ReaLSE: Reconfigurable Lightweight Security Engines for Trusted Edge Devices

Abstract

Security has become a serious threat for IoT devices running on the edge. While IoT chips are usually subject to numerous constraints such as power, form factor, cost and more. The budget for on-chip security engines is very limited. A worldwide competition was launched by NIST to define lightweight cryptographic (LWC) primitives for securing tiny devices. So far, the final round of the LWC competition consists of ten candidates’ submissions that can be categorized as substitution box (Sbox)-based and add-rotate-xor (ARX)-based. The former heavily involves memory accessibility, while the latter involves heavy computations such as additions and rotations. While one can design customized accelerator for each LWC cipher, it lacks generality and involves huge design effort. In the meanwhile, a full reconfigurable system will incur hardware overheads in terms of area and power. Inspired by domain-specific architecture, we propose a series of compact security engine architectures called Reconfigurable Lightweight Security Engines (ReaLSE), that are coupled with some levels of reconfigurability such as different word sizes, different encryption/decryption processes or even different security levels. By striking a balance between flexibility and hardware cost, our proposed designs were able to integrate micro-architectural level optimizations that are specific to certain LWC ciphers while supporting various modes. This new design family increases the availability and adaptability of embedded LWC engines for IoT. We will present various such reconfigurable designs including both ARX and S-boxed based ciphers. Architecture details along with hardware implementation results will also be discussed.