WO2008027091A1 - Method and system for password recovery using a hardware accelerator - Google Patents

Method and system for password recovery using a hardware accelerator Download PDF

Info

Publication number
WO2008027091A1
WO2008027091A1 PCT/US2007/011809 US2007011809W WO2008027091A1 WO 2008027091 A1 WO2008027091 A1 WO 2008027091A1 US 2007011809 W US2007011809 W US 2007011809W WO 2008027091 A1 WO2008027091 A1 WO 2008027091A1
Authority
WO
WIPO (PCT)
Prior art keywords
password
computational
software
processing
candidates
Prior art date
Application number
PCT/US2007/011809
Other languages
French (fr)
Other versions
WO2008027091B1 (en
Inventor
Robert C. Botchek
Original Assignee
Tableau, Llc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US11/510,922 external-priority patent/US20080052525A1/en
Priority claimed from US11/511,190 external-priority patent/US20080052429A1/en
Priority claimed from US11/510,894 external-priority patent/US20080052490A1/en
Priority claimed from US11/510,950 external-priority patent/US20080126472A1/en
Application filed by Tableau, Llc filed Critical Tableau, Llc
Publication of WO2008027091A1 publication Critical patent/WO2008027091A1/en
Publication of WO2008027091B1 publication Critical patent/WO2008027091B1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2131Lost password, e.g. recovery of lost or forgotten passwords

