System-on-a-Chip with Security Modules for Network Home Electric Appliances

Similar documents
7a. System-on-chip design and prototyping platforms

Implementation of Wireless Gateway for Smart Home

10/100/1000Mbps Ethernet MAC with Protocol Acceleration MAC-NET Core with Avalon Interface

ZyWALL 5. Internet Security Appliance. Quick Start Guide Version 3.62 (XD.0) May 2004

Cut Network Security Cost in Half Using the Intel EP80579 Integrated Processor for entry-to mid-level VPN

ontroller LSI with Built-in High- Performance Graphic Functions for Automotive Applications

ADM5120 HOME GATEWAY CONTROLLER. Product Notes

STM32 F-2 series High-performance Cortex-M3 MCUs

Network connectivity controllers

IPv6 Challenges for Embedded Systems István Gyürki

Release Notes. NCP Secure Entry Mac Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3. Known Issues

KeyStone Architecture Security Accelerator (SA) User Guide

Cisco Integrated Services Routers Performance Overview

SBC8600B Single Board Computer

Table of Contents. 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2

Figure 1.Block diagram of inventory management system using Proximity sensors.

Chapter 7 Transport-Level Security

PRINT SERVER IMPLEMENTATION ALTERNATIVES. An XCD White Paper

High-Performance, Highly Secure Networking for Industrial and IoT Applications

LPC2300/LPC2400 TCP/IP Overview. TCP/IP and LPC2300/LPC2400 Family October 2007

Release Notes. NCP Secure Client Juniper Edition. 1. New Features and Enhancements. 2. Problems Resolved

FIPS Security Policy 3Com Embedded Firewall PCI Cards

Pen Drive to Pen Drive and Mobile Data Transfer Using ARM

CGI-based applications for distributed embedded systems for monitoring temperature and humidity

Release Notes. NCP Secure Entry Mac Client. Major Release 2.01 Build 47 May New Features and Enhancements. Tip of the Day

Home Gateway Enabling Evolution of Network Services

ZigBee Technology Overview

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

Secure Network Communications FIPS Non Proprietary Security Policy

AP-GSS3000 TM 512Ch GSM SIM Server

FLYPORT Wi-Fi G

10/100/1000 Ethernet MAC with Protocol Acceleration MAC-NET Core

IP Security. Ola Flygt Växjö University, Sweden

AP-GSS1500 TM 256Ch GSM SIM Server High Performance GSM SIM Server Solution

ADVANCED VEHICLE TRACKING SYSTEM USING ARM7

Fondamenti su strumenti di sviluppo per microcontrollori PIC

Digitale Signalverarbeitung mit FPGA (DSF) Soft Core Prozessor NIOS II Stand Mai Jens Onno Krah

Product Brief. R7A-200 Processor Card. Rev 1.0

SHE Secure Hardware Extension

CCNA Security 1.1 Instructional Resource

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

Wireless Microcontrollers for Environment Management, Asset Tracking and Consumer. October 2009

MVME162P2. VME Embedded Controller with Two IP Slots

Getting the most TCP/IP from your Embedded Processor

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol

Andreas Läng. Hilscher Gesellschaft für Systemautomation mbh Intelligent solutions for industrial communication.

Ways to Use USB in Embedded Systems

Gigabit Multi-Homing VPN Security Router

Wireless Technologies for Automation

NIOS II Based Embedded Web Server Development for Networking Applications

Load Balance Router R258V

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Chapter 13. PIC Family Microcontroller

Procedure: You can find the problem sheet on Drive D: of the lab PCs. Part 1: Router & Switch

Data Sheet. NCP Secure Enterprise Client Windows. Next Generation Network Access Technology

Pre-tested System-on-Chip Design. Accelerates PLD Development

Internet of things (IOT) applications covering industrial domain. Dev Bhattacharya

A Transport Protocol for Multimedia Wireless Sensor Networks

SX-3000EDM Integration Guide

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

USB 3.0 Connectivity using the Cypress EZ-USB FX3 Controller

TDP43ME NetPS. Network Printer Server. Control Center. for Ethernet Module

A DIY Hardware Packet Sniffer

Am186ER/Am188ER AMD Continues 16-bit Innovation

HANIC 100G: Hardware accelerator for 100 Gbps network traffic monitoring

All Programmable Logic. Hans-Joachim Gelke Institute of Embedded Systems. Zürcher Fachhochschule

