skip to main content
10.1145/1023833.1023874acmconferencesArticle/Chapter ViewAbstractPublication PagesesweekConference Proceedingsconference-collections
Article

Java cryptography on KVM and its performance and security optimization using HW/SW co-design techniques

Published: 22 September 2004 Publication History

Abstract

This paper describes a design approach to include and optimize Java based cryptographic applications into resource limited embedded devices.For easy prototyping and to be platform independent, the security applications are first developed in Java. Two Java cryptographic libraries, the Bouncy Castle API and the IAIK API are ported to a real embedded device for cost and performance evaluation. It requires 0.88Mbytes to 1.2Mbytes in the KVM footprint size and a few milliseconds to run secret key algorithms and message digests on a typical embedded device.In a second step, the performance critical components of the security applications are moved to hardware acceleration units. The GEZEL design environment is used for the hardware modeling and the co-simulation between software on KVM and the hardware co-processor. Moving the AES algorithm from the SH3-DSP microprocessor to a hardware co-processor shows a performance gain of 10.4x including the overhead in Java, C, and hardware interfaces.Then in a third step, the security critical components are realized by means of a special dynamic differential logic (DDL) style, which makes the secure modules resistant against side channel attacks. All key related actions and cryptographic algorithms are restricted to the secure co-processor. The overall performance gain is 25x compared to a pure Java implementation.

References

[1]
M. Renaudin, F. Bouesse, Ph. Proust, J. P. Tual, L. Sourgen, F. Germain, "High Security Smartcards", Proceedings of the Design, Automation and Test in Europe Conference and Exhibition Volume I (DATE'04) pp. 228--233]]
[2]
Bruce Schneier, "Applied Cryptography", John Wiley & Sons, 1996 ISBN 0-471-12845-7]]
[3]
J2ME Building Blocks for Mobile Devices - White Paper on KVM and the Connected, Limited Device Configuration (CLDC) http://java.sun.com/products/cldc/wp/KVMwp.pdf]]
[4]
J2ME CLDC 1.1, http://java.sun.com/products/cldc/index.jsp]]
[5]
Java Devices, http://www.microjava.com/devices]]
[6]
Japan NTT DoCoMo's i-mode Article, http://www.peterindia.net/i-ModeView.html]]
[7]
The Bouncy Castle Lightweight API Release 1.20, http://www.bouncycastle.org/download/lcrypto-j2me-120.tar.gz]]
[8]
IAIK JCE and iSaSiLk APIs, http://jce.iaik.tugraz.at/download/evaluation/index.php]]
[9]
Intel SA-1110 Processor, http://www.intel.com/design/edk/product/strongarm_edk.htm]]
[10]
The eCos OS, http://sources.redhat.com/ecos]]
[11]
Michael Yuan, "Enterprise J2ME: Developing Mobile Java Applications",http://www.enterprisej2me.com/pages/enterprisej2me/book.php]]
[12]
The GEZEL Design Environment, http://www.ee.ucla.edu/~schaum/gezel/]]
[13]
KPIT Cummins GNU Tools & Support, http://www.kpitgnutools.com/]]
[14]
Advanced Encryption Standard, http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf]]
[15]
Java 2 Platform Security Architecture, http://java.sun.com/j2se/1.4.2/docs/guide/security/]]
[16]
Java Cryptography Architecture, http://java.sun.com/j2se/1.4.2/docs/guide/security/CryptoSpec.html]]
[17]
E. Hess, N. Janssen, B. Meyer, T. Schuetze, "Information Leakage Attacks Against Smart Card Implementations of Cryptographic Algorithms and Countermeasures "a Survey", EUROSMART Security Conference (2000) pp.55--64]]
[18]
P. Kocher, J. Jaffe, B. Jun, "Differential Power Analysis", Proc. of Advances in Cryptology (1999) pp.388--397]]
[19]
GEZEL User Manual, http://www.ee.ucla.edu/~schaum/gezel/gzldata/gezelum.pdf]]
[20]
K. Tiri, I. Verbauwhede, "A Logic Level Design Methodology for a Secure DPA Resistant ASIC or FPGA Implementation", Design Automation and Test in Europe Conference (DATE 2004) pp.246--251]]
[21]
K. Tiri, I. Verbauwhede, "Securing Encryption Algorithms against DPA at the Logic Level: Next Generation Smart Card Technology", Workshop on Cryptographic Hardware and Embedded Systems (CHES 2003) pp.125--136]]
[22]
SH-Mobile Application Processor, http://www.renesas.com/eng/products/mpumcu/shmobile/index.html]]
[23]
P. Kocher, R. Lee, G. McGraw, A. Raghunathan and S. Ravi, "Security as a New Dimension in Embedded System Design", Proc. of 41st Design Automation Conference (DAC 2004), 2004, pp.735--760]]
[24]
S. Ravi, A. Raghunathan and S. Chakradhar, "Tamper Resistance Mechanisms for Secure Embedded Systems", Proc. of 17 th International Conference on VLSI Design (VLSID 2004), 2004, pp.605--610]]
[25]
C.Gebotys, "Design of Secure Cryptography against the threat of power-attacks in DSP embedded processors", ACM Transactions on Embedded Computer Systems, Vol. 3, No. 1, February 2004]]