Definitions

  • the present invention relates generally to data processing systems and, more particularly, to hardware-based systems capable of performing large scale data processing and evaluation.
  • Methods, apparatus, systems and other embodiments of the present invention utilize a hardware accelerator operating in connection with a host computer system.
  • the host computer system runs software that generates password candidates to be evaluated in a password recovery system.
  • the password candidates can be formatted for computational processing by the hardware accelerator (for example, by formatting software running on the host computer system), for example by generating request packets, each of which includes a single password candidate.
  • the hardware accelerator accepts the password candidates, perhaps as formatted appropriately, and can store a number of password candidates in a memory that is managed by a memory controller.
  • the hardware accelerator also includes a processing matrix made up of a number of FPGAs.
  • Each FPGA can be programmed to have a number of computational blocks, each of which is configured to "consume" or process a single request packet. Processing of a request packet by a computational block generates a response packet that includes computational results corresponding to the single password candidate contained in the consumed request packet.
  • the FPGAs can be arrayed using a nearest neighbor protocol in some embodiments.
  • the response packets also can be stored in and retrieved from the memory using the memory unit, if desired.
  • the response packets retrieved from the memory can be unpacked by the formatting software to yield data to be evaluated by the password recovery software running on the host computer system. Further details and advantages of the invention are provided in the following Detailed Description and the associated Figures.
  • Figure 1 is a flow diagram according to one or more embodiments of the present invention.
  • Figure 2 is a schematic diagram illustrating a host computer system coupled to a hardware accelerator, according to one or more embodiments of the present invention.
  • Figure 3 is a schematic diagram illustrating a logic resource such as an FPGA, according to one or more embodiments of the present invention.
  • Figure 4 is a schematic and flow diagram illustrating data flow between two logic resources of a processing matrix according to one or more embodiments of the present invention.
  • Figure 5 is a state diagram showing request packet flow in a processing matrix according to one or more embodiments of the present invention.
  • Figure 6 is a block diagram of atypical computer system or integrated circuit system suitable for implementing embodiments of the present invention, including a hardware accelerator that can be implemented and/or coupled to the computer system according to one or more embodiments of the present invention.
  • Embodiments of the present invention relate to techniques, apparatus, methods, etc. that can be used in password recovery.
  • a specific family of password recovery techniques may be termed "brute force” attacks wherein specialized and/or specially adapted software/equipment is used to try some or all possible passwords.
  • the most effective such brute force attacks frequently rely on an understanding of human factors. For example, most people select passwords that are derived from words or names in their environment and which are therefore easier to remember (for example, names of relatives, pets, local or favorite places, etc.).
  • This understanding of the human factors behind the selection of passwords allows the designers of the "brute force” attacks to focus the attacks on words derived from a "dictionary” which itself is based on and constructed from an understanding of the environment in which a password was selected.
  • Embodiments of the present invention include systems, apparatus, methods, etc. used to implement custom hardware and control software which is optimized to perform parallel brute force attacks on data encryption schemes such as password recovery systems.
  • a hardware accelerator according to the present invention can generally be characterized as possessing three functional levels and/or blocks: 1) a front-end interface designed to communicate with a computer (for example, a host computer on which password recovery or other encryption breaking software and intermediate software are executing), 2) a memory unit having a buffer and an associated controller, wherein the buffer stores both unprocessed data (for example, blocks of passwords or other encrypted data to be processed) and blocks of computational results to be sent to the host's software or elsewhere, and 3) a processing matrix of symmetric logic resources (for example, field programmable gate arrays, or "FPGAs”) configurable to perform the specific computations required of encryption schemes being addressed.
  • a front-end interface designed to communicate with a computer (for example, a host computer on which password recovery or other encryption breaking software and intermediate software are executing)
  • Some embodiments of the present invention are designed to work in conjunction with existing applications, such as password recovery applications.
  • password recovery applications can function as primary software in embodiments of the present invention and are already capable of generating lists of password candidates to be tested, to compute cipher keys based on each password candidate, and to test the validity of each cipher key.
  • Earlier password recovery applications have been limited in their performance by the computational capability of the computer processors on which they were executed.
  • the responsibility of calculating cipher keys is outsourced from the password recovery applications to an invoked intermediate software API (Application Programming Interface) to send passwords to one or more hardware accelerators according to embodiments of the present invention.
  • Each hardware accelerator performs the computationally expensive cipher calculations and then returns its results to the intermediate software API, which in turn sends the results to the password recovery applications.
  • FIG. 1 One embodiment of such a system is shown in Figure 1, where method 100 begins at 110 with data (for example, blocks) being generated for testing. In some embodiments, this block generation can be performed by software running on a host computer to create password candidates for testing. At 120 the data to be tested can be formatted for test processing. In the example involving password discovery, an intermediate software layer, such as the above- referenced invoked API, can format and package the password candidates for processing by one or more hardware accelerators. The blocks can then be processed at 130, for example by processing the password candidates to try and find a target password.
  • a processing matrix in the hardware accelerator can look for particular signatures in the matrix calculation results to validate the probability that a given password candidate is the target password. In other situations, such a processing matrix can return processing results to an external entity or module, such as the primary or intermediate software, for further validation of the calculations and/or determinations regarding the target password.
  • the results of processing done at 130 are received for further evaluation or the like, for example receipt by the intermediate software layer for unpacking of the processing results and forwarding the unpacked results to the primary software.
  • Validation and/or verification can be performed at 150.
  • the primary software can verify whether one or more password candidates are indeed the target password sought by the primary software.
  • the primary software performs substantive generation and evaluation of password candidates in some embodiments.
  • the intermediate software formats data exchanged between the primary software and the hardware accelerator, whether computational results or password candidates, and the hardware accelerator performs the computationally expensive processing of the candidate data. Other general schemes will be apparent to those skilled in the art.
  • FIG. 2 One hardware accelerator system 200 capable of performing such methods is shown in Figure 2.
  • two input types are available - a USB input 202 and a Fire Wire input 204.
  • a host computer 230 running primary software that utilizes the advantageous processing characteristics of the present invention.
  • phrases such as “coupled to” and “connected to” and the like are used herein to describe a connection between two devices, elements and/or components and are intended to mean coupled either directly together, or indirectly, for example via one or more intervening elements or via a wireless connection, where appropriate.
  • a bridge 206 connects these inputs 202, 204 to a gateway 208 and transfers data between a host computer interface and a storage interface.
  • bridge 206 can be an Oxford Semiconductor OXUF922 device
  • the host computer interface can be a 1394 interface 204 or a USB interface 202
  • the storage interface can be an IDE BUS 207.
  • Devices such as the Oxford Semiconductor are inexpensive, readily available, and are well optimized for moving data between the host computer interface and the storage interface.
  • IDE BUS 207 may require additional bus interface logic in gateway 208, this additional complexity is more than offset by the cost, availability, and performance advantages afforded by the selection of an appropriate bridge 206.
  • Gateway 208 can be a device, a software module, a hardware module or combination of one or more of these, as will be appreciated by those skilled in the art.
  • gateway 208 can be a device such as an application specific integrated circuit (ASIC), microprocessor, master FPGA or the like, as will be appreciated by those skilled in the art.
  • ASIC application specific integrated circuit
  • microprocessor microprocessor
  • master FPGA master FPGA
  • a memory unit 210 is coupled to the gateway 208 and is used for storing (for example, in a DDR SDRAM memory) incoming data to be processed (for example, blocks of password candidates) and for storing computational results from the processing matrix 250.
  • the bridge 206 and the gateway 208 are coupled to another memory unit 212 via a processor bus 209 (for example, an ARM bus or the like).
  • Memory unit 212 can include flash memory containing code and/or FPGA configuration data, as well as other information needed for operation of the system 200.
  • Logic for controlling and configuring the gateway 208 and configuration data in unit 212 can be housed in a module 214.
  • additional controls, features, etc. for example, temperature sensing, fan control, etc.
  • Gateway 208 controls data flow into and out of processing matrix 250.
  • processing matrix 250 has a plurality of logic resources 255 (for example, programmable devices such as FPGAs) coupled to one another using a "nearest neighbor" configuration and/or protocol, which is explained in more detail below.
  • Each matrix logic resource 255 is provided with one or more clock signals 262 and data/control signals 264. FPGA coupling and use of these signals are described in more detail below.
  • the northwestern-most device 255 is the device farthest upstream in the array. Thus request packets from the gateway 208 flow downstream to all other devices from this northwestern-most position and all response packets in this embodiment flow back to this northwestern-most position in the array 250.
  • Some embodiments of the present invention provide significant advantages by emulating block-oriented storage devices (for example, a hard disk) when communicating with a host computer. Such emulation radically simplifies a number of software development problems and greatly enhances portability of the processing system of the present invention across different host and operating system environments.
  • Software on the host computer 230 can read from a well-known address (for example, sector 0 is an example of one such well-known address, though there are many alternative, addresses that can be used, as will be appreciated by those skilled in the art) to determine the current status and capabilities of the hardware accelerator 200.
  • the hardware accelerator 200 generally disallows block write operations to the well- known address to prevent standard block-oriented drivers and utilities in the host computer's operating system (O/S) from attempting to format the contents of the perceived block-oriented storage device (that is, the hardware accelerator 200), thus dissuading standard drivers from attempting other input/output (I/O) operations to the hardware accelerator 200 that is emulating a block-oriented storage device.
  • O/S operating system
  • I/O input/output
  • Atomic units of work can be formatted into “request packets” by intermediate software on the host computer 230 and then concatenated into arrays of request packets (which can be padded to multiples of 512 bytes in length, inasmuch as 512 bytes is a typical block size when transferring data to/from a block-oriented storage device).
  • the padded arrays of request packets are then transmitted to the hardware accelerator 200 using a block write request appropriate for the interface bus through which the hardware accelerator is connected. (The necessary sector address for the block write request can be made known to host software through information returned in response to reading the well-known address.)
  • the hardware accelerator 200 buffers this block-oriented data transmission in on-board memory 210.
  • the on-board memory 210 is conceptually organized in the system of Figure 2 as a FIFO.
  • An on-board memory controller which may be part of the gateway 208, extracts successive request packets from the on-board memory and re-transmits the request packets, typically one at a time, to the logic resources 255 of FPGA matrix 250, which generate computational results from the request packets and send these results to the host computer 230 (for example, to the intermediate software for formatting and/or other processing before substantive review/evaluation by the primary software).
  • the logic resources format “responses” into “response packets” and transmit these response packets to the on-board memory controller which in turn stores the response packets in on-board memory 210.
  • the memory dedicated to response packets is conceptually organized as a FIFO.
  • software on the host computer 230 performs block read requests to the hardware accelerator 200 at periodic intervals. (As with earlier block write requests, the necessary sector address for the block read request can be made known to host software through information returned in response to reading the well-known address.)