SPI I2C LIN Ethernet. u Today: Wired embedded networks. u Next lecture: CAN bus u Then: wireless embedded network

Monitoring Traffic manager

HughesNet Broadband VPN End-to-End Security Enabled by the HN7700S-R

ARM Cortex -A8 SBC with MIPI CSI Camera and Spartan -6 FPGA SBC1654

Virtual KNX/EIB devices in IP networks

Servers, Clients. Displaying max. 60 cameras at the same time Recording max. 80 cameras Server-side VCA Desktop or rackmount form factor

DS1104 R&D Controller Board

Concept Engineering Adds JavaScript-based Web Capabilities to Nlview at DAC 2016

Advanced Vehicle Tracking System Using ARM7

Managing Digital Signage Over 3G Using Intel Active Management Technology (Intel AMT)

Lecture 9 - Network Security TDTS (ht1)

Gerard Fianen. Copyright 2014 Cypherbridge Systems LLC Page 1

Freescale Semiconductor, Inc. Product Brief Integrated Portable System Processor DragonBall ΤΜ

Network Security Part II: Standards

Hitachi Releases SuperH Mobile Application Processor SH-Mobile for optimum processing of multimedia applications for next-generation mobile phone

Products. CM-i586 Highlights. Página Web 1 de 5. file://c:\documents and Settings\Daniel\Os meus documentos\humanoid\material_o...

Design of a High Speed Communications Link Using Field Programmable Gate Arrays

13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode

ALLNET ALL-VPN10. VPN/Firewall WLAN-N WAN Router

ALL-AIO-2321P ZERO CLIENT

How To Make Gigabit Ethernet A Reality

Simplifying Embedded Hardware and Software Development with Targeted Reference Designs

AppliedMicro Trusted Management Module

85MIV2 / 85MIV2-L -- Components Locations

Data Transfer between Serial Link and TCP/IP Link Using ez80f91 MCU

DNA. White Paper. DNA White paper Version: 1.08 Release Date: 1 st July, 2015 Expiry Date: 31 st December, Ian Silvester DNA Manager.

IP Phone Solutions TNETV1050/1055

Gigabit Multi-Homing VPN Security Router

Thingsquare Technology

760 Veterans Circle, Warminster, PA Technical Proposal. Submitted by: ACT/Technico 760 Veterans Circle Warminster, PA

Development. Igor Sheviakov Manfred Zimmer Peter Göttlicher Qingqing Xia. AGIPD Meeting April, 2014

RouterBOARD product overview. September, Gon Tel: +44 (0) Fax: +44 (0)

Quidway SVN3000 Security Access Gateway

Transcription:

System-on-a-Chip with Security Modules for Network Home Electric Appliances V Hiroyuki Fujiyama (Manuscript received November 29, 2005) Home electric appliances connected to the Internet and other networks allow users to easily access a variety of information and services. However, the users of such appliances are increasingly exposed to the threat of information leaks, unauthorized access, and other risks. Therefore, home electric appliances connected to networks must provide adequate security functions. This paper introduces three new Fujitsu system-on-a-chips (SoCs) developed for network home electric appliances. These SoCs provide network, security, and control functions for home electric appliances and peripheral components. The new SoCs can also provide these functions for a digital home system and process the data of the system s devices. Moreover, when connected to an existing system, they can be used as slave processors for network and security processing. 1. Introduction In the past, very few home electric appliances were connected to a network. However, increasing numbers of these appliances are now being connected to the Internet just like PCs. Home electric appliances connected to the Internet and other networks allow users to easily access a variety of information and services. However, in contrast with the convenience offered, the users of such appliances are increasingly exposed to the threat of information leaks, unauthorized access, and other risks through networks. Consequently, home electric appliances connected to networks must provide adequate security functions. This paper introduces three new system-ona-chips (SoCs) developed for networked home electric appliances. As implied by the name, these devices are complete computer systems on a single chip. SoCs can be used as the CPUs for home electric appliances and peripheral components or to build network and security systems, control devices, and process the data of those devices. Moreover, when connected to an existing system, SoCs can be used as slave processors for network and security processing. 2. Developing SoCs for network home electric appliances To provide more addresses for the ever-growing Internet and make other improvements, the Internet protocol will be upgraded from the current Internet Protocol Version 4 (IPv4) to IPv6. IPv6 provides sophisticated security as a standard feature and enables easy connectivity. In addition to typical devices such as PCs that are connected to the Internet, home electric appliances are now being connected to enhance convenience for users. Low-cost and easy-to-use networking modules should be developed for home electric appliances to make such connections more popular. Toward this end, Fujitsu has developed these SoCs with security modules for network home electric appliances. FUJITSU Sci. Tech. J., 42,2,p.227-2(April 2006) 227

