TLS 1.3 Client IP Core

XIP7131C is a compact 1 Intellectual Property (IP) core for TLS 1.3 client-side functionality. Transport Layer Security (TLS) is a cryptographic protocol, which provides communication security in computer networks and is used for securing a multitude of different applications ranging from casual Internet browsing to critical infrastructure communications. TLS 1.3 was published as RFC 8446 in August 2018, and it is the most recent version of the TLS standard and includes major modifications and security improvements compared to the earlier TLS versions.

XIP7131C provides a hardware-based security solution level required for mission-critical applications. XIP7131C is optimized for low-area footprint, and it is ideally suited for high-volume FPGA applications, for example industrial automation, energy distribution, and secure edge computing. While the IP core itself has been optimized for low FPGA resource usage, it is capable of encrypting and decrypting bulk transmission speeds in excess of 1 Gbps after the secure connection has been established. XIP7131C supports the TLS 1.3 handshakes for session establishment and the TLS 1.3 record protocol for bulk communication. The IP core implements all cryptographic computations and key management activities required for secure TLS connections with a server. Critical cryptographical computations and key management are both isolated inside the FPGA from the rest of the system, offering a very high level of protection from different types of attacks. All computations are performed in constant time, thus nullifying timing-based side-channel attacks and protecting also against various other types of side-channel attacks. Due to the need to optimize the resource requirements, the supported cryptographic algorithms were carefully selected. XIP7131C supports X25519, Ed25519, SHA-2, HMAC, HKDF, and AES-GCM with 128-bit keys. Internally, XIP7131C includesa True Random Number Generator (TRNG) for generating truly random numbers needed in the TLS protocol, for example, ephemeral [1] keys. The TLS 1.3 IP Core is available for all Intel ® FPGAs.

The functionality of XIP7131C complies with the TLS 1.3 protocol definition in RFC 8446, and it implements at hardware level the required functionality for TLS 1.3 client side operation. The TLS 1.3 client (the FPGA-based XIP7131C IP core) opens a TLS connection with a server by running the client side of the TLS 1.3 handshake protocol. First XIP7131C generates a ClientHello message including the client’s ephemeral X25519 public share and sends it to the server. The server responds with a ServerHello message which includes the server’s ephemeral X25519 public share, the server’s certificate, a signature over the exchanged messages. After XIP7131C has received the ServerHello message it computes the shared session secret from the received public share and its own private share, verifies the certificate and the digital signature, and derives the required keys from the shared session secret for securing the bulk communications.

• see the entire TLS 1.3 Client IP Core datasheet
• get in contact with TLS 1.3 Client IP Core Supplier