FPGA based Rekeying for cryptographic key management in Storage Area Network

Rekeying process plays an important role in secure large-scale Storage Area Network (SAN) applications. Software based Rekeying management could not completely prevent sensitive information leakage from theoretical and physical attacks. Traditional Rekeying process will suffer from decrypting the large data using the old key and encrypting it with the new key. In order to solve these problems, we proposed a FPGA based flexible and low-cost rekeying management to improve the security and reduce the processing time. In the proposed method, enveloping key is defined and added into the rekeying process to protect the real private key and the user´s access key. During the rekeying process, the user´s access key is substituted and send back to the user instead of real private key. In order to save the transformation time between the Policies Key Control (software) and key management (hardware), we proposed index extraction solution to shorten bit width of transformation from 256-bit to only 32-bit. Experimental results show that our proposed method only takes up 1.099 ms for rekeying process compared with the existing design with 3.91 ms execution time.