  • the hardware accelerator 200 interprets these block read requests as requests to read from the response packet FIFO in memory buffer 210.
  • the memory controller concatenates response packets into arrays of response packets and then pad the end of the data transfer to a multiple of 512 bytes in length. Further, the memory controller ensures that only whole response packets are returned to the host computer. That is, a single response packet will not be split across two read requests from the host computer.
  • the hardware accelerator is designed to run across a number of different host computer and O/S environments. Normally, to make custom hardware such as the hardware accelerator compatible with diverse environments, earlier systems and the like would require the development of custom device drivers for each of the environments. The development of such device drivers is generally complex, time-consuming, and expensive. To eliminate this need, the present invention can use one or more standard block-oriented storage protocols (for example, hard disk protocols) to communicate with the host computer.
  • Current O/S environments have built-in support for devices which support standard block-oriented storage protocols. This built-in support means that application level code on the host computer typically can communicate with a block-oriented storage device without needing custom drivers or other "kernel" level code. For example, in most current O/S environments, an application can query the identity of all attached block-oriented storage devices, "open" one of the devices, then perform arbitrary block read and write operations to that device.
  • the hardware accelerator is connected to the host computer via an IEEE- 1394 (that is, Fire Wire) or USB (Universal Serial Bus) interface.
  • the hardware accelerator exposes itself to the host computer as a storage device.
  • the hardware accelerator exposes itself as an SBP-2 (Serial Bus Protocol-2) device, which is the standard way block-oriented storage devices are exposed over 1394.
  • SBP-2 Serial Bus Protocol-2
  • USB the hardware accelerator exposes itself as a device conforming to the USB Mass Storage Class Specification, which is the standard way block-oriented storage devices are exposed over USB.
  • Request and response packets can share a common, generalized header structure in some embodiments of the present invention.
  • the contents of a given request/response packet payload may vary depending on the nature of the computation being performed by the hardware accelerator.
  • Table 1 provides an exemplary packet structure (all multi-byte integer values such as packet length, signature word, etc. are stored in little-endian byte order, where the least significant byte of each multi-byte integer value is stored at the lowest offset within the packet):
  • the Packet Length field defines a total packet length of n bytes, where (in this embodiment) n is always an even value greater than or equal to 6. Placing the Packet Length field at the beginning of the packet simplifies hardware design, allowing hardware to detect/determine total packet length by inspecting only the packet's first 16-bit word.
  • the Signature Word is a 32-bit project or task "identifier" value and is unique for all packets at any given point in time. Signature words provide an efficient mechanism for associating request and response packets. This feature of this embodiment allows request packets to be processed by an arbitrary logic resource and to be processed in non-deterministic order.
  • Signature Word values can be assigned by software in the host computer when the host, software formats the request packets using any algorithm to assign and re-use Signature Word values so long as no two active (that is, outstanding) request packets sent to the same hardware accelerator have the same Signature Word value at the same time.
  • software on the host computer may determine that a maximum of M request packets can be outstanding at a time for a given hardware accelerator. Then, software may allocate an array S of M 32-bit storage elements. Software would initialize array S 1 such that:
  • array S software on the host computer can allocate a second array R of M storage elements. Each element in this second array will provide storage for one request packet. Assuming that array S is initialized as shown above, then Signature Word values in array S can be used as indexes into the second array of structures R. As each Signature Word value is unique, the host software is guaranteed that the element thus selected in array R is not currently in use and may be used as storage for a newly formatted request packet.
  • the Signature Word value in the response packet is used to associate the response packet with the element in array R which stores the original request packet. In this way, host software can efficiently associate requests and responses even though responses arrive in a non- deterministic order.
  • Tables 2 and 3 show examples of request and response packets that may appear in implementations of a hardware accelerator designed to do password attack computations:
  • Cipher key calculated for password (example only)
  • performing a block read request to the well-known address on the hardware accelerator can return a status and capabilities structure as shown in Table 4:
  • Firmware Stepping, Firmware Build Date, and Firmware Build Time allow host software to determine automatically the generation of firmware running in the hardware accelerator.
  • Matrix Technology Code, Matrix Row Count, and Matrix Column Count allow host software to determine the FPGA technology and FPGA matrix dimensions. Buffer
  • Memory Size indicates the total amount of buffer memory installed in the hardware accelerator.
  • Request FIFO Data Available Count indicates the maximum number of bytes that may be written to the Request Packet FIFO at the present time and Request FIFO Address indicates the sector address to be used when writing to the Request Packet FIFO.
  • Response FIFO Data Available Count indicates the maximum number of bytes which may be read from the Response Packet FIFO at the present time and Response FIFO Address indicates the sector address to be used when reading from the Response Packet FIFO.
  • Configuration Sector Address identifies the sector address of the Configuration Sector. The Configuration Sector is written by host software to set the current operating parameters of the hardware accelerator.
  • Bit-Stream Size indicates the maximum length of FPGA configuration bit stream which can be written by the host.
  • Bit-Stream Sector Address identifies the sector address to be used when writing an FPGA configuration bit stream to the hardware accelerator.
  • SRAM-based FPGAs in the hardware accelerator are not configured.
  • host software Before the hardware accelerator can process request packets, host software must write an appropriate FPGA configuration bit stream to the hardware accelerator.
  • Each FPGA may be configured with the same or different configuration bit streams as necessary to implement the logic resources as required for a given hardware accelerator application.
  • Configuration bit streams are developed using FPGA development tools appropriate for the FPGAs as used in the matrix of the hardware accelerator.
  • the FPGAs in the hardware accelerator matrix are Xilinx XC3S1600E-FG320 components.
  • Host software can perform block reads and block writes of the Configuration Sector to configure matrix FPGAs in the hardware accelerator according to the format of Table 5:
  • the Control Word contains a number of bits which direct firmware in the hardware accelerator to perform FPGA configuration actions.
  • a Control Word may be configured as follows:
  • setting the START bit to "1" triggers the beginning of FPGA configuration for the FPGA identified by FPGA Row Address and FPGA Column Address.
  • the START bit resets automatically to “0” thereafter.
  • Setting DEVJEN to "1” turns on power to the indicated FPGA.
  • DEV_EN should always be set to "1” either before or when attempted to configure the FPGA.
  • Setting the CFG_RST bit to a "1” resets the hardware accelerator configuration logic and restores the FPGA Configuration Bit- Stream address pointer to the beginning of the FPGA Configuration Bit Stream Configuration Buffer.
  • the CFG RST bit resets to "0” automatically.
  • Setting the MTRX_RST bit to a "1” resets all logic in the FPGA matrix. This operation is global to all FPGAs in the matrix.
  • MTRX_RST should be used, for example, at the end of a hardware acceleration job.
  • the MTRX-RST bit resets to "0" automatically.
  • the Status Word contains a number of bits which indicate the status of the current FPGA configuration operation.
  • a Status Word may be configured as follows:
  • BUSY is read as "1" when the hardware accelerator is busy processing a configuration request.
  • INIT and DONE indicate that the FPGA is driving its configuration INIT and DONE signals, respectively.
  • DEV_EN is read as "1" when the FPGA is powered ON.
  • the Status Word bits always reflect the configuration state of the FPGA identified by the row and column in FPGA Row Address and FPGA Column Address, respectively.
  • FPGA Row Address and FPGA Column Address are written by the host to indicate the coordinates of an FPGA within the matrix to be configured.
  • FPGA Bit-Stream Length indicates the length of the configuration bit-stream that has been written from the host to the FPGA Configuration Bit-Stream Buffer. This indicates the number of FPGA configuration bits that should be copied from the FPGA Configuration Bit- Stream Buffer to the selected FPGA during configuration.
  • the FPGA Configuration Bit-Stream Buffer is the memory that is written when host software performs block write operations to the FPGA Configuration Bit-Stream Sector address. Before writing a new bit stream, host software should always write a "1" to the CFG_RST in the Control Word.
  • jobs such as attacking passwords by brute force can be split among a traditional processor-based application, an intermediate software layer (the API), and a custom and/or customizable hardware-based accelerator.
  • the hardware accelerator while specialized in its ability to receive and process large quantities of passwords or other encrypted data, is nonetheless general and adaptable in its ability to be configured to work on a large number of different tasks (for example, in the case of attacking passwords, encryption algorithms). This flexibility is derived, in part, from the use of FPGAs and/or other programmable devices in one or more implementations of the hardware accelerator.
  • SRAM- based FPGAs which do not retain their configuration (that is, their programming) across power-down, reflect the practice of building such devices on an underlying matrix of static RAM based memory cells. This FPGA variety is usable in embodiments of the present invention.
  • Hardware accelerators can generally be thought of as possessing three major functional blocks: 1) a front-end interface designed to communicate with a host computer on which the primary software (for example, password recovery software) and intermediate software are executing, 2) a memory unit having a controller coupled to a buffer that stores candidate data to be processed and computational results to be sent to the host computer's software for evaluation and/or further processing, and 3) a processing matrix of symmetric logic resources (for example, an FPGA matrix) capable of being configured to perform the specific computations required of each encryption scheme.
  • the front-end interface allows a hardware accelerator to be coupled to the host computer via one or more interfaces that allow easy connection to a wide variety of host computers.
  • Fire Wire and/or USB interfaces are commonly in use and can be used in connection with embodiments of the present invention.
  • the memory unit (comprising, for example, a memory and its associated controller) is responsible for buffering blocks of passwords to be processed.
  • the memory controller and memory are also responsible for buffering the computational results generated for each password so that those results can be transmitted back to the host computer.
  • the processing matrix of symmetric logic resources is built using SRAM-based FPGAs in some embodiments of the present invention.
  • SRAM-based FPGAs accomplishes two objectives: 1) the logic resources can be reconfigured readily to perform different functions (for example, attacks on different encryption schemes), and 2) SRAM-based FPGAs tend to cost less per unit logic than other FPGA technologies, allowing more logic resources to be deployed at a given cost, and thus increasing the number of password attacks that can be performed in parallel at a given hardware cost.
  • each password candidate or other candidate data packet can be formatted into a "request packet" buffered in the memory unit of the hardware accelerator, while the computational results generated for each password candidate or other candidate data are formatted into a "response packet" that also are temporarily buffered in the memory unit prior to transmission to the host computer.
  • a single logic resource 300 such as an FPGA
  • Device 300 could be any of the devices 255 of Figure 2, though one or more neighboring device interfaces might be inactive, depending on the position of device 300 in the processing matrix 250. Every logic resource 300 in the example of Figure 3 must have at least one clock signal, coming from a west neighbor, a north neighbor, or both.
  • two clock signals 262n and 262w are shown as inputs to device 300.
  • a clock signal multiplexer 302 selects which signal to use.
  • a clock multiplexer control signal can be provided by a detection coordination unit 304 or the like, as will be appreciated by those skilled in the art.
  • Each device 300 can have a west nearest neighbor interface 310, a north nearest neighbor interface 312, an east nearest neighbor interface 314 and a south nearest neighbor interface 316.
  • a request packet available at the west interface 310 or the north interface 312 is available to be sent to a downstream multiplexer 320, which feeds incoming downstream request packets to a downstream FIFO buffer 322. From FIFO buffer 322, downstream request packets are sent to a request packet router 324.
  • router 324 can either send a downstream request packet to the computational block(s) 350 of device 300 for processing in device 300 or make the request packet available to the east interface 314 and/or south interface 316 for possible processing further downstream (at a neighboring device).
  • Device 300 can contain one or more computational blocks 350, depending on the space and resources available on a given type of device 300 (for example, an FPGA) 5 the complexity and/or other computational costs of processing to be performed on request packets, etc.