As more and more home electric appliances are connected to networks, it will become increasingly important to have strong security systems that protect the personal data they contain. Moreover, it is preferable for such a security system to be used simply and reliably from applications. The Internet Engineering Task Force (IETF) has developed a security system that meets these requirements. This system, called IPsecurity (IPsec), will be supported by IPv6 as a standard feature. In terms of performance, however, it is difficult to realize IPsec in the embedded microcontrollers used in general home electric appliances because this system requires a lot of processing. Therefore, increasing the level of performance also increases the cost and power consumption. The new SoCs with security modules for network home electric appliances solve these problems of performance, cost, and power consumption. These SoCs are used in encryption processing to divert the software overhead to hardware, thereby improving the processing efficiency and reducing the CPU load. The interface function of these SoCs enables network connections based on the microcontrollers generally used in existing home electric appliances. By implementing this interface function and the program group required for networking as firmware, the SoCs enable easy, low-cost network connections. The following sections describe the three new SoCs developed for network home electric appliances. The SoCs are the MB91401, an advanced general-purpose SoC, and the MB91402 and MB9140, which have embedded RAM.. Advanced general-purpose SoC: MB91401 (for evaluation) The MB91401 is the first SoC developed for network home electric appliances to have a security system and is designed to be used for ES-level evaluation purposes. To support network and security systems, the MB91401 uses a Fujitsu-proprietary FR 2-bit RISC microcontroller for its CPU core. The MB91401 is designed to support a security system and IPv6 without placing a burden on the CPU. It also offers various interface features so it can be readily used in many types of home electric appliances. Figure 1 shows the MB91401 s block diagram. The following describes the main features of the network and security systems of the MB91401..1 Network system The MB91401 connects to a network using 10/100 M Ethernet media access control (MAC), which conforms to IEEE802.. This standard media-independent interface (MII) enables easy connection to general physical layer (PHY) MII SMI PLL UART 2ch INTC Timer RAM IPsec DES/DES MD5/SHA-1 IKE EtherMAC USB target CPU core I-cache DMAC 5ch Interface GPIO I 2 C CF DSU Memory controller CF: CompactFlash DES: Data Encryption Standard DMAC: Direct Memory Access Controller DSU: Debug Support Unit GPIO: General Purpose Input/Output I 2 C: Inter Integrated Circuit bus IKE: Internet Key Exchange INTC: Interrupt Controller MD5: Message Digest 5 SHA-1: Secure Hash Algorithm 1 UART: Universal Asynchronous Receiver Transmitter Figure 1 MB91401 block diagram. 8/16-bit 8/16/2-bit 228 FUJITSU Sci. Tech. J., 42,2,(April 2006)

