Publications réalisées au sein de Shiva

Combining Security Assurance and High Performance in Hostile Environments

Pierre Capillon, Antoine Casanova - CS SYSTEMES D'INFORMATION

With growing global bandwidth consumption and increasing cyber-attacks, information security ac- tors are in constant need for scalable, high performance products that still provide a high level of security assurance. The French national project “SHIVA” aims at developing a new security architecture providing mul- tiple services and such performance and security assurance levels. Based on research and development from various fields, this paper presents usages of technologies from the high performance computing systems (HPC clusters), FPGA-based reprogrammable devices and the use of formal methods to provide additional assurance to be tested under most standard evaluation criteria. A very high level of security assurance is targeted, hence high attack potentials are assumed as per the Common Criteria Vulnerability Analysis assurance requirements (CC AVA VAN.5): A distributed architecture using scalable InfiniBand interconnect is discussed as a new interconnect method for cryptographic devices. New usages and advantages of relying on such an architecture are presented, as well as various security considerations on threats, attacks and how reprogrammable de- vices bring innovative solutions to cryptographic initialization process on hostile platforms, as well as optimizations and opportunities opened by the use of pre-processing and formally designed software in handling operational data flow and critical information.


Parallel arithmetic encryption for high-bandwidth communications on multicore/GPGPU platforms

Ludovic Jacquin, Vincent Roca - INRIA Planète team, France
Jean-Louis Roch, Mohamed Al Ali - Laboratoire d’Informatique de Grenoble (LIG), France

In this work we study the feasibility of high-bandwidth, secure communications on generic machines equipped with the latest CPUs and General-Purpose Graphical Processing Units (GPGPU). We first analyze the suitability of current Nehalem CPU architectures. We show in particular that high performance CPUs are not sufficient by themselves to reach our performance objectives, and that encryption is the main bottleneck. Therefore we also consider the use of GPGPU, and more particularly we measure the bandwidth of the AES cipher- ing on CUDA. These tests lead us to the conclusion that finding an appropriate solution is extremely difficult.