  • device 300 might contain multiple instantiations of such computational blocks 350 so that multiple request packets can be processed simultaneously in parallel on a single device 300. For purposes of this discussion, it is assumed that device 300 can have such multiple instantiations of a required computational block 350.
  • the east interface 314 and south interface 316 can be coupled to an upstream multiplexer 330.
  • Multiplexer 330 also receives completed computational results as response packets from the computational blocks 350 of device 300.
  • Multiplexer 330 provides the response packets it receives to an upstream FIFO buffer 332 and thence to an upstream response packet router 334.
  • Upstream response packet router 334 can send the response packets it receives to either the north interface 312 or the west interface 310 for further upstream migration toward the gateway.
  • Detection coordinator 304 also can control other elements of device 300, such as the downstream multiplexer 320 and upstream response packet router 334.
  • An upstream FPGA 410 can provide a synchronous clock signal 420, downstream control signals 422 and data on a bi-directional signal line 424 (for example, carrying 16 bits) to a downstream FPGA 430.
  • downstream FPGA 430 can provide upstream control signals 432 and data on bidirectional signal line 424 to upstream FPGA 410.
  • Downstream control/status can include: 0000 - Idle
  • the upstream FPGA 410 is always the arbiter, so that when both the upstream FPGA 410 and the downstream FPGA 430 request a transmit at the same time, the upstream FPGA 410 determines which command will take priority.
  • the downstream FPGA 430 is responsible for propagating the synchronous clock signal to any FPG A(s) further downstream.
  • an upstream device can request a transmit 504 to a downstream device, after which a transmit request is pending at state 506.
  • the upstream device can cancel the transmit at 508 by going back to IDLE 502 or can commit to the transmit at 510 by going to the transmit ready state 512 (which can include "transmit ready” and/or "transmit ready EOP" states, where the upstream device drives the data bus).
  • the upstream device can pause by going at 516 to a transmit wait state 518 (after which the upstream device returns at 520 to the transmit ready state 512) or can complete the transmission at 514, after which the upstream device returns to IDLE 502.
  • the upstream device can sit in IDLE 502 until a receipt request is received.
  • the upstream device can acknowledge the request at 522 and enter the receive acknowledged state 524.
  • the device can hold this state at 526, cancel the reception at 528 by returning to IDLE 502, or move at 530 to a receive ready state 532 when the downstream device commits to sending the data to the upstream device.
  • the device can wait by moving at 536 to a receive wait state 538, after which it returns at 540 to the receive ready state 532.
  • the device can move at 534 back to the IDLE state 502.
  • control/status bits can change on the negative edge of a synchronous clock signal while data can be clocked on the positive edge of the synchronizing clock only when both upstream and downstream devices are signaling "ready.”
  • Clock synchronization is a major problem in complex digital logic designs such as those found in embodiments of the present invention.
  • a "nearest neighbor" scheme can be used in some embodiments of the present invention.
  • each FPGA in the processing matrix only communicates with one or more of its nearest neighbors in the matrix.
  • the terms North, South, East, and West are used herein to designate the 4 nearest neighbors to a given programmable device, using the cardinal points of the compass in their usual two dimensional sense. There is no communication along diagonals in the matrix, nor is there direct communication or electrical connectivity with any other programmable device farther than the nearest neighbor in each of the above four directions.
  • each computational resource has a maximum of 4 nearest neighbors.
  • many different nearest neighbor configurations can be implemented and used, depending on the type of computational resources employed in the sea of computational resources and the desired computational use(s) and/or purpose(s).
  • the 2-dimensional matrix shown in the Figures can be replaced by a 3-dimensional, multi-layer configuration, a 2-dimensional star array, etc.
  • the nearest neighbor pairings will function analogously and thus provide the multiple pairings described in detail herein.
  • FIG. 2 One "nearest neighbor” architecture that can be employed in embodiments of the present invention is shown in processing matrix 250 of Figure 2, where each "interior” device 255i is coupled to its 4 neighboring devices, each "edge” device 255e is coupled to 3 of its neighboring devices, and each “corner” devices 255c is coupled to 2 of its neighboring devices.
  • This nearest neighbor architecture of Figure 2 facilitates the design of a symmetric array of FPGA-based logic resources with the following attributes, among others:
  • ⁇ Nearest-neighbors can communicate bi-directionally at high-speed.
  • Each matrix device (for example, FPGA-based logic resource) is clock synchronized to its nearest neighbor to the "North” or to the "West” in the matrix.
  • Each matrix device (for example, FPGA-based logic resource) communicates with resources no farther than its nearest neighbors vertically (North and/or South) and/or horizontally (East and/or West).
  • ⁇ Request packets flow from the gateway 208 and upper left (northwest-most) device 255 to the lower right (that is, in a generally southeast migration).
  • the matrix dimensions can scale more or less arbitrarily, allowing matrices of greater or fewer resources (through the number of resources and/or through the coupling scheme between resources) to be deployed as best fits the cost and performance requirements of the design.
  • the nearest neighbor architecture is the available bidirectional transfer protocol. This protocol can govern transfers between each pair of coupled adjacent neighbors in the matrix. Pairings are either vertical (that is, north-south) or horizontal (that is, east-west). In vertical pairings in the embodiment shown in Figure 2, the neighbor to the North is the master and in horizontal pairings the neighbor to the West is the Master. Likewise, the neighbor to the South or East is the Slave. In this discussion, the Master is also sometimes termed the "upstream" neighbor and transfers towards the master are termed
  • Each master is responsible for propagating/driving the synchronizing clock to the slave.
  • the master also is responsible for determining the direction of each data transfer on the bi- directional interface. If the master and the slave make simultaneous requests to transfer data, the master arbitrates the conflicting requests and determines the prevailing transfer direction.
  • Each FPGA has one or more computational blocks capable of processing request packets (for example, each programmable device 255 can be programmed to implement 1, 2, 3, 8, 12 or any other number of computational blocks within the programmable device, as will be appreciated by those skilled in the art).
  • Each computational block within an FPGA is always in one of two states: 1) idle — not currently processing a request packet, or 2) busy — actively processing a request packet (also referred to herein as "consuming" a request packet, which generates a response packet containing a computational result).
  • Each FPGA has an input FIFO that can buffer one or more request packets (it is advantageous in most embodiments to have the FIFO large enough to make sure that the computational blocks are idle for as short a time as possible —that is, it generally is good for there to be one or more request packets waiting at all times in each device of the processing matrix).
  • a processing matrix device If a processing matrix device has an idle computational block, it prefers to consume a request packet rather than passing it to a downstream neighbor.
  • the FPGA will offer the request packet to one or more of its downstream neighbors (that is, the neighbor to the South or the neighbor to the East in Figure 2).
  • some embodiments of the present invention use a "three-phase" nearest-neighbor protocol (which can be considered in light of the state machine 500 of Figure 5 in some embodiments of the present invention).
  • an upstream neighbor "offers" a request packet to one or more downstream neighbors.
  • the upstream neighbor either commits to the transfer or cancels the transfer.
  • the upstream neighbor can only commit to the transfer if its downstream neighbor is currently indicating that it can accept the transfer.
  • a downstream neighbor signals that it is able to accept a transfer by entering the "request acknowledge" state.
  • a downstream neighbor Once having entered the "request acknowledge" state, a downstream neighbor cannot leave this state unless and until the upstream neighbor commits to the transfer or cancels the transfer request.
  • the upstream neighbor may cancel a transfer request whether or not the downstream neighbor has entered the request acknowledge state.
  • the upstream neighbor begins and ultimately completes the transfer of a request packet to a downstream neighbor.
  • the flow of response packets from downstream neighbors towards their upstream neighbors can be symmetric to that described for the flow of request packets.
  • the downstream (or slave) device is responsible for offering a response packet and then committing to the transfer.
  • the upstream (or master) device is responsible for accepting response packets.
  • a particularly advantageous characteristic of this architecture is the ability of a processing matrix device to offer a packet for transfer without specifically committing to the transfer of that packet. This capability allows each device in the processing matrix: 1) to offer packets to more than one nearest neighbor without knowing in advance which neighbor will ultimately accept the packet, and 2) to offer packets to neighbors while still retaining the option to process a packet internally.
  • This three-phase protocol permits nearly optimal utilization of logic and communication resources within the matrix.
  • Each device/FPGA then communicates "upstream" with the device/FPGA from which it receives its synchronizing clock using the bi-directional data interface discussed above.
  • This data interface operates synchronously to the clock. Request packets are passed from the "upstream” neighbor to the "downstream” neighbor, and response packets are passed in the reverse direction. In this manner, the problems of clock synchronization across the hardware accelerator are greatly mitigated. In this scheme, it is necessary only for "nearest neighbors" (that is, upstream/downstream computational resource pairings) to be synchronized with each other.
  • appropriate request packets are fed into the processing matrix by the memory controller. If logic resources in a given device/FPGA are available to process the request packet immediately, the request packet is said to be "consumed” by the given device/FPGA (that is, the atomic unit of work is processed to generate a computational result). If no logic resources are presently available to process the request packet, then the device/FPGA will attempt to pass the request packet to one of its downstream neighbors (to the "East” or to the "South” in Figure 2). This process continues until all logic resources are busy and a given request packet can be passed no further downstream (East or South). As logic resources complete the processing associated with each candidate data block (for example, a password candidate), those logic resources once again become available to process new requests.
  • Figure 6 illustrates a typical computer system that can be used as a host computer and/or other component in a system in accordance with one or more embodiments of the present invention.
  • the computer system 600 of Figure 6 can execute primary and/or intermediate software, as discuss in connection with embodiments of the present invention above.
  • the computer system 600 includes any number of processors 602 (also referred to as central processing units, or CPUs) that are coupled to storage devices including primary storage 606 (typically a random access memory, or RAM), primary storage 604 (typically a read only memory, or ROM).
  • primary storage 604 acts to transfer data and instructions uni-directionally to the CPU and primary storage 606 is used typically to transfer data and instructions in a bi-directional manner.
  • a mass storage device 608 also is coupled bi-directionally to CPU 602 and provides additional data storage capacity ' and may include any of the computer-readable media described above.
  • the mass storage device 608 may be used to store programs, data and the like and is typically a secondary storage medium such as a hard disk that is slower than primary storage. It will be appreciated that the information retained within the mass storage device 608, may, in appropriate cases, be incorporated in standard fashion as part of primary storage 606 as virtual memory.
  • a specific mass storage device such as a CD-ROM 614 may also pass data uni-directionally to the CPU.
  • CPU 602 also is coupled to an interface 610 that includes one or more input/output devices such as such as video monitors, track balls, mice, keyboards, microphones, touch- sensitive displays, transducer card readers, magnetic or paper tape readers, tablets, styluses, voice or handwriting recognizers, or other well-known input devices such as, of course, other computers.
  • CPU 602 optionally may be coupled to a computer or telecommunications network using a network connection as shown generally at 612. With such a network connection, it is contemplated that the CPU might receive information from the network, or might output information to the network in the course of performing described method steps.
  • CPU 602 when it is part of a host computer or the like, optionally may be coupled to a hardware accelerator 200 or other embodiment of the present invention that is used to assist with computationally expensive processing and/or other tasks.
  • Apparatus 200 can be the specific embodiment of Figure 2 or a related embodiment of the present invention.
  • the above-described devices and materials will be familiar to those of skill in the computer hardware and software arts.
  • the hardware elements described above may define multiple software modules for performing the operations of this invention. For example, instructions for running a data encryption cracking program, password breaking program, etc. may be stored on mass storage device 608 or 614 and executed on CPU 602 in conjunction with primary memory 606.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Advance Control (AREA)
  • Storage Device Security (AREA)

