Hardware-based security for high-level protection.

XIP7131C: TLS 1.3 Client

TLS 1.3 Client IP Core


Introduction

XIP7131C is a compact 1 Intellectual Property (IP) core for TLS 1.3 client-side functionality. Transport Layer Security (TLS) is a cryptographic protocol, which provides communication security in computer networks and is used for securing a multitude of different applications ranging from casual Internet browsing to critical infrastructure communications. TLS 1.3 was published as RFC 8446 in August 2018, and it is the most recent version of the TLS standard and includes major modifications and security improvements compared to the earlier TLS versions.

XIP7131C provides a hardware-based security solution level required for mission-critical applications. XIP7131C is optimized for low-area footprint, and it is ideally suited for high-volume FPGA applications, for example industrial automation, energy distribution, and secure edge computing. While the IP core itself has been optimized for low FPGA resource usage, it is capable of encrypting and decrypting bulk transmission speeds in excess of 1 Gbps after the secure connection has been established. XIP7131C supports the TLS 1.3 handshakes for session establishment and the TLS 1.3 record protocol for bulk communication. The IP core implements all cryptographic computations and key management activities required for secure TLS connections with a server. Critical cryptographical computations and key management are both isolated inside the FPGA from the rest of the system, offering a very high level of protection from different types of attacks. All computations are performed in constant time, thus nullifying timing-based side-channel attacks and protecting also against various other types of side-channel attacks. Due to the need to optimize the resource requirements, the supported cryptographic algorithms were carefully selected. XIP7131C supports X25519, Ed25519, SHA-2, HMAC, HKDF, and AES-GCM with 128-bit keys. Internally, XIP7131C includesa True Random Number Generator (TRNG) for generating truly random numbers needed in the TLS protocol, for example, ephemeral [1] keys. The TLS 1.3 IP Core is available for all Intel ® FPGAs.

Key features

  • Optimized Resource Requirements: The entire XIP7131C requires less than 8500 ALMs (Adaptive Logic Modules) in Intel Cyclone V implementation.
  • Short Session Establishment Time: The FPGA-dependant execution time of the TLS 1.3 handshake calculations is less than 100 ms at 100MHz clock, and the FPGA execution time is constant and does not depend on the key values, thus providing protection against timing-based side-channel attacks.
  • Performance: Despite its small size, XIP7131C can support bulk traffic encryption and decryption speeds in excess of 1 Gbps.
  • Follows RFC 8446: XIP7131C follows the latest TLS 1.3 standard defined in RFC 8446 with specifically selected ciphers to miminize area requirements.
  • Hardware-based Security: The primary design goal of XIP7131C is to avoid the potential weaknesses in software-based security, including but not limited to dependence on operating system security, vulnerabilities in third party cryptographic software libraries, and bugs in underlying processor architectures.
  • Hardware-based Cryptographic Operations: All the cryptographic mathematical operations are performed entirely in the FPGA, providing a substantial security and performance advantages compared to software-based TLS implementations..
  • Hardware-based Key Management: All the cryptographic keys are stored in dedicated internal FPGA memory, which provides a substantial security advantage over software-based key management, and amongst other benefits is a requirement for IEC 62443 Security Level 3 designs.

Functionality

The functionality of XIP7131C complies with the TLS 1.3 protocol definition in RFC 8446, and it implements at hardware level the required functionality for TLS 1.3 client side operation. The TLS 1.3 client (the FPGA-based XIP7131C IP core) opens a TLS connection with a server by running the client side of the TLS 1.3 handshake protocol. First XIP7131C generates a ClientHello message including the client’s ephemeral X25519 public share and sends it to the server. The server responds with a ServerHello message which includes the server’s ephemeral X25519 public share, the server’s certificate, a signature over the exchanged messages. After XIP7131C has received the ServerHello message it computes the shared session secret from the received public share and its own private share, verifies the certificate and the digital signature, and derives the required keys from the shared session secret for securing the bulk communications.

After a secure connection has been established, the bulk communication is protected with the Authentication Encryption with Associated Data (AEAD) scheme AES-GCM with 128-bit key length. This AEAD scheme protects both confidentiality and integrity, the former meaning that no malicious party in the middle of the communication can see the contents of the communication, and the latter that the communicated messages cannot be manipulated without being noticed. XIP7131C adds the required TLS 1.3 fields to each outgoing frame for a given IP address and destination port and encrypts the data payload. For the incoming messages XIP7131C removes the TLS 1.3 fields from the message frames, and decrypts the encrypted data payload.


For more technical and commercial details, including FPGA resources & peak performance as well as ordering instructions, open the full product brief in PDF. Contact us by sending and email to email_career.png, and we’ll get back to you as soon as possible.

Open full product brief

Block diagram

Figure 1: Internal high-level block diagram of XIP7131C

Figure 1: Internal high-level block diagram of XIP7131C

Footnotes

[1] An ephemeral cryptographic key is generated and used only for a single session.


Visit the product family page