devices. The internal registers conform to a conventional LAN controller as much as possible to facilitate the use and development of middleware such as drivers. A major feature of the MB91401 is its support of packet filtering in the L2, L, and L4 network layers. By accepting only the required packets, this SoC protects its CPU against overloading. This function also enhances security because unnecessary packets can be eliminated without software intervention. Filtering is done for differences in the protocol headers of IPv4 and IPv6. MAC has an embedded send buffer of 1.5 KB, which is the largest packet size in IPv6. It also has an embedded high-capacity receive buffer of 9 KB so it can instantaneously receive packets at up to 100 Mb/s without error..2 Security system supported by hardware IPsec is used as the standard protocol security system over the Internet. IPsec uses an encryption function to prevent surreptitious reading, an authentication function to prevent spoofing, and a function for safely exchanging encryption keys. The MB91401 hardware supports these IPsec functions. It also supports Triple DES note 1) secret-key cryptosystems and the MD5 note 2) and SHA-1 note ) hash functions. Moreover, it has an embedded processor that can be used for Internet Key Exchange (IKE) and public key cryptosystems. The MB91401 mainly supports the following security functions: DES-ECB, DES-CBC, DES-ECB, and DES-CB mode note 1) note 2) DES is an abbreviation for the Data Encryption Standard: a widely used secret key cryptosystem. Triple DES repeats DES three times to enhance encryption strength. Abbreviation of Message Digest 5: a widely used hash function. note ) Abbreviation of Secure Hash Algorithm 1: another widely used hash function. MD5, SHA-1, HMAC-MD5, and HMAC-SHA- 1 mode Internet key exchange DH groups: 1 (MODP 768 bits) and 2 (1024 bits) The MB91401 s IPsec Manager processes security data transfers. It provides a fivefold increase in transfer rate compared to that achieved when only the CPU is used and also reduces the CPU load by 80% or more. By leaving the security system to hardware and providing an IPsec Manager, the MB91401 enables highspeed processing. Encryption is about 200 times faster and the key exchange algorithm about 100 times faster than when these processes are done using only software running on the CPU. The security system can be used by non-ipsec systems on networks. The encryption and hash functions can also be used to secure external memory data. By providing the appropriate device drivers, these functions can easily be used from applications.. External interfaces The MB91401 can be used independently as a controller for home electric appliances because its CPU core contains standard peripheral circuits such as an interrupt controller (INTC), timer, DMA controller (DMAC), and serial interface (UART). When mounted in a home electric appliance or another system, the MB91401 can provide network connectability with strong security measures. The MB91401 has an interface for easy connection to the system memory bus. This interface uses high-capacity send and receive FIFOs and a communication register. These components make it easy to add a network function to an existing system. Moreover, the MB91401 can readily provide system security when connected to an existing system as a slave processor..4 Peripheral interface The MB91401 provides a USB target FUJITSU Sci. Tech. J., 42,2,(April 2006) 229

function, card interface, inter-ic interface, and a network function. Therefore, the appropriate connection method can be selected for the device. The MB91401 can be used as a file encryption engine via USB or connected to a wireless LAN card via the card interface. PLL UART 2ch INTC Timer RAM CPU core I-cache DMAC 5ch DSU 4. Two SoCs with embedded RAM: MB91402 and MB9140 With its various interfaces, the MB91401 is designed to connect a wide range of devices to a network. The MB91402 and MB9140 are designed to be embedded in home electric appliances for relatively inexpensive connection to a network or factory automation (FA) system. The MB91402 and MB9140 have an embedded high-capacity RAM. Figure 2 shows the block diagram of the MB91402/MB9140. A major difference between these SoCs and the MB91401 is their high-capacity 6 RAM. Also, the USB and card interface of the MB91401 have been omitted, and its pin count has been reduced from 240 to 144 so it can be packaged using a QFP (Quad Flat Package). A single. V power supply is used for system downsizing and cost reduction. In addition, the AES, note 4) which is becoming increasingly popular as a nextgeneration encryption standard, has been added to improve over security systems such as Triple DES. The embedded memory is effective in terms of cost reduction and security measures because data can be processed within the SoC. If more memory is required, the MB91402 and MB9140 can support external memory through a mode setting. Furthermore, these SoCs can be used in conjunction with an external, rewritable flash memory. The MB91402 was developed for applications that require no security, for example, IPv4 or an internal gateway. This SoC has exactly the same note 4) Abbreviation of Advanced Encryption Standard: a secret key cryptosystem established by the National Institute of Standards and Technology (NIST) as the successor to DES. MII SMI IPsec DES/DES/AES MD5/SHA-1 IKE (for MB9140 only) EtherMAC Interface GPIO RAM 6 Memory controller 8/16-bit 8/16/2-bit features as the MB9140 except for the security function. The MB91402 can be replaced with the MB9140 when a system needs security because they are pin-compatible. Table 1 shows a functional comparison of the MB91401 and MB91402/ MB9140. 5. Software products and development environment This section describes some software products that take advantage of the performance and functions offered by these SoCs and a development environment for employing these SoCs in digital home electric appliances. 5.1 Software products To achieve the network function, a TCP/IP protocol stack that supports IPv4 and IPv6 is also provided along with the SoCs (Figure ). The security cryptosystem s DES, AES, and hash functions were developed as drivers to enable easy use as functions from applications. Moreover, software products to support various types of encryption applications, including RSA applications, are now being prepared. I 2 C Figure 2 MB91402/MB9140 block diagram. 20 FUJITSU Sci. Tech. J., 42,2,(April 2006)