Cited By

View all
  • (2024) AES software and hardware system co‐design for resisting side channel attacks Expert Systems10.1111/exsy.13664Online publication date: 26-Jun-2024
  • (2013)Development, Integration, and Deployment of Mobile Information Services in HealthcareIntegrated Information and Computing Systems for Natural, Spatial, and Social Sciences10.4018/978-1-4666-2190-9.ch012(242-261)Online publication date: 2013
  • (2013)Vampire AttacksIEEE Transactions on Mobile Computing10.1109/TMC.2011.27412:2(318-332)Online publication date: 1-Feb-2013
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
CASES '04: Proceedings of the 2004 international conference on Compilers, architecture, and synthesis for embedded systems
September 2004
324 pages
ISBN:1581138903
DOI:10.1145/1023833
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 September 2004

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. cryptography
  2. design
  3. embedded systems
  4. java
  5. security

Qualifiers

  • Article

Conference

CASES04

Acceptance Rates

Overall Acceptance Rate 52 of 230 submissions, 23%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)4
  • Downloads (Last 6 weeks)0
Reflects downloads up to 16 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2024) AES software and hardware system co‐design for resisting side channel attacks Expert Systems10.1111/exsy.13664Online publication date: 26-Jun-2024
  • (2013)Development, Integration, and Deployment of Mobile Information Services in HealthcareIntegrated Information and Computing Systems for Natural, Spatial, and Social Sciences10.4018/978-1-4666-2190-9.ch012(242-261)Online publication date: 2013
  • (2013)Vampire AttacksIEEE Transactions on Mobile Computing10.1109/TMC.2011.27412:2(318-332)Online publication date: 1-Feb-2013
  • (2011)Secure solution for mobile access to patient's health care record2011 IEEE 13th International Conference on e-Health Networking, Applications and Services10.1109/HEALTH.2011.6026769(296-303)Online publication date: Jun-2011
  • (2009)Offline NFC payments with electronic vouchersProceedings of the 1st ACM workshop on Networking, systems, and applications for mobile handhelds10.1145/1592606.1592613(25-30)Online publication date: 17-Aug-2009
  • (2008)The Aegis: UICC-Based Security Framework2008 Second International Conference on Future Generation Communication and Networking10.1109/FGCN.2008.91(264-269)Online publication date: Dec-2008
  • (2007)Performance Evaluation of Security ServicesProceedings of the 15th Euromicro International Conference on Parallel, Distributed and Network-Based Processing10.1109/PDP.2007.64(387-394)Online publication date: 7-Feb-2007
  • (2006)A Component-Based Design Environment for ESL DesignIEEE Design & Test10.1109/MDT.2006.11023:5(338-347)Online publication date: 1-Sep-2006

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media