Implementation of a secure TLS coprocessor on an FPGA

Abstract

In this paper we present a secure implementation architecture of a coprocessor for the TLSv1.2 protocol, on an FPGA. Techniques were used that increase the resistance of the design to side channel attacks, and also protect the private key data from software based attacks. The processor was implemented with a secure true random number generator which incorporates failure detection and thorough post-processing of the random bitstream. The design also includes hardware for signature generation and verification; based on elliptic curve algorithms. The algorithms used for performing the elliptic curve arithmetic were chosen to provide resistance against SPA and DPA attacks. Implementations of the AES and SHA256 algorithms are also included in order to provide full hardware acceleration for a specific suite of the TLSv1.2 protocol. The design is analysed for area and speed on a Virtex 5 FPGA.