230 likes | 411 Views
Encryption / Decryption on FPGA Project Characterization. Written by: Daniel Farcovich ID. 303710388 Saar Vigodskey ID. 039608153 Advisor: Mony Orbach. Summer Semester 2011 (August – October). Project Goal.
E N D
Encryption / Decryption on FPGA Project Characterization Written by: Daniel Farcovich ID. 303710388 Saar Vigodskey ID. 039608153 Advisor: MonyOrbach Summer Semester 2011 (August – October)
Project Goal • Creation of data cryptography system using hardware components of type FPGA DE2-110, designated to external memory devices such as Disk-On-Key • The system will encrypt the data efficiently according to the state of art encryption algorithms, which are being used by the private sector. • The encryption will be symmetric or asymmetric and made by keys.
Possible Implementations Two main types of encryption/decryption algorithms Asymmetric – two keys are involved. “Public Key” for encryption, and “Private Key” for decryption. Symmetric – only one key is used for both encryption and decryption.
Asymmetric Encryption • A common and widespread algorithm for aymmetric encryption is RSA. It is used for e-commerce, VPN connections, and more. • The cipher strength is very high since the encryption and decryption keys are different. Therefore, exposure of the encryption key (“Public”), will not cause the revelation of the data, when the decryption key (“Private”) is safely stored. • High resource and computability demands prevent this method from being effective for the encryption of large data blocks.
Symmetric Encryption • Two main groups of symmetric encryption: • Stream cipher – encrypting bit after bit, using dynamic key transformation, usually by a mathematic operation on the data stream and a pseudo-random stream created by the key. • Examples of stream ciphers: LFSR (Linear Feedback Shift Register), RC4 (Rivest Cipher 4). • Regarding their high speed, stream ciphers are common in continuous datatransmission methods. Due to attack sensitivity, they are less safe than block cipher.
Symmetric Encryption • Block cipher – encryption of large data blocks using constant key transformation. Used for encrypting large amounts of data, where speed is less considered.Therefore, for the definition of the project we will choose this type of algorithm. • Today the standard block cipher algorithm, which has been chosen by the U.S government and is used by the private sector is AES.
AES • Advanced Encryption Standard, also known as “Rijndael”, is a block cipher, which has been adopted at November 2001 by NIST (National Institute of Standard and Technology), as standard FIPS PUB 197, after a five year process. • The algorithm was developed by two Belgian cryptography experts Joan Daemen and Vincent Rijmen.The cipher is iterative , quick and comfortable to implement both by software and hardware, and it hasn’t high memory requirements. The block size is determined to 128 bit, and 3 key lengths: 128, 192, 256 bits.
Algorithm Description • Most of the AES calculations are made through number of rounds (maximum 14, and according to the key length). Each round consists 4 steps, state transformation. The state describes the current data block as a 2D, 4X4 array of bytes. In each round a “Round Key” is created by the key-expansion process. • AES encryption includes 4 steps: • SubBytes • ShiftRows • MixColumns • AddRoundKey
Algorithm Steps • SubBytes • Non linear interchange process of the state bytes, made separately on each byte, using the Static switch table (S-box). • The decryption process uses the inverse table.
Algorithm Steps • ShiftRows • Cyclic Shift process in which the rows of the state are shifted by different offsets, according to some constant values. • Row 0 stays as it was, row 1 is shifted once, row 2 is shifted twice, row 3 is shifted 3 times.
Algorithm Steps • MixColumns • Linear transformation process, where each state column is treated as a polynomial. All four columns are multiplied by a constant polynomial and modulo other constant polinomial.
Algorithm Steps • AddRoundKey • RoundKey which is created by Key Expansion Process and fits the dimensions of the state, XOR-ed with all the state bits.
Result • After a few rounds, according to the key size, an encrypted block is generated. • The decryption process is pretty much the same, and the operations are inverse. • Example: • For the following Input data and cipher key The encryption process will look like this:
xNR • Cipher • data AddRoundKey SubBytes ShiftRows MixColumns AddRoundKey • encrypted • data SubBytes ShiftRows AddRoundKey Key Expansion • key Inv ShiftRows Inv SubBytes AddRoundKey • data • encrypted • data AddRoundKey Inv ShiftRows Inv SubBytes AddRoundKey Inv MixColumns • Inverse Cipher • xNR
Testing Environment PC DE2 AES Out Memory In Memory UART
Testing and verification start Vhdl editor synthesis program no modelsim simulation Post synthesis simulation Testing using Signaltapand memory sampling ok ok ok yes yes yes no no end • The verification process is done to both encryption and decryption blocks. • The verification is done using Example Vectors taken from the AES standard. • The final test is to encrypt data using the encryption block and to decrypt the output using the decryption block and compare the result with the original data.