Abstract

Password recovery utilizes a hardware accelerator operating in connection with a host computer system that runs software to generate and format password candidates for computational processing. The hardware accelerator accepts formatted password candidates and can store a number of these candidates in a memory that is managed by a memory controller. A processing matrix is made up of a number of FPGAs which each can be programmed to run a number of computational blocks that are configured to 'consume' or process a request packet containing a single password candidate. This multiple FPGA, multiple computational block configuration allows parallel processing of numerous password candidates by the hardware accelerator, a process that is normally computationally expensive. Processing of a request packet by a computational block generates a response packet that includes computational results corresponding to the single password candidate contained in the consumed request packet. The FPGAs can be arrayed using a nearest neighbor protocol in some embodiments. The request and response packets can be stored in and retrieved from the memory using a memory controller. The response packets retrieved from the memory can be unpacked by software to yield data to be evaluated by password recovery software running on the host computer system.

Description

PATENT APPLICATION
TITLE OF THE INVENTION
PASSWORD RECOVERY
o
Inventor: Robert C. Botchek
3855 Charter Point Court
Brookfϊeld, Wisconsin 53045
A Citizen of the United States of America
Assignee: Tableau, LLC
0 Waukesha, Wisconsin
Sylke Law Offices, LLC 756 N. Milwaukee Street Suite 210
Milwaukee, Wisconsin 53202 Telephone (414) 431 -2317 PASSWORD RECOVERY
Robert C. Botchek
CROSS-REFERENCE TO RELATED APPLICATIONS
This application claims the benefit of priority under 35 U.S. C. § 119(e) and any other United States or other law of the following: U.S. Serial No. 11/510,922 (Atty. Docket No. 2002- pO2) filed August 28, 2006, entitled PASSWORD RECOVERY, the entire disclosure of which is incorporated herein by reference in its entirety for all purposes; U.S. Serial No. 11/510,950 (Atty. Docket No. 2002-p03) filed August 28, 2006, entitled COMPUTER
COMMUNICATION, the entire disclosure of which is incorporated herein by reference in its entirety for all purposes; U.S. Serial No. 11/511,190 (Atty. Docket No. 2002-p04) filed August 28, 2006, entitled OFF-BOARD COMPUTATIONAL RESOURCES, the entire disclosure of which is incorporated herein by reference in its entirety for all purposes; and U.S. Serial No. 1 1/510,894 (Atty. Docket No. 2002-p05) filed August 28, 2006, entitled COMPUTATIONAL RESOURCE ARRAY, the entire disclosures of which are incorporated herein by reference in their entireties for all purposes.
BACKGROUND Technical Field
The present invention relates generally to data processing systems and, more particularly, to hardware-based systems capable of performing large scale data processing and evaluation.
Description of Related Art
Many different types of electronic data are protected by passwords. In many systems, this protection takes the form of encryption wherein a password is used to generate a cipher key. Once encrypted using this cipher key, the data is rendered meaningless unless one possesses the correct password to decrypt the data. In a number of legitimate (that is, legal) situations, a person not in possession of the password must be able to gain access to the protected data. The original creator or owner of the data may need to be able to regain access to data when the password has been lost. In other cases, an employer or other party entitled to access to the encrypted data might not have the password available (for example, when the employee who encrypted the data has left the organization). Alternatively, law enforcement or intelligence services may need to be able to gain access to data which has been seized through a law enforcement action or intelligence operation.
The process of recovering passwords in order to gain access to such encrypted information falls in the field of "password recovery." Commercial and other organizations have developed techniques for password recovery. These techniques take on many different forms depending on the specific schemes employed by different applications to protect/encrypt the original data.
Systems, methods and techniques that provide a more effective and computationally inexpensive way to perform password recovery would represent a significant advancement in the art. Also, systems, methods and techniques that allow a hardware accelerator to have such computationally expensive work outsourced from a primary software program likewise would represent a significant advancement in the art.
BRIEF SUMMARY
Methods, apparatus, systems and other embodiments of the present invention utilize a hardware accelerator operating in connection with a host computer system. The host computer system runs software that generates password candidates to be evaluated in a password recovery system. The password candidates can be formatted for computational processing by the hardware accelerator (for example, by formatting software running on the host computer system), for example by generating request packets, each of which includes a single password candidate.
The hardware accelerator accepts the password candidates, perhaps as formatted appropriately, and can store a number of password candidates in a memory that is managed by a memory controller. The hardware accelerator also includes a processing matrix made up of a number of FPGAs. Each FPGA can be programmed to have a number of computational blocks, each of which is configured to "consume" or process a single request packet. Processing of a request packet by a computational block generates a response packet that includes computational results corresponding to the single password candidate contained in the consumed request packet. The FPGAs can be arrayed using a nearest neighbor protocol in some embodiments. The response packets also can be stored in and retrieved from the memory using the memory unit, if desired. The response packets retrieved from the memory can be unpacked by the formatting software to yield data to be evaluated by the password recovery software running on the host computer system. Further details and advantages of the invention are provided in the following Detailed Description and the associated Figures.
BRIEF DESCRIPTION OF DRAWINGS
The present invention will be readily understood by the following detailed description in conjunction with the accompanying drawings, wherein like reference numerals designate like structural elements, and in which:
Figure 1 is a flow diagram according to one or more embodiments of the present invention.
Figure 2 is a schematic diagram illustrating a host computer system coupled to a hardware accelerator, according to one or more embodiments of the present invention.
Figure 3 is a schematic diagram illustrating a logic resource such as an FPGA, according to one or more embodiments of the present invention.
Figure 4 is a schematic and flow diagram illustrating data flow between two logic resources of a processing matrix according to one or more embodiments of the present invention.
Figure 5 is a state diagram showing request packet flow in a processing matrix according to one or more embodiments of the present invention. Figure 6 is a block diagram of atypical computer system or integrated circuit system suitable for implementing embodiments of the present invention, including a hardware accelerator that can be implemented and/or coupled to the computer system according to one or more embodiments of the present invention.
DETAILED DESCRIPTION
The following detailed description of the invention will refer to one or more embodiments of the invention, but is not limited to such embodiments. Rather, the detailed description is intended only to be illustrative. Those skilled in the art will readily appreciate that the detailed description given herein with respect to the Figures is provided for explanatory purposes as the invention extends beyond these limited embodiments.
Embodiments of the present invention relate to techniques, apparatus, methods, etc. that can be used in password recovery. A specific family of password recovery techniques may be termed "brute force" attacks wherein specialized and/or specially adapted software/equipment is used to try some or all possible passwords. The most effective such brute force attacks frequently rely on an understanding of human factors. For example, most people select passwords that are derived from words or names in their environment and which are therefore easier to remember (for example, names of relatives, pets, local or favorite places, etc.). This understanding of the human factors behind the selection of passwords allows the designers of the "brute force" attacks to focus the attacks on words derived from a "dictionary" which itself is based on and constructed from an understanding of the environment in which a password was selected.
Nonetheless, even intelligent brute force attacks may involve the testing of millions (or more) passwords. Understanding this, the designers of many earlier encryption systems have implemented computationally expensive processes to calculate the cipher key based on the password entered by the user. Interestingly, many of these computationally expensive processes share underlying similarities. For example, a number of common modern-day cipher key schemes apply many iterations of common mathematical hashing algorithms (for example, SFIA-I, MD-5, etc.) to the original password. Thousands or even tens of thousands of iterations are not uncommon. Given that each iteration may occupy a modern computer processor for perhaps 1 microsecond or more, a given processor may be able to test only a few dozen to a few thousand passwords per second.
Fortunately, the computations for many such algorithms can be recast in hardware implementations and/or blocks, and numerous such hardware blocks can be set to work in parallel. For many encryption systems, such parallel hardware implementations can perform most or all of the computation required to test each password in a brute force attack, greatly increasing the throughput of the system(s) performing the brute force attacks.
Embodiments of the present invention include systems, apparatus, methods, etc. used to implement custom hardware and control software which is optimized to perform parallel brute force attacks on data encryption schemes such as password recovery systems. A hardware accelerator according to the present invention can generally be characterized as possessing three functional levels and/or blocks: 1) a front-end interface designed to communicate with a computer (for example, a host computer on which password recovery or other encryption breaking software and intermediate software are executing), 2) a memory unit having a buffer and an associated controller, wherein the buffer stores both unprocessed data (for example, blocks of passwords or other encrypted data to be processed) and blocks of computational results to be sent to the host's software or elsewhere, and 3) a processing matrix of symmetric logic resources (for example, field programmable gate arrays, or "FPGAs") configurable to perform the specific computations required of encryption schemes being addressed.
Some embodiments of the present invention are designed to work in conjunction with existing applications, such as password recovery applications. Such password recovery applications can function as primary software in embodiments of the present invention and are already capable of generating lists of password candidates to be tested, to compute cipher keys based on each password candidate, and to test the validity of each cipher key. Earlier password recovery applications have been limited in their performance by the computational capability of the computer processors on which they were executed. In the present invention, the responsibility of calculating cipher keys is outsourced from the password recovery applications to an invoked intermediate software API (Application Programming Interface) to send passwords to one or more hardware accelerators according to embodiments of the present invention. Each hardware accelerator performs the computationally expensive cipher calculations and then returns its results to the intermediate software API, which in turn sends the results to the password recovery applications.
One embodiment of such a system is shown in Figure 1, where method 100 begins at 110 with data (for example, blocks) being generated for testing. In some embodiments, this block generation can be performed by software running on a host computer to create password candidates for testing. At 120 the data to be tested can be formatted for test processing. In the example involving password discovery, an intermediate software layer, such as the above- referenced invoked API, can format and package the password candidates for processing by one or more hardware accelerators. The blocks can then be processed at 130, for example by processing the password candidates to try and find a target password. Li some password encryption schemes, a processing matrix in the hardware accelerator can look for particular signatures in the matrix calculation results to validate the probability that a given password candidate is the target password. In other situations, such a processing matrix can return processing results to an external entity or module, such as the primary or intermediate software, for further validation of the calculations and/or determinations regarding the target password.
At 140 the results of processing done at 130 are received for further evaluation or the like, for example receipt by the intermediate software layer for unpacking of the processing results and forwarding the unpacked results to the primary software. Validation and/or verification can be performed at 150. In some embodiments of the present invention, the primary software can verify whether one or more password candidates are indeed the target password sought by the primary software. As will be appreciated by those skilled in the art, the primary software performs substantive generation and evaluation of password candidates in some embodiments. The intermediate software formats data exchanged between the primary software and the hardware accelerator, whether computational results or password candidates, and the hardware accelerator performs the computationally expensive processing of the candidate data. Other general schemes will be apparent to those skilled in the art.
One hardware accelerator system 200 capable of performing such methods is shown in Figure 2. In the exemplary system 200 of Figure 2, two input types are available - a USB input 202 and a Fire Wire input 204. Typically, at least one such input is coupled to a host computer 230 running primary software that utilizes the advantageous processing characteristics of the present invention. Phrases such as "coupled to" and "connected to" and the like are used herein to describe a connection between two devices, elements and/or components and are intended to mean coupled either directly together, or indirectly, for example via one or more intervening elements or via a wireless connection, where appropriate.
A bridge 206 connects these inputs 202, 204 to a gateway 208 and transfers data between a host computer interface and a storage interface. In some embodiments, bridge 206 can be an Oxford Semiconductor OXUF922 device, the host computer interface can be a 1394 interface 204 or a USB interface 202, and the storage interface can be an IDE BUS 207. Devices such as the Oxford Semiconductor are inexpensive, readily available, and are well optimized for moving data between the host computer interface and the storage interface. Thus, while use of a storage interface such as IDE BUS 207 may require additional bus interface logic in gateway 208, this additional complexity is more than offset by the cost, availability, and performance advantages afforded by the selection of an appropriate bridge 206.
Gateway 208 can be a device, a software module, a hardware module or combination of one or more of these, as will be appreciated by those skilled in the art. In embodiments of the present invention, gateway 208 can be a device such as an application specific integrated circuit (ASIC), microprocessor, master FPGA or the like, as will be appreciated by those skilled in the art.
A memory unit 210 is coupled to the gateway 208 and is used for storing (for example, in a DDR SDRAM memory) incoming data to be processed (for example, blocks of password candidates) and for storing computational results from the processing matrix 250. In the example of Figure 2, the bridge 206 and the gateway 208 are coupled to another memory unit 212 via a processor bus 209 (for example, an ARM bus or the like). Memory unit 212 can include flash memory containing code and/or FPGA configuration data, as well as other information needed for operation of the system 200. Logic for controlling and configuring the gateway 208 and configuration data in unit 212 can be housed in a module 214. Moreover, additional controls, features, etc. (for example, temperature sensing, fan control, etc.) can be provided at 216, as needed and/or desired.
Gateway 208 controls data flow into and out of processing matrix 250. In Figure 2, processing matrix 250 has a plurality of logic resources 255 (for example, programmable devices such as FPGAs) coupled to one another using a "nearest neighbor" configuration and/or protocol, which is explained in more detail below. Each matrix logic resource 255 is provided with one or more clock signals 262 and data/control signals 264. FPGA coupling and use of these signals are described in more detail below. In the embodiment of the computational resource array 250 of Figure 2, the northwestern-most device 255 is the device farthest upstream in the array. Thus request packets from the gateway 208 flow downstream to all other devices from this northwestern-most position and all response packets in this embodiment flow back to this northwestern-most position in the array 250.
Some embodiments of the present invention provide significant advantages by emulating block-oriented storage devices (for example, a hard disk) when communicating with a host computer. Such emulation radically simplifies a number of software development problems and greatly enhances portability of the processing system of the present invention across different host and operating system environments. Software on the host computer 230 can read from a well-known address (for example, sector 0 is an example of one such well-known address, though there are many alternative, addresses that can be used, as will be appreciated by those skilled in the art) to determine the current status and capabilities of the hardware accelerator 200. The hardware accelerator 200 generally disallows block write operations to the well- known address to prevent standard block-oriented drivers and utilities in the host computer's operating system (O/S) from attempting to format the contents of the perceived block-oriented storage device (that is, the hardware accelerator 200), thus dissuading standard drivers from attempting other input/output (I/O) operations to the hardware accelerator 200 that is emulating a block-oriented storage device. The format of reads from the well-known address is defined in more detail below.
