Design and Performance Analysis of a Reconfigurable, Unified HMAC-Hash Unit for IPSec Authentication

In this dissertation, we discuss the design of a reconfigurable, unified HMAC-hash unit for IPSec authentication. The proposed unit is reconfigurable at runtime to enable implementing any of six standard algorithms: MD5, SHA-1, RIPEMD-160, HMAC-MD5, HMAC-SHA-1, and HMAC-RIPEMD-160. The designed unit can be used for IPSec or any other security application that uses hash functions, such as digital signature. We applied speedup techniques, such as pipelining and parallelism, to enhance the design of the HMAC-hash unit. We also proposed a key reuse technique to improve the HMAC throughput. We used an emerging system design methodology in designing the HMAC-hash unit. This methodology uses a high level language, Handel-C, to implement the designed unit and directly map it to FPGA platforms. We used the available constructs of Handel-C to conduct a design space exploration of the HMAC-hash unit. The performance of the designed unit was analyzed and compared to performance reported in previous work. To our knowledge, this work is the first in the literature that integrates six standard hash algorithms in one unified, reconfigurable unit. It is also the first in the literature that implements HMAC-RIPEMD-160 on FPGA. The work reported in this dissertation is the first to integrate HMAC with three hash functions. The achieved throughput is 173.69 Mbps for MD5 and 139.38 Mbps for each of SHA-1 and RIPEMD-160. Compared to results reported in