MS Thesis Defense: Brett Nicholas

Monday, March 12, 2018, 9:00–11:00am

Rm. 201, MacLean ESC (Rett's Room)

“SSL Hardware Hiding: Increasing the Security of OpenSSL Through Tightly-Coupled FPGA Hardware”


This Thesis explores a novel approach to improving the security and performance of OpenSSL by hiding encryption algorithms and keys within the perimeter of a single System- on-Chip (SoC) device. The approach only recently became feasible with the introduction of a generic hardware acceleration API into the OpenSSL software suite. Although the API is intended to facilitate the use of generic encryption co-processors, we instead use it to establish a single-chip, hardware base-of-trust that exposes no off-chip interconnects to reverse- engineering. To achieve this base-of-trust, we hide popular encryption algorithms and associated keys within on-chip Field-Programmable Gate Array (FPGA) technology. Consequently, compromised applications running on the SoC embedded processors are unable to inspect the details of encryption operations or gain access to keys. Performance enhancements are viable through high-performance on-chip bus interconnects that couple the FPGA fabric directly into the memory hierarchy of the associated processors. To demonstrate the approach, we hide custom SHA, AES, and RSA algorithms within the FPGA fabric of a Xilinx Zynq SoC. Performance enhancement is quantified through OpenSSL’s built in performance monitoring tools, in conjunction with a series of test programs using the OpenSSL EVP high-level cryptography API. Using only un-optimized, proof-of-concept hardware algorithms, the proposed system replicates the functionality of the OpenSSL library, while exposing no algorithms or keys to the software running on the processors. Core algorithm performance was shown to be up to 40x faster in hardware than the equivalent software-only stack, but with a net performance penalty on a systems level due to memory access bandwidth and context switching.

Thesis Committee

For more information, contact Daryl Laware at