Atomic units of work, referred to herein as "requests," can be formatted into "request packets" by intermediate software on the host computer 230 and then concatenated into arrays of request packets (which can be padded to multiples of 512 bytes in length, inasmuch as 512 bytes is a typical block size when transferring data to/from a block-oriented storage device). The padded arrays of request packets are then transmitted to the hardware accelerator 200 using a block write request appropriate for the interface bus through which the hardware accelerator is connected. (The necessary sector address for the block write request can be made known to host software through information returned in response to reading the well-known address.)
The hardware accelerator 200 buffers this block-oriented data transmission in on-board memory 210. The on-board memory 210 is conceptually organized in the system of Figure 2 as a FIFO. An on-board memory controller, which may be part of the gateway 208, extracts successive request packets from the on-board memory and re-transmits the request packets, typically one at a time, to the logic resources 255 of FPGA matrix 250, which generate computational results from the request packets and send these results to the host computer 230 (for example, to the intermediate software for formatting and/or other processing before substantive review/evaluation by the primary software). In this case, the logic resources format "responses" into "response packets" and transmit these response packets to the on-board memory controller which in turn stores the response packets in on-board memory 210. As with the memory dedicated to request packets, the memory dedicated to response packets is conceptually organized as a FIFO.
In the system of Figure 2, software on the host computer 230 performs block read requests to the hardware accelerator 200 at periodic intervals. (As with earlier block write requests, the necessary sector address for the block read request can be made known to host software through information returned in response to reading the well-known address.) The hardware accelerator 200 interprets these block read requests as requests to read from the response packet FIFO in memory buffer 210. When reading from the response packet FIFO, the memory controller concatenates response packets into arrays of response packets and then pad the end of the data transfer to a multiple of 512 bytes in length. Further, the memory controller ensures that only whole response packets are returned to the host computer. That is, a single response packet will not be split across two read requests from the host computer.
The hardware accelerator is designed to run across a number of different host computer and O/S environments. Normally, to make custom hardware such as the hardware accelerator compatible with diverse environments, earlier systems and the like would require the development of custom device drivers for each of the environments. The development of such device drivers is generally complex, time-consuming, and expensive. To eliminate this need, the present invention can use one or more standard block-oriented storage protocols (for example, hard disk protocols) to communicate with the host computer. Current O/S environments have built-in support for devices which support standard block-oriented storage protocols. This built-in support means that application level code on the host computer typically can communicate with a block-oriented storage device without needing custom drivers or other "kernel" level code. For example, in most current O/S environments, an application can query the identity of all attached block-oriented storage devices, "open" one of the devices, then perform arbitrary block read and write operations to that device.
In some embodiments of the present invention, the hardware accelerator is connected to the host computer via an IEEE- 1394 (that is, Fire Wire) or USB (Universal Serial Bus) interface. The hardware accelerator exposes itself to the host computer as a storage device. When connected via 1394, the hardware accelerator exposes itself as an SBP-2 (Serial Bus Protocol-2) device, which is the standard way block-oriented storage devices are exposed over 1394. When connected via USB, the hardware accelerator exposes itself as a device conforming to the USB Mass Storage Class Specification, which is the standard way block-oriented storage devices are exposed over USB.
Request and response packets can share a common, generalized header structure in some embodiments of the present invention. The contents of a given request/response packet payload may vary depending on the nature of the computation being performed by the hardware accelerator. Table 1 provides an exemplary packet structure (all multi-byte integer values such as packet length, signature word, etc. are stored in little-endian byte order, where the least significant byte of each multi-byte integer value is stored at the lowest offset within the packet):
Figure imgf000012_0001
Table 1
In the example of Table 1, the Packet Length field defines a total packet length of n bytes, where (in this embodiment) n is always an even value greater than or equal to 6. Placing the Packet Length field at the beginning of the packet simplifies hardware design, allowing hardware to detect/determine total packet length by inspecting only the packet's first 16-bit word. In this embodiment of the present invention, the Signature Word is a 32-bit project or task "identifier" value and is unique for all packets at any given point in time. Signature words provide an efficient mechanism for associating request and response packets. This feature of this embodiment allows request packets to be processed by an arbitrary logic resource and to be processed in non-deterministic order. Signature Word values can be assigned by software in the host computer when the host, software formats the request packets using any algorithm to assign and re-use Signature Word values so long as no two active (that is, outstanding) request packets sent to the same hardware accelerator have the same Signature Word value at the same time.
As an example, software on the host computer may determine that a maximum of M request packets can be outstanding at a time for a given hardware accelerator. Then, software may allocate an array S of M 32-bit storage elements. Software would initialize array S1 such that:
S [M] = M
where the index of the first element of array S is 0.
Software would then treat array S as a circular buffer, using any appropriate technique, a number of which are well known to those skilled in the art. As it becomes necessary to format a new request packet, the host software will read the value from the head of the circular buffer and use it as the unique Signature Word value for the request. When the host software finishes processing each response packet received from the hardware accelerator, the host software takes the Signature Word value from the response packet and stores it in the tail position of the circular buffer. The head and tail position pointers advance after each such access, as will be apparent to one skilled in the art. As it is likely that response packets will arrive in an order different from the order in which request packets were generated, the order of the values stored in array S (that is, the circular buffer) will tend to become randomized. However, the stored values' uniqueness remains guaranteed, despite any such randomization.
In addition to the array S, software on the host computer can allocate a second array R of M storage elements. Each element in this second array will provide storage for one request packet. Assuming that array S is initialized as shown above, then Signature Word values in array S can be used as indexes into the second array of structures R. As each Signature Word value is unique, the host software is guaranteed that the element thus selected in array R is not currently in use and may be used as storage for a newly formatted request packet.
When software on the host computer receives a response packet from the hardware accelerator, the Signature Word value in the response packet is used to associate the response packet with the element in array R which stores the original request packet. In this way, host software can efficiently associate requests and responses even though responses arrive in a non- deterministic order.
Tables 2 and 3 show examples of request and response packets that may appear in implementations of a hardware accelerator designed to do password attack computations:
Figure imgf000014_0001
Table 2 — Request Packet Format for Password Computation
Offse Width Definition t
0 - - 1 16 bits Packet Length n = 26
2 - 5 32 bits Signature Word
6 - - 25 20 bytes Cipher key calculated for password (example only)
Table 3 — Response Packet Format for Password Computation
In some embodiments of the present invention, performing a block read request to the well-known address on the hardware accelerator can return a status and capabilities structure as shown in Table 4:
Figure imgf000015_0001
Table 4 — Block read request status and capability structure
As above, all multi-byte integer values in Table 4, such as the Matrix Row Count, are stored in little-endian byte order. Fields like Structure Length and Structure Revision are included to allow host software to recognize and adjust for different revisions of the Sector 0 Format (or whatever well-known address is used). Signature String and Model String provide human-readable identifying information to the host software. Model Identifier provides machine readable model information to the host software. Hardware Serial Number identifies each hardware accelerator uniquely.
Firmware Stepping, Firmware Build Date, and Firmware Build Time allow host software to determine automatically the generation of firmware running in the hardware accelerator. Matrix Technology Code, Matrix Row Count, and Matrix Column Count allow host software to determine the FPGA technology and FPGA matrix dimensions. Buffer
Memory Size indicates the total amount of buffer memory installed in the hardware accelerator. Request FIFO Data Available Count indicates the maximum number of bytes that may be written to the Request Packet FIFO at the present time and Request FIFO Address indicates the sector address to be used when writing to the Request Packet FIFO. Response FIFO Data Available Count indicates the maximum number of bytes which may be read from the Response Packet FIFO at the present time and Response FIFO Address indicates the sector address to be used when reading from the Response Packet FIFO. Configuration Sector Address identifies the sector address of the Configuration Sector. The Configuration Sector is written by host software to set the current operating parameters of the hardware accelerator.
Bit-Stream Size indicates the maximum length of FPGA configuration bit stream which can be written by the host. Bit-Stream Sector Address identifies the sector address to be used when writing an FPGA configuration bit stream to the hardware accelerator. Upon power-on, SRAM-based FPGAs in the hardware accelerator are not configured. Before the hardware accelerator can process request packets, host software must write an appropriate FPGA configuration bit stream to the hardware accelerator. Each FPGA may be configured with the same or different configuration bit streams as necessary to implement the logic resources as required for a given hardware accelerator application. Configuration bit streams are developed using FPGA development tools appropriate for the FPGAs as used in the matrix of the hardware accelerator. In some embodiments of the present invention, the FPGAs in the hardware accelerator matrix are Xilinx XC3S1600E-FG320 components.
Host software can perform block reads and block writes of the Configuration Sector to configure matrix FPGAs in the hardware accelerator according to the format of Table 5:
Figure imgf000016_0001
Table 5 - Host software block read/write structure
The Control Word contains a number of bits which direct firmware in the hardware accelerator to perform FPGA configuration actions. For example, a Control Word may be configured as follows:
Figure imgf000017_0001
Using this embodiment, setting the START bit to "1" triggers the beginning of FPGA configuration for the FPGA identified by FPGA Row Address and FPGA Column Address. The START bit resets automatically to "0" thereafter. Setting DEVJEN to "1" turns on power to the indicated FPGA. DEV_EN should always be set to "1" either before or when attempted to configure the FPGA. Setting the CFG_RST bit to a "1" resets the hardware accelerator configuration logic and restores the FPGA Configuration Bit- Stream address pointer to the beginning of the FPGA Configuration Bit Stream Configuration Buffer. The CFG RST bit resets to "0" automatically. Setting the MTRX_RST bit to a "1" resets all logic in the FPGA matrix. This operation is global to all FPGAs in the matrix. MTRX_RST should be used, for example, at the end of a hardware acceleration job. The MTRX-RST bit resets to "0" automatically.
The Status Word contains a number of bits which indicate the status of the current FPGA configuration operation. For example, a Status Word may be configured as follows:
Figure imgf000017_0002
BUSY is read as "1" when the hardware accelerator is busy processing a configuration request. INIT and DONE indicate that the FPGA is driving its configuration INIT and DONE signals, respectively. DEV_EN is read as "1" when the FPGA is powered ON. The Status Word bits always reflect the configuration state of the FPGA identified by the row and column in FPGA Row Address and FPGA Column Address, respectively. FPGA Row Address and FPGA Column Address are written by the host to indicate the coordinates of an FPGA within the matrix to be configured.
FPGA Bit-Stream Length indicates the length of the configuration bit-stream that has been written from the host to the FPGA Configuration Bit-Stream Buffer. This indicates the number of FPGA configuration bits that should be copied from the FPGA Configuration Bit- Stream Buffer to the selected FPGA during configuration. The FPGA Configuration Bit-Stream Buffer is the memory that is written when host software performs block write operations to the FPGA Configuration Bit-Stream Sector address. Before writing a new bit stream, host software should always write a "1" to the CFG_RST in the Control Word.
Using embodiments of the present invention, jobs such as attacking passwords by brute force can be split among a traditional processor-based application, an intermediate software layer (the API), and a custom and/or customizable hardware-based accelerator. The hardware accelerator, while specialized in its ability to receive and process large quantities of passwords or other encrypted data, is nonetheless general and adaptable in its ability to be configured to work on a large number of different tasks (for example, in the case of attacking passwords, encryption algorithms). This flexibility is derived, in part, from the use of FPGAs and/or other programmable devices in one or more implementations of the hardware accelerator. "SRAM- based" FPGAs, which do not retain their configuration (that is, their programming) across power-down, reflect the practice of building such devices on an underlying matrix of static RAM based memory cells. This FPGA variety is usable in embodiments of the present invention.
Hardware accelerators according to the present invention can generally be thought of as possessing three major functional blocks: 1) a front-end interface designed to communicate with a host computer on which the primary software (for example, password recovery software) and intermediate software are executing, 2) a memory unit having a controller coupled to a buffer that stores candidate data to be processed and computational results to be sent to the host computer's software for evaluation and/or further processing, and 3) a processing matrix of symmetric logic resources (for example, an FPGA matrix) capable of being configured to perform the specific computations required of each encryption scheme.
The front-end interface according to the present invention allows a hardware accelerator to be coupled to the host computer via one or more interfaces that allow easy connection to a wide variety of host computers. For example, as noted above, Fire Wire and/or USB interfaces are commonly in use and can be used in connection with embodiments of the present invention. The memory unit (comprising, for example, a memory and its associated controller) is responsible for buffering blocks of passwords to be processed. The memory controller and memory are also responsible for buffering the computational results generated for each password so that those results can be transmitted back to the host computer.
The processing matrix of symmetric logic resources is built using SRAM-based FPGAs in some embodiments of the present invention. The choice of SRAM-based FPGAs accomplishes two objectives: 1) the logic resources can be reconfigured readily to perform different functions (for example, attacks on different encryption schemes), and 2) SRAM-based FPGAs tend to cost less per unit logic than other FPGA technologies, allowing more logic resources to be deployed at a given cost, and thus increasing the number of password attacks that can be performed in parallel at a given hardware cost.
In order to maintain high throughput, it may be necessary for the host computer to generate a substantial amount of candidate data (for example, tens or even hundreds of thousands of password candidates) at any given time. Using embodiments such as those discussed in detail above, each password candidate or other candidate data packet can be formatted into a "request packet" buffered in the memory unit of the hardware accelerator, while the computational results generated for each password candidate or other candidate data are formatted into a "response packet" that also are temporarily buffered in the memory unit prior to transmission to the host computer.
The configuration of a single logic resource 300, such as an FPGA, is shown in more detail in Figure 3. Device 300 could be any of the devices 255 of Figure 2, though one or more neighboring device interfaces might be inactive, depending on the position of device 300 in the processing matrix 250. Every logic resource 300 in the example of Figure 3 must have at least one clock signal, coming from a west neighbor, a north neighbor, or both. In Figure 3, two clock signals 262n and 262w are shown as inputs to device 300. A clock signal multiplexer 302 selects which signal to use. A clock multiplexer control signal can be provided by a detection coordination unit 304 or the like, as will be appreciated by those skilled in the art.
Each device 300 can have a west nearest neighbor interface 310, a north nearest neighbor interface 312, an east nearest neighbor interface 314 and a south nearest neighbor interface 316. A request packet available at the west interface 310 or the north interface 312 is available to be sent to a downstream multiplexer 320, which feeds incoming downstream request packets to a downstream FIFO buffer 322. From FIFO buffer 322, downstream request packets are sent to a request packet router 324. As discussed in more detail below, router 324 can either send a downstream request packet to the computational block(s) 350 of device 300 for processing in device 300 or make the request packet available to the east interface 314 and/or south interface 316 for possible processing further downstream (at a neighboring device).
