Encryption / Decription on FPGA Using AES (Advances Encryption
advertisement
Encryption Development System Project Part A Characterization Written by: Yaakov Levenzon Ido Kahan Advisor: Mony Orbach Spring Semester 2012 The Problem We carry sensitive information with us, to practically everywhere… Where is it?! Our Solution • The cyclone II FPGA is fast and quite strong, thus making the Encryption/Decryption process fast, and usable for different needs . • Easy to use: the entire process is invisible for the customer, which makes it easy and intuitive to use , just as using a regular disk-on-key (without the difficulty of technical details and the lack of skill). • The level of encryption is strong and changeable. The method of block cipher AES (Advanced Encryption Standard) is, De Facto, used by the U.S Government and the private sector. Project Goals Primary Goal: • Creating a complete system which encrypts and deciphers files and transfers them to a disk-on-key, by Implementing a symmetric block cipher/decipher module on DE2 Board. Didactic Goals: • Understanding and developing ways of communication between the PC and the DE2 board and its internal memory. • Understanding and implementing the Nios ІІ embedded processor, and transfer data by utilizing the Avalon bus. The DE2 Board Working Environment • Design, synthesis and P&R – Quartus • Simulation – Modelsim • Debugging – Modelsim • Debugging on the chip – SignalTap Architecture Host DMA Nios II AES AES AVALON P C USB USB PHY & MAC USB CTRL Unencrypted Memory Encrypted Memory FPGA DE2 USB CTRL USB PHY & MAC Disc on key Block Diagram - Writing Sending words FPGA Cable USB PC PC Nios Nios Words by USB protocol FPGA Memory AES Block Encrypting words Words on AVALON bus Nios Encrypted words FPGA Memory Nios Unencrypted words Block Diagram - Reading Sending request FPGA Cable USB PC PC Nios Request by USB protocol Nios Nios Nios Unencrypted words Reading encrypted words Cable USB FPGA Memory AES Block Decrypting Request on AVALON bus FPGA Memory Nios Words by USB protocol PC Nios II Nios II/s Core – the best of two worlds • Can access up to 2 GB of external address space • Has instruction cache but no data cache • Has Brunch Prediction • Five stage pipeline USB host and device CTRL Avalon Bus Several signals: Clk Read Write Data : 1-32 We will use: 32 (g) Address: 1-32 We will use: 14 (g) Planning ahead… • The first part is only a preparation for the AES system • Generic design • Improving the current system (Example: unused address lines) • Using (or creating?) a small File System for writing and reading files from external memories, for example: Flash memory (disk-on-key), SD-card etc. • Final product: a complete system which can solve the problem • Opening (and selling…) a start up! Project Timetable task name duration Reading materials Reading materials Reading materials Characterization 1 weeks 1 weeks 1 weeks 1 weeks VHDL code writing: Data untill Avalon Others Components Top level 6 weeks 2 weeks 2 weeks 2 weeks 1 weeks Mid presentation Verification and Debugging Final report Final presentation 3 weeks 7 weeks 1 weeks 26/3 2/4 9/4 16/4 23/4 30/4 7/5 14/5 21/5 28/5 4/6 11/6 18/6 25/6 30/7 6/8 13/8 20/8 E X A M Enigma: Encryption & Decryption System Project Part B Characterization Written by: Yaakov Levenzon Ido Kahan Advisor: Mony Orbach Winter Semester 2013 The Problem We carry sensitive information with us, to practically everywhere… Where is it?! What has we done so far? FPGA Encryption/Decryption Verification System Top Level: FSM Fifo_in controller Encrypt_sys Nios Fifo_out Problems with previous encryptions systems • AES - Same bank of Keys every time • AES – Use of limited FPGA resources • Repeated patterns makes it easy to decipher Our Solution • The original Enigma machine: In our systems: • More characters • More combinations • Start position to the ASCII table. • Every day -> different key. Project Goals Primary Goal: • Creating a complete system which encrypts and deciphers files by using the method of the famous “Enigma” machine, while following the instructions of our part A system. Didactic Goals: • Dealing with a