Computer Architecture ECS 201A
Popular in Course
Popular in Engineering Computer Science
This 3 page Class Notes was uploaded by Ashleigh Dare on Tuesday September 8, 2015. The Class Notes belongs to ECS 201A at University of California - Davis taught by Staff in Fall. Since its upload, it has received 60 views. For similar materials see /class/191697/ecs-201a-university-of-california-davis in Engineering Computer Science at University of California - Davis.
Reviews for Computer Architecture
Report this Material
What is Karma?
Karma is the currency of StudySoup.
Date Created: 09/08/15
ECS 201a outline CPUSecure 1 Introduction 11 History of cryptography 111 Where it came from And how first computers were used to do it 12 What is my cryptographic processor 121 A standalone processor that does information decryption inside the CPU without access to a coprocessor 122 Keeps all data on the disk encrypted in a way that only the processors belonging to the family of the data originating processor may decrypt the data 123 Implementation to be seen in section 4 2 What are its applications 211 Data security all data on a disk is physically secure even if the disk is removed from the machine Note the difference if entire machine is stolen data is not secure 212 Possibility of creating bullet proof network of machines belonging to the same class ofprocessors 213 Talk about trusted third party the CPU producers and licensing of CPU families CPU family registration and numbering etc 2131PID FAMiID l PROCiNO 3 Similar products available 31 Coprocessors 7 there are different coprocessors that have been created that implement cryptographic algorithms but the ones that I have seen have always been modules and not standalone CPUSecure uses existing MIPS architecture to build from CPU performs exactly as it normally would but the difference being that the data it retrieves and writes is always encrypted 311 4 Schools ofthought 41 All info leaving the chip is encrypted 411 Implies DMA controller is ofthe same family and can respond to instructions that are encrypted using the algorithm in the processor 42 Only some information leaving the chip is encrypted 421 Implies that there is a mode setting on the chip to determine whether or not data being written should be encrypted or not applies to either implementation pipeline or cache In cache implementation you simplify the mode problem considerably since the issuing commands to the DMA are from the CPU and the CPU is always unencrypted but the data to the devices is from RAM and RAM is always encrypted 6 422 Implies a lot more complication in the design and possibly being software dependant 43 Trade off between the two schools Hardware complexity vs software complexity My encryption algorithm used Mini Blowflsh 51 Explain how blowf1sh works 511 SBoxes Parray initialization with Pi Core and iteration 52 Explain how mini blowf1sh works 53 Talk about execution time of miniblowf1sh 531 need to nd critical path of regular MIPS machine and compare it with the critical path of miniblowflsh core to be able to induce differential clocking For example the 9 iterations of miniblowfish take a total of 20 clock cycles if each MIPS clock cycle can be broken down into 4 CORE cycles then you can have an encryption algorithm that runs in 5 clock cycles 532 Talk about general case 139 number of iterations k number of CORE cycles per clock Execution time of BF algorithm 2 z39 2k 54 Show how blowf1sh is implemented in hardware Insert modified charts here Talk about size 57 x 61 mm2 Methods of implementation 61 Pipeline stage 611 Talk about what needs to be modified in general MIPS pipeline 6111 Changes in the MIPS pipeline IF DC ID EX MEM WB 61111 Charts graphs etc pasted here 6112 Talk about the pros and cons of adding more than just one BF FU 6113 Talk about haVing idle time of MEM stage CORE being used for DC 612 Talk about physical implementation and the size required 6121 ROMS mode bit CORE controller etc 6122 Talk about possibility of adding a decryption lookaside bulTer 62 Cache stage 621 Talk about what needs to be modified in hardware to do this 6211 good compared to original pipeline stage because you only need one or so CORE modules 622 Talk about physical implementation and the size required 6221 ROMS mode bit CORE controller etc 6222 Lookaside buffer no longer needed in this implementation 63 Problems with either method 631 Pipeline 7 adds an incredible amount of overhead to process execution 6311 Seemed like a natural place to put the decryptionencryption stage 6312 Good because data is as secure as it can be 6313 Smaller sboxes because data manipulated is only 32 bits But need a lot more cores to keep up with pipeline 632 Cache 7 data could be witnessed in cache 632l Good because encryption and decryption is no longer a big deal only difference is time involved in a cache miss which is already pretty large Adding another 60 clock cycles to this should not be a problem 6322 Bad because SBoxes would have to be larger in cache if you want to work on a larger block BF works on a 64bit block using a parray of 32 bits each But on the other hand you only need one or two COREs 4 sboxes of 256 bits each Block size is 64 bits LOOK AT TWOFISH PAPER for 128 bit block size Ifblock size gotten is 4 words each word is 4 bytes and each byte is 8 bits then we have 128 bits Two sh would be good 7 Example execution times using each stage EXPLAIN PROBLEM OF PEOPLE INFERRING WHAT DATA IS KEPT ON THE PROCESSOR JUST BY OBSERVING DIFFERENT CHARGES THAT S WHY WE NEED TO KEEP CACHE ENCRYPTED AS WELL EXPLAIN THAT MY METHOD IS THE EXTREMELY PARANOID METHOD OF PERFORMING CPU BASED ENCRYPTION CAN ALSO DO IT IN OTHER STAGES OTHER THAN IN PIPELINE FOR EXAMPLE PERFORMING ENCRYPTIONDECRYPTION WHEN GETTING AND REMOVING PAGES FROM THE CACHE COULD ALSO BE A MUCH MORE EFFICIENT METHOD BECAUSE YOUR PIPELINE IS NOT CHANGED INSTEAD YOU ONLY HAVE THE ENCRYPTION DELAY WHEN YOU GET A CACHE MISS