Device 300 can contain one or more computational blocks 350, depending on the space and resources available on a given type of device 300 (for example, an FPGA)5 the complexity and/or other computational costs of processing to be performed on request packets, etc. In some embodiments, device 300 might contain multiple instantiations of such computational blocks 350 so that multiple request packets can be processed simultaneously in parallel on a single device 300. For purposes of this discussion, it is assumed that device 300 can have such multiple instantiations of a required computational block 350.
For upstream trafficking of response packets, the east interface 314 and south interface 316 can be coupled to an upstream multiplexer 330. Multiplexer 330 also receives completed computational results as response packets from the computational blocks 350 of device 300. Multiplexer 330 provides the response packets it receives to an upstream FIFO buffer 332 and thence to an upstream response packet router 334. Upstream response packet router 334 can send the response packets it receives to either the north interface 312 or the west interface 310 for further upstream migration toward the gateway. Detection coordinator 304 also can control other elements of device 300, such as the downstream multiplexer 320 and upstream response packet router 334.
Clock synchronization and control of logic resources such as FPGAs 255 of Figure 2 can be accomplished in a variety of ways, one of which is shown in Figure 4. An upstream FPGA 410 can provide a synchronous clock signal 420, downstream control signals 422 and data on a bi-directional signal line 424 (for example, carrying 16 bits) to a downstream FPGA 430. Similarly, downstream FPGA 430 can provide upstream control signals 432 and data on bidirectional signal line 424 to upstream FPGA 410. Downstream control/status can include: 0000 - Idle
0001 - Downstream transmit request 0010 - Downstream transmit wait 0100 - Downstream transmit ready 0101 - Downstream transmit ready end of packet (EOP)
1001 - Upstream receive acknowledgment 1010 - Upstream receive wait 1100 - Upstream receive ready 1111 - No connection
Similar values can be used for upstream control/status:
0000 - Idle
0001 - Downstream receive acknowledgment 0010 - Downstream receive wait
0100 - Downstream receive ready 1001 - Upstream transmit request
1010 - Upstream transmit wait
1100 - Upstream transmit ready
1101 - Upstream transmit ready EOP 1111 - No connection
In the configuration of Figure 4, the upstream FPGA 410 is always the arbiter, so that when both the upstream FPGA 410 and the downstream FPGA 430 request a transmit at the same time, the upstream FPGA 410 determines which command will take priority. The downstream FPGA 430 is responsible for propagating the synchronous clock signal to any FPG A(s) further downstream.
Devices such as FPGAs in the processing matrix can be controlled using any appropriate means, including appropriate state machines, as will be appreciated by those skilled in the art. One example of an upstream state machine 500 is shown in Figure 5. Starting with the IDLE state 502, an upstream device can request a transmit 504 to a downstream device, after which a transmit request is pending at state 506. From state 506, the upstream device can cancel the transmit at 508 by going back to IDLE 502 or can commit to the transmit at 510 by going to the transmit ready state 512 (which can include "transmit ready" and/or "transmit ready EOP" states, where the upstream device drives the data bus). At this point the upstream device can pause by going at 516 to a transmit wait state 518 (after which the upstream device returns at 520 to the transmit ready state 512) or can complete the transmission at 514, after which the upstream device returns to IDLE 502.
Where the upstream device is receiving response packets from a downstream device, the upstream device can sit in IDLE 502 until a receipt request is received. The upstream device can acknowledge the request at 522 and enter the receive acknowledged state 524. The device can hold this state at 526, cancel the reception at 528 by returning to IDLE 502, or move at 530 to a receive ready state 532 when the downstream device commits to sending the data to the upstream device. The device can wait by moving at 536 to a receive wait state 538, after which it returns at 540 to the receive ready state 532. Once receipt is completed, the device can move at 534 back to the IDLE state 502. In a system such as the one shown in Figure 5, control/status bits can change on the negative edge of a synchronous clock signal while data can be clocked on the positive edge of the synchronizing clock only when both upstream and downstream devices are signaling "ready."
Clock synchronization is a major problem in complex digital logic designs such as those found in embodiments of the present invention. To address this problem with earlier systems, a "nearest neighbor" scheme can be used in some embodiments of the present invention. In such a nearest neighbor scheme, each FPGA in the processing matrix only communicates with one or more of its nearest neighbors in the matrix. The terms North, South, East, and West are used herein to designate the 4 nearest neighbors to a given programmable device, using the cardinal points of the compass in their usual two dimensional sense. There is no communication along diagonals in the matrix, nor is there direct communication or electrical connectivity with any other programmable device farther than the nearest neighbor in each of the above four directions. In the embodiment of the present invention illustrated and explained in detail herein, each computational resource has a maximum of 4 nearest neighbors. However, as will be appreciated by those skilled in the art, many different nearest neighbor configurations can be implemented and used, depending on the type of computational resources employed in the sea of computational resources and the desired computational use(s) and/or purpose(s). For example, the 2-dimensional matrix shown in the Figures can be replaced by a 3-dimensional, multi-layer configuration, a 2-dimensional star array, etc. In each of these alternate embodiments, the nearest neighbor pairings will function analogously and thus provide the multiple pairings described in detail herein.
One "nearest neighbor" architecture that can be employed in embodiments of the present invention is shown in processing matrix 250 of Figure 2, where each "interior" device 255i is coupled to its 4 neighboring devices, each "edge" device 255e is coupled to 3 of its neighboring devices, and each "corner" devices 255c is coupled to 2 of its neighboring devices. This nearest neighbor architecture of Figure 2 facilitates the design of a symmetric array of FPGA-based logic resources with the following attributes, among others:
~ Nearest-neighbors can communicate bi-directionally at high-speed.
— Each matrix device (for example, FPGA-based logic resource) is clock synchronized to its nearest neighbor to the "North" or to the "West" in the matrix.
— Each matrix device (for example, FPGA-based logic resource) communicates with resources no farther than its nearest neighbors vertically (North and/or South) and/or horizontally (East and/or West).
~ Request packets flow from the gateway 208 and upper left (northwest-most) device 255 to the lower right (that is, in a generally southeast migration).
~ The matrix dimensions can scale more or less arbitrarily, allowing matrices of greater or fewer resources (through the number of resources and/or through the coupling scheme between resources) to be deployed as best fits the cost and performance requirements of the design.
While the nearest neighbor scheme shown herein illustrates connections between each FPGA in the processing matrix and all of its adjacent neighbors, it is not necessary that all connections be enabled, as will be appreciated by those skilled in the art.
An advantageous characteristic of the nearest neighbor architecture is the available bidirectional transfer protocol. This protocol can govern transfers between each pair of coupled adjacent neighbors in the matrix. Pairings are either vertical (that is, north-south) or horizontal (that is, east-west). In vertical pairings in the embodiment shown in Figure 2, the neighbor to the North is the master and in horizontal pairings the neighbor to the West is the Master. Likewise, the neighbor to the South or East is the Slave. In this discussion, the Master is also sometimes termed the "upstream" neighbor and transfers towards the master are termed
"upstream" transfers. Similarly, the Slave is sometimes termed the "downstream" neighbor and transfers towards the Slave are termed "downstream" transfers.
Each master is responsible for propagating/driving the synchronizing clock to the slave. The master also is responsible for determining the direction of each data transfer on the bi- directional interface. If the master and the slave make simultaneous requests to transfer data, the master arbitrates the conflicting requests and determines the prevailing transfer direction.
As noted above, when a logic resource 255 in the matrix 250 receives a request packet, the device 255 either processes that packet internally or passes it to a downstream neighbor. Several general definitions and rules can be implemented regarding the downstream flow of request packets (other such definitions and rules will be apparent to those skilled in the art):
1. Each FPGA has one or more computational blocks capable of processing request packets (for example, each programmable device 255 can be programmed to implement 1, 2, 3, 8, 12 or any other number of computational blocks within the programmable device, as will be appreciated by those skilled in the art).
2. Each computational block within an FPGA is always in one of two states: 1) idle — not currently processing a request packet, or 2) busy — actively processing a request packet (also referred to herein as "consuming" a request packet, which generates a response packet containing a computational result).
3. Each FPGA has an input FIFO that can buffer one or more request packets (it is advantageous in most embodiments to have the FIFO large enough to make sure that the computational blocks are idle for as short a time as possible — that is, it generally is good for there to be one or more request packets waiting at all times in each device of the processing matrix).
4. If a processing matrix device has an idle computational block, it prefers to consume a request packet rather than passing it to a downstream neighbor.
5. If all computational blocks within an FPGA are busy, the FPGA will offer the request packet to one or more of its downstream neighbors (that is, the neighbor to the South or the neighbor to the East in Figure 2).
6. If an FPGA has room in its input FIFO, it will agree to accept a request packet from an upstream neighbor.
Using definitions and rules like those enumerated above, it will be apparent to one skilled in the art that the flow of request packets downstream is selective and not deterministic. Two examples illustrate this characteristic: 1) a given upstream neighbor may offer a request packet to more than one downstream neighbor, and it cannot be known in advance which downstream neighbor will accept the packet, and 2) a given upstream neighbor may offer a request packet to one or more downstream neighbors, but then become capable of consuming the request packet internally before beginning the transmission of the request packet to a downstream neighbor.
To accommodate the non-deterministic flow of request packets throughout the processing matrix or any other computational resource array, some embodiments of the present invention use a "three-phase" nearest-neighbor protocol (which can be considered in light of the state machine 500 of Figure 5 in some embodiments of the present invention). In the first phase, an upstream neighbor "offers" a request packet to one or more downstream neighbors. In phase two, the upstream neighbor either commits to the transfer or cancels the transfer. The upstream neighbor can only commit to the transfer if its downstream neighbor is currently indicating that it can accept the transfer. A downstream neighbor signals that it is able to accept a transfer by entering the "request acknowledge" state. Once having entered the "request acknowledge" state, a downstream neighbor cannot leave this state unless and until the upstream neighbor commits to the transfer or cancels the transfer request. The upstream neighbor may cancel a transfer request whether or not the downstream neighbor has entered the request acknowledge state. In phase three, the upstream neighbor begins and ultimately completes the transfer of a request packet to a downstream neighbor.
The flow of response packets from downstream neighbors towards their upstream neighbors can be symmetric to that described for the flow of request packets. In the upstream direction, the downstream (or slave) device is responsible for offering a response packet and then committing to the transfer. The upstream (or master) device is responsible for accepting response packets.
A particularly advantageous characteristic of this architecture is the ability of a processing matrix device to offer a packet for transfer without specifically committing to the transfer of that packet. This capability allows each device in the processing matrix: 1) to offer packets to more than one nearest neighbor without knowing in advance which neighbor will ultimately accept the packet, and 2) to offer packets to neighbors while still retaining the option to process a packet internally. One skilled in the art will appreciate that the flexibility afforded by this three-phase protocol permits nearly optimal utilization of logic and communication resources within the matrix.
Each device/FPGA then communicates "upstream" with the device/FPGA from which it receives its synchronizing clock using the bi-directional data interface discussed above. This data interface operates synchronously to the clock. Request packets are passed from the "upstream" neighbor to the "downstream" neighbor, and response packets are passed in the reverse direction. In this manner, the problems of clock synchronization across the hardware accelerator are greatly mitigated. In this scheme, it is necessary only for "nearest neighbors" (that is, upstream/downstream computational resource pairings) to be synchronized with each other.
As noted above, appropriate request packets are fed into the processing matrix by the memory controller. If logic resources in a given device/FPGA are available to process the request packet immediately, the request packet is said to be "consumed" by the given device/FPGA (that is, the atomic unit of work is processed to generate a computational result). If no logic resources are presently available to process the request packet, then the device/FPGA will attempt to pass the request packet to one of its downstream neighbors (to the "East" or to the "South" in Figure 2). This process continues until all logic resources are busy and a given request packet can be passed no further downstream (East or South). As logic resources complete the processing associated with each candidate data block (for example, a password candidate), those logic resources once again become available to process new requests.
The combination of nearest-neighbor architecture and signature words allows request packets to flow fluidly into the matrix and for responses to flow fluidly out of the matrix. In this manner, high logic resource utilization, approaching close to 100%, can be achieved in a highly scalable manner. It will be noted by one skilled in the art that the dimensions of the matrix in the present invention are arbitrary. The size of any desired sea of computational resources and array configuration can be scaled up or down as cost and other constraints permit, resulting in a nearly linear increase or decrease in parallel processing performance.
Figure 6 illustrates a typical computer system that can be used as a host computer and/or other component in a system in accordance with one or more embodiments of the present invention. For example, the computer system 600 of Figure 6 can execute primary and/or intermediate software, as discuss in connection with embodiments of the present invention above. The computer system 600 includes any number of processors 602 (also referred to as central processing units, or CPUs) that are coupled to storage devices including primary storage 606 (typically a random access memory, or RAM), primary storage 604 (typically a read only memory, or ROM). As is well known in the art, primary storage 604 acts to transfer data and instructions uni-directionally to the CPU and primary storage 606 is used typically to transfer data and instructions in a bi-directional manner. Both of these primary storage devices may include any suitable of the computer-readable media described above. A mass storage device 608 also is coupled bi-directionally to CPU 602 and provides additional data storage capacity ' and may include any of the computer-readable media described above. The mass storage device 608 may be used to store programs, data and the like and is typically a secondary storage medium such as a hard disk that is slower than primary storage. It will be appreciated that the information retained within the mass storage device 608, may, in appropriate cases, be incorporated in standard fashion as part of primary storage 606 as virtual memory. A specific mass storage device such as a CD-ROM 614 may also pass data uni-directionally to the CPU.
CPU 602 also is coupled to an interface 610 that includes one or more input/output devices such as such as video monitors, track balls, mice, keyboards, microphones, touch- sensitive displays, transducer card readers, magnetic or paper tape readers, tablets, styluses, voice or handwriting recognizers, or other well-known input devices such as, of course, other computers. Moreover, CPU 602 optionally may be coupled to a computer or telecommunications network using a network connection as shown generally at 612. With such a network connection, it is contemplated that the CPU might receive information from the network, or might output information to the network in the course of performing described method steps. Finally, CPU 602, when it is part of a host computer or the like, optionally may be coupled to a hardware accelerator 200 or other embodiment of the present invention that is used to assist with computationally expensive processing and/or other tasks. Apparatus 200 can be the specific embodiment of Figure 2 or a related embodiment of the present invention. The above-described devices and materials will be familiar to those of skill in the computer hardware and software arts. The hardware elements described above may define multiple software modules for performing the operations of this invention. For example, instructions for running a data encryption cracking program, password breaking program, etc. may be stored on mass storage device 608 or 614 and executed on CPU 602 in conjunction with primary memory 606.
The many features and advantages of the present invention are apparent from the written description, and thus, the appended claims are intended to cover all such features and advantages of the invention. Further, since numerous modifications and changes will readily occur to those skilled in the art, the present invention is not limited to the exact construction and operation as illustrated and described. Therefore, the described embodiments should be taken as illustrative and not restrictive, and' the invention should not be limited to the details given herein but should be defined by the following claims and their full scope of equivalents, whether foreseeable or unforeseeable now or in the future.

