FPGA-Based inline encryption bridge using AES-XTS for storage systems

Authors

  • Tran Van Khanh
  • Phan Van Ky
  • Vu Van Viet

DOI:

https://doi.org/10.54654/isj.v2i25.1141

Keywords:

Storage system, hardware encryption, AES-XTS, FPGA, secure storage

Tóm tắt

This paper presents a hardware-based AES-256 XTS encryption system implemented on FPGA, providing a complete inline bridge between a storage controller and the storage device. Unlike prior works that focused only on AES core optimization, this design integrates the core into the full SATA protocol and evaluates end-to-end storage-path performance. The pipelined XTS-AES core enables high-throughput, real-time sector-level encryption with minimal performance impact. FPGA implementation offers flexibility in key sizes and encryption modes, supports algorithm updates through partial reconfiguration, and allows scalability to various storage systems, including NAS storage systems. The main contributions are: (i) proposing an FPGA-based inline encryption architecture with an AES-XTS core fully integrated into the SATA protocol; (ii) implementing and evaluating the encryption performance on a real storage system, demonstrating practical feasibility and transparency in real-time operations.

Downloads

Download data is not yet available.

Author Biography

Tran Van Khanh

 

References

C. Laird, “Taking a Hard-Line Approach to Encryption”, IEEE Computer Society, vol. 40, 2007, pp. 13-15.

Dumitru, L. Alexandru, Eftimie, Sergiu, Fostea, Dan, “An FPGA-based cloud storage gateway”, Naval Academy Publishing House, 2016.

FIPS PUB 197, “Advanced Encryption Standard (AES),” National Institute of Standards and Technology (NIST), Nov. 2001.

G. Saggese, A. Mazzeo, N. Mazzocca, A. G. M. Strollo, “An FPGA-based performance analysis of the unrolling, tiling, and pipelining of the AES algorithm” Field Programmable Logic and Application, 2003, pp. 292-302.

IEEE Std 1619-2007, “IEEE Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices”.

L. Demir, M. Thiery, V. Roca, J. L. Roch, J. M. Tenkes, “Improving dm-crypt performance for XTS-AES mode through extended requests: first results”, HAL open science, 2016.

Yi Wang, A. Kumar, Yajun Ha, “FPGA-based high throughput XTS-AES encryption/decryption for storage area network”, IEEE, 2014.

Martin, L., “XTS: A Mode of AES for Encrypting Hard Disks”, Security & Privacy, IEEE, vol.8, no.3, pp.68-69, May-June 2010.

M. A. Alomari, K. Samsudin, A. R. Ramli, “A Study on Encryption Algorithms and Modes for Disk Encryption”, IEEE, 2009.

Ahmed, Shakil, Naseem, Muhammad, “Efficient AES-XTS Pipelined Implementation on FPGA”, Sir Syed University Research Journal of Engineering & Technology, Vol. 4, No. 1, 2014 pp. 1–6.

Tran, Sy Nam, Luong, The Dung, Nguyen Van Long, “A High Throughput, Low Latency 105Gbps Four-Pipeline Stage AES”, Journal of Science and Technology on Information Security, Vol. 58, No. 1.CS (21), 2024, pp. 21–35.

M. M. Mansour, M. M. Al-Qutayri, and A. Al-Ali, “A high-speed FPGA implementation of the AES algorithm,” in Proc. Int. Conf. on Electronics, Circuits and Systems (ICECS), pp. 1404–1407, 2005.

M. Saqib, F. Anwar, and A. A. Khan, “FPGA-based implementation and performance analysis of XTS-AES encryption for data storage security,” International Journal of Computer Applications, vol. 179, no. 42, 2018, pp. 1–7.

S. Ahmed, K. Samsudin, A. R. Ramli, F. Z. Rokhani, “Effective Implementation of XTS-AES on FPGA”, IEEE, 2011.

S. Ahmed, M. Nassem, “Efficient XTS-AES pipelined Implementation on FPGA”, IEEE, 2014.

SATA-IP Bridge reference design, https://dgway.com/products/IP/SATA-IP/dg_sata_ip_refdesign_bridge_kt7_en/

SATA-IP Device reference design, https://dgway.com/products/IP/SATA-IP/dg_sata_ip_refdesign_device_kt7_en/

SATA-IP Host reference design on 7-Series, https://dgway.com/products/IP/SATA-IP/dg_sata_ip_refdesign_host_7series_en/

SAT- IP Transport & Link Layer, https://dgway.com/products/IP/SATA-IP/dg_sata_ip_data_sheet_7series_en/

S. An, S. C. Seo, “Designing a new XTS-AES parallel optimization implementation technique for fast file encryption”, IEEE, 2022.

Khanh, T. V., Tu, N. V., & Ho, T. P. . (2022). Some issues about upgrading and developing high-speed local IP network encryption devices. Journal of Science and Technology on Information Security, 1(15), 46-55. https://doi.org/10.54654/isj.v1i15.838.

Ky, P. V., Cuong, V. T., & Phuc, L. H. (2021). Solution for Cryptographic Intervention in PCI-Express Data Transmission on FPGA Board. Journal of Science and Technology on Information Security, 2(12), 59-68. https://doi.org/10.54654/isj.v2i12.108.

Downloads

Abstract views: 256 / PDF downloads: 33

Published

2025-09-30

How to Cite

Khanh, T. V., Ky, P. V., & Viet, V. V. (2025). FPGA-Based inline encryption bridge using AES-XTS for storage systems. Journal of Science and Technology on Information Security, 3(26), 5-17. https://doi.org/10.54654/isj.v2i25.1141

Issue

No 3. CS (26) 2025

Section

Papers

License

Proposed Policy for Journals That Offer Open Access

Authors who publish with this journal agree to the following terms:

1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.

2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.

3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).

Proposed Policy for Journals That Offer Delayed Open Access

Authors who publish with this journal agree to the following terms:

1. Authors retain copyright and grant the journal right of first publication, with the work [SPECIFY PERIOD OF TIME] after publication simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.

2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.

3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).