3rd International ICST Symposium on Information Assurance and Security

Research Article

FPGA/ASIC based Cryptographic Object Store System

  • @INPROCEEDINGS{10.1109/IAS.2007.59,
        author={Dan  Feng and Lanxiang  Chen and Lingfang  Zeng and Zhongying  Niu},
        title={FPGA/ASIC based Cryptographic Object Store System},
        proceedings={3rd International ICST Symposium on  Information Assurance and Security},
        publisher={IEEE},
        proceedings_a={IAS},
        year={2007},
        month={9},
        keywords={Application specific integrated circuits  Cryptography  Data security  Delay  Field programmable gate arrays  File systems  Hardware  Information security  Peer to peer computing  Secure storage},
        doi={10.1109/IAS.2007.59}
    }
    
  • Dan Feng
    Lanxiang Chen
    Lingfang Zeng
    Zhongying Niu
    Year: 2007
    FPGA/ASIC based Cryptographic Object Store System
    IAS
    IEEE
    DOI: 10.1109/IAS.2007.59
Dan Feng1,*, Lanxiang Chen1,*, Lingfang Zeng1, Zhongying Niu1
  • 1: Key Laboratory of Data Storage System, Ministry of Education, School of Computer, Huazhong University of Science and Technology, Wuhan, China
*Contact email: dfeng@hust.edu.cn, lxiangchen@gmail.com

Abstract

avoid re-encryption in cryptographic storage system when revoking users, Field Programmable Gate Array (FPGA) and Application Specific Integrated Circuit (ASIC) hardware module have been introduced to a cryptographic object store system, let private key never leave the hardware module and symmetric key only exist in hardware module in plaintext. Anyone doesn 7 know private or symmetric key, so when revoking users, it just needs to modify access control list (A CL) to delete the privileges of the users. To facilitate file sharing and key management, group is adopted. In our system, almost all computationally expensive cryptographic operations are through FPGA/ASIC hardware module. Once creator revokes some users, objects don't need re- encryption. How to use ACL and FPGA/ASIC hardware module to authenticate and authorize are described. And the procedure of object store and the distribution of meta-data are detailed. Finally, a cryptographic object store prototype system is implemented with tested and effective performance.