Hardware Reference
In-Depth Information
Understanding the advantages of hardware-based
cryptography
For the advantages of hardware cryptography, we'll focus on the embedded environment
since that is the target use case of BBB. While chip manufacturers may provide a laundry
list of advantages, there are two main categories: cryptographic acceleration and key isola-
tion features.
Offloading computation to a separate processor
One advantage of using a dedicated cryptographic co-processor is to offload computation
to reduce CPU usage. A typical example is using hardware to perform the
Advanced En-
cryption Standard
(
AES
) encryption and decryption operations in a
Transport Layer Se-
curity
(
TLS
) session.
TLS is most commonly used in conjunction with the
Hypertext Transfer Protocol Secure
(
HTTPS
) protocol. You use HTTPS every time you buy something online to protect your
credit card information. Depending on your browser, you may notice a lock icon or a green
bar to indicate when a web page is served over HTTPS. In a TLS session, the client, your
browser, and the server will negotiate to use the same symmetric key. While there are sev-
eral symmetric ciphers that can be negotiated, AES is one of the preferred choices.
Note
While some sites automatically redirect you to the HTTPS version of the site, often you
must manually specify this. Remembering to type
https://
is often annoying but fortu-
nately there is a cross-browser plugin that will automatically redirect you to the HTTPS
site, if there is one. The plugin is called
HTTPS Everywhere
and it is maintained by the
Electronic Frontier Foundation. Information and links to download the free software are
located at
https://www.eff.org/https-everywhere
.
In the crypto accelerator role, a cryptographic co-processor would perform the encryption
and decryption of each TLS record. This offloads the main CPU to handle the processing of
the network traffic and perform the intended application. The BBB actually has such a
cryptographic co-processor.
Texas Instruments
(
TI
) crypto performance page for the
AM335x, the processor on the BBB, shows the results of their benchmark tests with
OpenSSL. Using AES with a 256 bit key size and operating on blocks of 8192 bytes, the
measured throughput of data was 8129.19 kB/sec without using crypto acceleration. This