Table 1 Functional comparison of MB91401 and MB91402/MB9140. MB91401 MB91402 MB9140 CPU core FR60 series core FR60 series core FR60 series core Instruction cache Data RAM UART External interruption channels + NMI DMA (without external terminal) 5 channels 5 channels 5 channels Reload timer channels channels channels DSU MAC controller Receivable FIFO size 9 KB KB KB External IF Receivable FIFO size KB 1.5 KB 1.5 KB Memory IF Address bits 24 bits 2 bits 2 bits Data bits 8 bits/16 bits/2 bits 8 bits/16 bits 8 bits/16 bits Chip selection 2 2 Applicable device ROM/RAM ROM/RAM/SDRAM/FCRAM ROM/RAM/SDRAM/FCRAM I 2 C IF GPIO Applicable mode Input change interruption port Typical (100 kb/s) 8 pins max. Typical/high-speed (400 kb/s 26 pins max. (4 pins) Typical/high-speed (400 kb/s 26 pins max. (4 pins) Encryption/authentication macro DES/DES AES HMAC-MD5/SHA-1 REDC IPsec Manager Internal RAM (6) (6) USB IF (FS mode) CARD IF (CF card) FBGA-240 LQFP-144 LQFP-144 66 MHz max. MHz max. MHz max. 2 power supplies (1.8 V/. V) 1 power supply (. V) 1 power supply (. V) FUJITSU Sci. Tech. J., 42,2,(April 2006) 21

User application RSA Encryption/authentication drivers (AES, DES, DES, MD5, SHA-1, HMAC-MD5, HMAC-SHA-1, etc.) SSL (planning) IKE PPP FTP/TFTP, TELNET, SNMP, DNS, POP/SMTP, Web Server, etc. Socket I/F TCP, UDP IPv6/IPv4 Mobile IP EtherMAC (hardware) Hardware encryption engines: DES, DES, MD5, SHA-1, HMAC-MD5, HMAC-SHA-1, etc. Options IPv4/IPv6 Dual Protocol Stack Options Hardware : Middleware Figure Software components for network and security functions. Figure 4 MB91401 evaluation board. Figure 5 MB91402/MB9140 evaluation board. 5.2 Development environment These SoCs can operate in Fujitsu s SOFT- UNE V6 integrated development environment. This environment supports the MB2198-01 series of FR family emulators to enable real-time debugging. Figure 4 shows the MB91401 evaluation board. This board has USB connectors and card slots to enable the use of various MB91401 peripheral interfaces. Also, to facilitate the addition of circuits, it has an FPGA with which circuits can be written and placed on the memory bus. Figure 5 shows the MB91402/MB9140 evaluation board. This downsized board has the minimum evaluation features required to make full use of the MB91402 and MB9140. If necessary, the board can be embedded in a device for evaluation. 6. Conclusion This paper introduced three new Fujitsu SoCs with security modules developed for network home electric appliances: the MB91401, MB91402, and MB9140. These SoCs overcome the previous performance and security obstacles so that devices can now be safely and easily connected to 22 FUJITSU Sci. Tech. J., 42,2,(April 2006)

networks. In the future, as home information appliances are put to increasingly diverse uses in the growing network society, SoC performance and functions will be further optimized. In addition, simpler and more secure network application technologies will be provided. Hiroyuki Fujiyama, Fujitsu Ltd. Mr. Fujiyama joined Fujitsu Ltd. in 1986, where he has since been engaged in research and development of microprocessors. His current focus of work is on network and security system LSIs. E-mail: h.fujiyama@jp.fujitsu.com FUJITSU Sci. Tech. J., 42,2,(April 2006) 2

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information