Design and performance analysis of a unified, reconfigurable HMAC-hash unit

Abstract

Hash functions are important security primitives used for authentication and data integrity. Among the most popular hash functions are MD5, SHA-1, and RIPEMD-160, which are all based on the function MD4. This similarity can be exploited for designing a unified engine to perform all three hash functions. Hash message authentication code (HMAC) is a shared-key security algorithm that uses these hash functions alternatively for IPSec authentication. Since some other security applications, such as digital signature, also use these three hash functions, it is prudent to design a unified, reconfigurable engine that can perform any one of them alone or with HMAC. In this work, we design an HMAC-hash unit that can be reconfigured to perform one of six standard security algorithms; namely, MD5, SHA-1, RIPEMD-160, HMAC-MD5, HMAC-SHA-1, and HMAC-RIPEMD-160. This paper applied pipelining and parallelism to the design of the HMAC-hash unit to improve throughput, especially for large message sizes. We achieved higher throughput than engines that integrated three hash functions or more and comparable throughput to those integrated only two hash functions. © 2007 IEEE.