Global Sources
EE Times-Asia
Stay in touch with EE Times Asia
EE Times-Asia > Embedded

Peripheral DMA boosts networked MCU security, bandwidth

Posted: 16 Feb 2006 ?? ?Print Version ?Bookmark and Share

Keywords:dany nativel? jacko wilbrink? tim morin? atmel corp? atmel?

Increasingly, embedded control systems are likely to be connected to LANs that have dozens or even thousands of nodes. These include CANs with up to 100 nodes, Zigbee wireless control networks with thousands of interlinked nodes and even Ethernet networks with theoretically unlimited nodes.

mcu chip designers and developers who build systems using them face the challenge of connected devices' ability to transfer and verify large amounts of data over multiple network protocols while providing a high degree of security, especially in wirelessly connected embedded MCU designs.

Controlling a geographically dispersed array of embedded systems over a public network, such as the Internet, radically increases the need for security because it opens up access to those systems. You would not want an outsider hacking your building security or HVAC systems. Thus, access to embedded networks must be controlled and data must be protected by using advanced encryption algorithms such as advanced encryption standard (AES), data encryption standard (DES) and triple data encryption standard (TDES).

Encryption is computationally intensive, frequently requiring dedicated external processors. Simpler encryption algorithms with small keys and/or small data streams can be executed in software. However, if the data rates are high and/or the data has stringent security requirements, more complex algorithms and longer keys are necessary.

At 50MHz, an ARM7-based 32bit MCU can execute software AES encryption at 4.3Mbps. Not only is this not fast enough for many applications, the ARM7 can't execute any of its control functions while it is encrypting or decrypting data. The ARM7 essentially becomes a software co-processor. Large volumes of data make a software implementation in the ARM7 unacceptable. More rigorous algorithms make it impossible.

The most practical solution is to embed an encryption engine directly on the MCU that can execute AES and TDES independently. Again, bandwidth is a primary issue. Embedding an encryption engine on Atmel's SAM7X controllers increases AES encryption throughput to 20Mbps, DES to 12.8Mbps, and TDES to 11.2Mbps.

Although these encryption rates are substantially faster than software implementations, they may not be sufficient for many high data-rate Ethernet applications. Augmenting the MCU hardware with a peripheral dma controller would result in higher data rates.

Use of an enhanced PDC increases AES encryption/decryption throughput to 80Mbps, sufficient for high-bandwidth data transfers. DES bandwidth nearly triples to 32.8Mbps and TDES nearly doubles to 20Mbps.

MCU operations
Even without factoring the high level of security required in most connected MCU applications, vendors who have begun to offer ARM7 MCUs with a variety of network interfacesCAN, Ethernet and USB, TWI, SPI and USART interfacesare finding that there is more to networking such devices than just adding an interface and a protocol stack.

Putting a 10/100 Ethernet MAC, CAN or USB on an ARM7 is not sufficient to network embedded control. The processor must be able to move the data around at the required rate. When you consider that the data rate for full speed USB 2.0 is 12Mbps, the CAN data rate is 1Mbps, Ethernet is 100Mbps, and SPI and USART peripherals can run at 25Mbps, it becomes quite clear that the issue of data transfer must be dealt with in any extensively connected embedded control system.

The core processor has to be augmented so it can handle the huge volumes of data that are likely to pass through it. The ARM7 core in and of itself may not be up to the task. The CPU must directly handle all data transfers one byte at a time. At 50MHz, a 2Mbps data transfer eats up 55 percent of the ARM7's resources; at 4Mbps, all the processor's resources are dedicated to data transfers. There are no cycles left to execute its real-time control application.

At the same time, streaming encryption must support the data rate of the transferring peripheral. Thus, encrypting a data stream for a high-speed SPI or USART transfer requires encryption bandwidth that approaches 25Mbps. Streaming Ethernet encryption must approach 100Mbps. In software, the ARM7 can do AES encryption at only 4.3Mbps, but that is all it can do. It becomes a dedicated encryption software processor. By adding an encryption engine to an ARM7TDMI-based MCU, such as Atmel's SAM7X, streaming encryption can accelerate to 20Mbps for AES, 12.8 for DES, and 11.2Mbps for TDES.

The hardware encryption engine also simplifies the user interface while offering various complex modes defined in the AES and TDES specification. Basically, the message to encrypt/decrypt is passed to the AES or TDES engine through a set of dedicated registers. The encryption key is then placed into another set of registers. Finally, the encryption/decryption process is initiated using a special configuration register. Depending on the operation, plain text or encrypted data can then be found in a set of output data registers.

DMA block transfer
The entire operation can be simplified even further using the automatic block transfer mechanism provided by the use of a peripheral DMA controller. Besides boosting the encryption speed, it allows the end user to encrypt/decrypt data by blocks of bytes instead of single bytes. Basically, the AES and TDES engine embeds dedicated peripheral DMA registers that contain the address of the source data buffer, the number of transfers or encryption/decryption operations (up to 64K transfers) and finally, the address of the output data buffer. The defined block is processed in background without any CPU intervention. A new dual-pointer mode is now available on the ARM7TDMI-based SAM7X that removes the limit of 64K transfers on the peripheral DMA by having an automatic buffer switch when one is empty.

The peripheral DMA controller operates independently of the processor, eliminating interrupt overhead and radically reducing the number of CPU clock cycles required for a data transfer. Each peripheral in the architecture has two dedicated PDC channels, one each for receiving and transmitting data.

The user interface of a PDC channel is integrated in the memory space of each peripheral and contains a 32bit memory pointer register, a 16bit transfer count register, a 32bit register for next memory pointer and a 16bit register for next transfer count. Multiple, continuous and blocks of data from more than one peripheral can be transferred using the PDC, removing the burden of moving data from the processor and sustaining high-speed data transfers on any peripheral.

When performing the necessary encryption functions necessary for secure operation, the use of such an enhanced PDC capability allows the MCU to easily handle the additional data movement load that encryption imposes. By offloading from the CPU the function of transferring data between the peripherals, the memories and the encryption engine, the PDC nearly quadruples AES encryption bandwidth to 80Mbps. DES to 32.8Mbps and TDES to 20Mbps.

The combination of an on-chip encryption engine and a peripheral DMA controller can also result in streaming AES encryption bandwidth that is nearly 20 times greater than can be achieved using software encryption alone. Additionally, it frees up the processor to execute its embedded control functions.

Dany Nativel, ARM Technical Marketing Manager
Jacko Wilbrink, ARM Marketing Manager
Tim Morin, North American ARM Business Development
Atmel Corp.

Article Comments - Peripheral DMA boosts networked MCU ...
*? You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.

Back to Top