design and implementation of a complete encryption/decryption system, thus strengthening our VHDL skills. • Implementing the Enigma system into our architecture (while using its generic ability to modify it for working with streams of data). Our System’s Data Sheet • Maximum possible Encryption/Decryption memory size: 221696 bits (46% of DE2 board) (Recommended size – for 85% capacity: 149120 bits) • Maximum possible Encryption/Decryption number of LE: 32645 • Key Size: 128 bits (Generic Design) • Data width: 128 bits (Generic Design) • System speed: 1 MBPS (dictated by the DLP module) • DLP FIFO size: 1024 bits • DLP FIFO Speed: 384 byte Transmit buffer / 128 byte receive buffer Working Environment • Design, synthesis and P&R – Quartus • Simulation – Modelsim • Debugging – Modelsim • Debugging on the chip – SignalTap Architecture – High Level Host controller USB P C Nios II AVALON DLP In_Data FIFO 8->128 ENIGMA Encryption/ System Decryption FPGA DE2 Out_Data FIFO 128->8 The Algorithm – step 1 First rotor 0x02, 0x02 PC 0x01 0x02 0x03 0x04 0xA2 0x4B 0x67 0x89 0x4B, 0xA2 1 0xFF 0xAC ASCII table First key Encryption Data Flow – step 2 First rotor 0x02, 0x02 PC 0x01 0x02 0x03 0x04 0xA2 0x4B 0x67 0x89 Second rotor Ox4B, OxA2 0x01 0x02 0x03 0x04 0x14 0x98 0x76 0x94 1 0x01 0x02 0x03 0x04 0x23 0x55 0x09 0x11 1/2 0xFF 0xAC 0xFF ASCII table ASCII table Key A Third rotor 0xE1 Key B Encrypted data PC 1/3 0xFF 0x2B ASCII table Key C Keys – step 3 256*3=768 31 0x28 0xA2 0x43 0x54 0x23 0x68........0x85 0x43 0x12 0x04 0x78 0x38 0x74........0x13 0xF2 0x55 0xD5 0xA8 0x1A 0x3C........0xEC 0x98 0x17 0x89 0xD2 0x3B 0x23........0x9F PC RAM • Every rotor receives different key • The keys will be changed every day • The keys file will be saved in a safe file First rotor Second rotor Third rotor The First Position – step 4 • Another level of security • Every rotor have a different first-position • The first-positions will be changed every day a rotor 0x01 0x02 0x03 0x04 a rotor Promote 2 steps 0xFE 0xFF 0x01 0x02 0xFF 0xFD ASCII table ASCII table First Positions For The Rotors – step 5 3 31 5 46 54 76 8 89 23 55 34 12 83 23 PC RAM • Another level of security • Every rotor have a different first-position • The first-positions will be changed every day • Two separated files: keys and positions First rotor Second rotor Third rotor Decryption Algorithm • The encryption-system is symmetrical as the Enigma machine. • Should use the same keys, same positions for the keys and the same rotor-positions. First rotor 0x01 0x02 0x03 0x04 0xA2 0x4B 0x67 0x89 0xFF 0xAC ASCII table First key Decryption Algorithm First rotor 0x4B, 0xA2 PC Encrypted data 0xA2 0x4B 0x67 0x89 0x01 0x02 0x03 0x04 0x02, 0x02 1 0xAC First key 0xFF ASCII table Decryption Data Flow Third rotor PC Encrypted data 0x23 0x55 0x09 0x11 Second rotor 0x14 0x01 0x98 0x02 0x76 0x03 0x94 0x04 0x01 0x02 0x03 0x04 Key C 0xFF ASCII table Ox4B, OxA2 0xA2 0x4B 0x67 0x89 0x01 0x02 0x03 0x04 0xE1 0xFF 0xAC Key B Key A ASCII table 0x02, 0x02 PC 1 1/2 1/3 0x2B First rotor 0xFF ASCII table Another element of complexity • Using hopping method to determine how much the rotor will spin in every char encryption cycle. Both ends of the communication will know the function ahead so there is no need to send data for this method (less use of FPGA memory resources). • The function we will use will be a generation of Fibonacci sequence, with randomly chosen start conditions (we will need 2 random integers, different ones for each rotor). Top Level – part B GUI for the user RAM key keys file positions file date DLP mux Rotor A Rotor RotorAA Send data file send text RX text RAM Firstposition Project Timetable task name Reading materials Characterization duration 1 weeks 1 weeks VHDL code writing: encryption Mid presentation decryption 8 weeks 5 weeks 1 weeks 3 weeks Verification and Debugging Final report Final presentation 3 weeks 21/10 28/10 4/11 11/11 18/11 25/11 2/12 9/12 16/12 23/12 30/12 6/1 13/1 20/1 27/1 3/2 E X A M 7 weeks 1 weeks Until the middle-presentation in the next month – encryption data flow should be ready to synthesis. Validation system written in C by Golden Model.