Claims

CLAIMSWhat is claimed is:
1. A method for recovering passwords, the method comprising:
generating a set of password candidates using a software program;
providing a subset of the password candidates to a processing matrix comprising a plurality of logic resources;
processing the subset of password candidates in the processing matrix to generate computational results; and
providing the computational results to the software program for evaluation.
2. The method of Claim 1 further comprising formatting the subset of password candidates prior to providing the subset of password candidates to the processing matrix.
3. The method of Claim 2 wherein generating the set of password candidates and evaluation of the computational results are performed by a primary software program; and
further wherein formatting the password candidates is performed by an intermediate software program.
4. The method of Claim 1 wherein the logic resources comprise a plurality of FPGAs.
5. The method of Claim 4 wherein the plurality of FPGAs are coupled to one another using a nearest neighbor protocol.
6. The method of Claim 4 wherein each FPGA comprises a plurality of computational blocks; and
further wherein each computational block is configured to process a single password candidate at a time and generate computational results for that single password candidate.
7. The method of Claim 1 wherein the password candidates are stored in a memory unit prior to being provided to the processing matrix; and
further wherein the computational results are story in the memory unit prior to being provided to the software program for evaluation.
8. The method of Claim 1 wherein the computational results generated by the processing matrix are packed in response packets; and
further wherein the computational results are unpacked by an intermediate software program prior to the computational results being provided for evaluation.
9. The method of Claim 1 wherein the computational results are possible cipher keys.
10. A password recovery system comprising:
a host computer system executing software configured to:
generate password candidates; and
format the password candidates for processing; and
a hardware accelerator coupled to the host computer system, wherein the hardware accelerator comprises a processing matrix comprising logic resources configured to process a plurality password candidates simultaneously to generate a plurality of computational results.
11. The password recovery system of Claim 10 wherein the hardware accelerator further comprises a memory unit comprising:
a memory; and
a controller configured to control storage of:
the password candidates provided by the host computer system software prior to processing by the processing matrix; and the computational results provided by the processing matrix after processing prior to retrieval by the host computer system software;
further wherein the processing matrix is configured to:
obtain password candidates from the memory unit; and
return the computational results to the memory unit.
12. The password recovery system of Claim 10 wherein the processing matrix comprises a plurality of FPGAs.
13. The password recovery system of Claim 12 further wherein the processing matrix uses a nearest neighbor protocol.
14. The password recovery system of Claim 1 1 wherein the memory unit controller provides each password candidates to the processing matrix as a request packet; and
further wherein the processing matrix provides the computational results corresponding to each password candidate to the memory unit as a response packet.
15. The password recovery system of Claim 14 wherein the processing matrix comprises a plurality of FPGAs, wherein each FPGA comprises a plurality of computational blocks, and further wherein each computational block consumes a request packet to generate a response packet.
16. A password recovery system comprising:
a host computer system executing:
password recovery software for generating a plurality of password candidates; and
formatting software for generating a plurality of request packets, wherein each request packet comprises a single password candidate; and
a hardware accelerator coupled to the host computer system, wherein the hardware accelerator comprises: a processing matrix comprising a plurality of FPGAs, wherein each FPGA comprises a plurality of computational blocks, further wherein each computational block is configured to:
consume a single request packet; and
generate a response packet comprising computational results corresponding to the single password candidate contained in the consumed request packet;
a memory; and
a memory controller coupled to the memory and to the processing matrix, wherein the memory controller is configured to control transfer of data between the formatting software, the memory and the processing matrix and wherein the memory controller is configured to control memory storage and retrieval of:
request packets from the formatting software; and
response packets from the processing matrix;
wherein the formatting software unpacks the computational results from each response packet; and
further wherein the password recovery software evaluates the computational results.
17. The password recovery system of Claim 16 wherein the FPGAs of the processing matrix are configured to use a nearest neighbor protocol.
18. The password recovery system of Claim 16 wherein the hardware accelerator exposes itself to the host computer as a hard disk storage interface.
PCT/US2007/011809 2006-08-28 2007-05-17 Method and system for password recovery using a hardware accelerator WO2008027091A1 (en)

Applications Claiming Priority (8)

Application Number Priority Date Filing Date Title
US11/511,190 2006-08-28
US11/510,922 US20080052525A1 (en) 2006-08-28 2006-08-28 Password recovery
US11/511,190 US20080052429A1 (en) 2006-08-28 2006-08-28 Off-board computational resources
US11/510,950 2006-08-28
US11/510,894 2006-08-28
US11/510,894 US20080052490A1 (en) 2006-08-28 2006-08-28 Computational resource array
US11/510,950 US20080126472A1 (en) 2006-08-28 2006-08-28 Computer communication
US11/510,922 2006-08-28

Publications (2)

Publication Number Publication Date
WO2008027091A1 true WO2008027091A1 (en) 2008-03-06
WO2008027091B1 WO2008027091B1 (en) 2008-05-08

Family

ID=38626612

Family Applications (4)

Application Number Title Priority Date Filing Date
PCT/US2007/011809 WO2008027091A1 (en) 2006-08-28 2007-05-17 Method and system for password recovery using a hardware accelerator
PCT/US2007/012257 WO2008027092A1 (en) 2006-08-28 2007-05-23 Computer communication
PCT/US2007/015869 WO2008027114A2 (en) 2006-08-28 2007-07-12 Computational resource array
PCT/US2007/015870 WO2008027115A2 (en) 2006-08-28 2007-07-12 Off-board computational resources

Family Applications After (3)

Application Number Title Priority Date Filing Date
PCT/US2007/012257 WO2008027092A1 (en) 2006-08-28 2007-05-23 Computer communication
PCT/US2007/015869 WO2008027114A2 (en) 2006-08-28 2007-07-12 Computational resource array
PCT/US2007/015870 WO2008027115A2 (en) 2006-08-28 2007-07-12 Off-board computational resources

Country Status (1)

Country Link
WO (4) WO2008027091A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105799620A (en) * 2014-12-29 2016-07-27 上海通用汽车有限公司 Security code calculation of a vehicle electronic control module
CN108616535A (en) * 2018-04-28 2018-10-02 济南浪潮高新科技投资发展有限公司 One kind exchanging acceleration system and method based on FPGA multi-protocols secure authenticated networks
WO2018201249A1 (en) 2017-05-03 2018-11-08 Eidetic Communications Inc. Apparatus and method for controlling data acceleration

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE3812823A1 (en) * 1988-04-16 1989-11-02 Asea Brown Boveri Network of connected microcomputers
US5577262A (en) * 1990-05-22 1996-11-19 International Business Machines Corporation Parallel array processor interconnections
JPH06500655A (en) * 1990-10-03 1994-01-20 スィンキング マシンズ コーポレーション parallel computer system
JP3136088B2 (en) * 1996-02-22 2001-02-19 シャープ株式会社 Data processing device and data processing method
US6085316A (en) * 1998-07-28 2000-07-04 Sun Microsystems, Inc. Layered counterflow pipeline processor with anticipatory control
GB2348974B (en) * 1999-04-09 2004-05-12 Pixelfusion Ltd Parallel data processing systems
US20060041932A1 (en) * 2004-08-23 2006-02-23 International Business Machines Corporation Systems and methods for recovering passwords and password-protected data

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
ACCESS DATA CORP: "Password Recovery with PRTK (TM)/DNA(R)", INET, March 2006 (2006-03-01), XP002464814, Retrieved from the Internet <URL:http://www.accessdata.com/media/en_US/print/papers/wp.PRTK-DNA_Password_Recovery.en_us.pdf> [retrieved on 20080116] *
BERGHEL H, UECKER J: "WiFi attack vectors", COMMUNICATIONS OF THE ACM, vol. 48, no. 8, August 2005 (2005-08-01), pages 21-28, XP002464815 *
GOKHALE M, GRAHAM, P S: "Reconfigurable Computing", 2005, SPRINGER, THE NETHERLANDS, ISBN: 0-387-26105-2, XP002464817 *
HULTON, D: "Cracking WiFi ... Faster!", RECON 2006, 16 June 2006 (2006-06-16), Montreal, Canada, XP002464816, Retrieved from the Internet <URL:http://openciphers.sourceforge.net/slides/recon-2006.pdf> [retrieved on 20080116] *
SANDEEP KUMAR, CHRISTOF PAAR, JAN PELZL, GERD PFEIFFER, ANDY RUPP, AND MANFRED SCHIMMLER: "How to Break DES for EUR 8,980", SHARCS (SPECIAL-PURPOSE HARDWARE FOR ATTACKING CRYPTOGRAPHIC SYSTEMS)WORKSHOP, April 2006 (2006-04-01), Köln, Deutschland, XP002464873, Retrieved from the Internet <URL:http://www.hyperelliptic.org/tanja/SHARCS/talks06/copa_sharcs.pdf> [retrieved on 20080117] *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105799620A (en) * 2014-12-29 2016-07-27 上海通用汽车有限公司 Security code calculation of a vehicle electronic control module
CN105799620B (en) * 2014-12-29 2019-01-22 上海通用汽车有限公司 The security code of vehicle electric control module calculates
WO2018201249A1 (en) 2017-05-03 2018-11-08 Eidetic Communications Inc. Apparatus and method for controlling data acceleration
CN110770710A (en) * 2017-05-03 2020-02-07 艾德蒂克通信公司 Apparatus and method for controlling data acceleration
CN110770710B (en) * 2017-05-03 2023-09-05 艾德蒂克通信公司 Apparatus and method for controlling acceleration of data
CN108616535A (en) * 2018-04-28 2018-10-02 济南浪潮高新科技投资发展有限公司 One kind exchanging acceleration system and method based on FPGA multi-protocols secure authenticated networks
CN108616535B (en) * 2018-04-28 2021-02-09 浪潮集团有限公司 FPGA-based multi-protocol security authentication network exchange acceleration system and method

Also Published As

Publication number Publication date
WO2008027115A3 (en) 2008-04-17
WO2008027091B1 (en) 2008-05-08
WO2008027092A1 (en) 2008-03-06
WO2008027114A3 (en) 2008-04-24
WO2008027114A2 (en) 2008-03-06
WO2008027115A2 (en) 2008-03-06

Similar Documents

Publication Publication Date Title
US20080052525A1 (en) Password recovery
US8745724B2 (en) Methods of on-chip memory partitioning and secure access violation checking in a system-on-chip
CN101221543B (en) Method for executing DMA block motion, DMA device and data processing system
KR101647907B1 (en) Memory having internal processors and data communication methods in memory
KR101821845B1 (en) Controller and method for performing background operations
EP2803012B1 (en) Using storage controller bus interfaces to secure data transfer between storage devices and hosts
US8069353B2 (en) Low-latency data decryption interface
US7694035B2 (en) DMA shared byte counters in a parallel computer
JP5583849B2 (en) Out-of-band access to storage via port-sharing hardware
US20090144564A1 (en) Data encryption interface for reducing encrypt latency impact on standard traffic
TW201030551A (en) Security methodology to prevent user from compromising throughput in a highly threaded network on a chip processor
CN107209826A (en) Certified control storehouse
KR101056153B1 (en) Method and apparatus for conditional broadcast of barrier operations
JP6231704B2 (en) Command trapping in input / output virtualization (IOV) host controller (HC) (IOV-HC) of flash memory based storage devices
US20080052429A1 (en) Off-board computational resources
US20080126472A1 (en) Computer communication
WO2008027091A1 (en) Method and system for password recovery using a hardware accelerator
US20080052490A1 (en) Computational resource array
US20060184708A1 (en) Host controller device and method
CN109891425A (en) Sequence verification
CN1318944C (en) Method and apparatus trusted keyboard scanning
US10185684B2 (en) System interconnect and operating method of system interconnect
US6678749B2 (en) System and method for efficiently performing data transfer operations
JP3387538B2 (en) Data transfer device, processor element and data transfer method
EP4276662A1 (en) System and method for transmitting data between a plurality of modules

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07835765

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

NENP Non-entry into the national phase

Ref country code: RU

122 Ep: pct application non-entry in european phase

Ref document number: 07835765

Country of ref document: EP

Kind code of ref document: A1