. Typically, embedded systems need processing power, storage space, connectivity to
I/O devices, and communication capability with PC or other systems. There is an increasing demand for the capability to combine custom/proprietary hardwired logic along with all the features that are supported by typical microcontrollers.
Currently a number of microcontroller vendors provide single chip solutions that have a plethora of features, but they do not provide a flexible platform for integrating proprietary logic. SOPC systems based on FPGAs and NIOS II processor provide this benefit of customizing hardware to get an exact fit to any application.
In this design, SOPC system partitioning was done by implementing high speed/throughput data computation for
the encryption engine directly on the hardware and complex algorithms in the software. Other interfaces such as Flash, SDRAM
and LAN interface were implemented using the standard components library in NIOS II. The Avalon Bus was used as the interconnect fabric to integrate all the interfaces and proprietary logic for this application.
Authors information
You can reach Amit Sinha at amit.sinha@dexceldesigns.com
Razak Mohammedali at rmohamme@altera.com
Caption: Figure 1: Encryption engine using NIOS II processor.
