SECURITY SYSTEM ENCRYPTION FOR A WIRELESSHART Rajesh Yeredla
advertisement
SECURITY SYSTEM ENCRYPTION FOR A WIRELESSHART Rajesh Yeredla B.Tech. Jawaharlal Nehru Technological University, India, 2007 Pavan Telukuntla B.Tech. Jawaharlal Nehru Technological University, India, 2003 M.Tech. DR. MGR University, India, 2006 PROJECT Submitted in partial satisfaction of The requirements for the degree of MASTER OF SCIENCE in ELECTRICAL AND ELECTRONIC ENGINEERING at CALIFORNIA STATE UNIVERSITY, SACRAMENTO SUMMER 2010 SECURITY SYSTEM ENCRYPTION FOR A WIRELESSHART A Project by Rajesh Yeredla Pavan Telukuntla Approved by: ________________________________, Committee Chair John.C.Balachandra, Ph.D. ________________________________, Second Reader Russ Tatro, M.S. _________________________ Date ii Students: Rajesh Yeredla Pavan Telukuntla I certify that these students have met the requirements for format contained in the University format manual, and that this project is suitable for shelving in the Library and credit is to be awarded for the project. ________________________, Graduate Coordinator Suresh Vadhva, Ph.D. Department of Electrical and Electronic Engineering Abstract iii _____________________ Date of SECURITY SYSTEM ENCRYPTION FOR A WIRELESSHART by Rajesh Yeredla Pavan Telukuntla WirelessHART is a secure Time Division Multiple Access (TDMA) based wireless mesh networking technology operating in the 2.4 GHz Industrial, Scientific and Medical (ISM) radio band. The specifications in the WirelessHART have been organized well, but security standards are loosely defined. This project will focus on the security aspects, that is the keying and design of a security system for the Data-link layer of the WirelessHART network using the AES algorithm. The data in the WirelessHART network is encrypted using the AES algorithm and transmitted in the mesh network. The report on our design of this security system will include the understanding of the types of security provided in WirelessHART network, threats in the network, cryptography, programming in Verilog and use of matrices. ________________________________, Committee Chair John.C.Balachandra, Ph.D. ______________________ Date iv ACKNOWLEDGMENT Firstly, we would like to thank Professor Dr. John C Balachandra for giving us an opportunity to do this project. His continuous support was the main thing that helped us develop immense interest on the project that led to designing a new security system for one of the emerging technologies. Dr. Balachandra helped us by providing many sources of information that we needed from beginning of the project till the end. He was always there to meet, talk and answer the questions that we came across during the project. Special thanks to our advisor Dr Suresh Vadhva for helping us complete the writing of this dissertation, without his encouragement and constant guidance we could not have finished this report. We would also like to acknowledge and thank Professor Russ Tatro, Faculty Member, EEE department for being part of the review committee and extending his guidance for better formulation of our project. We also thank him for his review and comments on the project report. We also thank all our friends and Electrical engineering department who helped us to complete our project work successfully. Without any of the above-mentioned people the project would not have come out the way it did. Thank you all. v TABLE OF CONTENTS Page Acknowledgment .......................................................................................................... v List of Tables .............................................................................................................. ix List of Figures ................................................................................................................x Chapter 1. INTRODUCTION ...................................................................................................1 2. BACKGROUND RESEARCH ON HART AND WIRELESSHART ................... 3 2.1 Point to Point............................................................................................... 5 2.2 Multi Drop .................................................................................................. 5 2.3 WirelessHART Architecture .................................................................... 6 2.3.1 Physical Layer .................................................................................. 10 2.3.2 Data-link Layer ................................................................................ 10 2.3.3 Network Layer ................................................................................. 11 2.3.4 Transport Layer ................................................................................ 12 2.3.5 Application Layer ............................................................................ 13 3. SECURITY IN WIRELESSHART ...................................................................... 14 3.1 End to End Security ....................................................................................... 14 3.2 Per-Hop Security ........................................................................................... 16 3.3 Peer to Peer Security ..................................................................................... 17 3.4 Threats in Security......................................................................................... 17 3.4.1 Interference ............................................................................................ 17 3.4.2 Jamming ................................................................................................. 18 3.4.3 Sybil Attack ........................................................................................... 18 3.4.4 Tampering .............................................................................................. 18 vi 3.4.5 Collusion ................................................................................................ 19 3.4.6 Exhaustion.............................................................................................. 19 3.4.7 Spoofing ................................................................................................. 20 3.4.8 Denial of Service.................................................................................... 20 3.4.9 De-Synchronization ............................................................................... 20 3.4.10 Traffic Analysis ................................................................................... 21 3.4.11 Wormhole ............................................................................................ 21 3.4.12 Selective Forwarding Attack................................................................ 22 4. ADVANCED ENCRYPTION STANDARD ....................................................... 23 4.1 Why AES? ..................................................................................................... 25 4.2 AES Algorithm Implementation ................................................................... 26 4.2.1 Sub-Byte Transformation....................................................................... 28 4.2.2 Matrix-row Shift Transformation .......................................................... 29 4.2.3 Mix-Column Transformation ................................................................. 30 4.2.4 Adding Round Key Transformation ...................................................... 32 5. DESIGN AND IMPLEMENTATION ....................................................................34 5.1 Assumptions And Specifications................................................................... 34 5.2 Tools and Languages ..................................................................................... 35 5.3 Features of Virtex FPGA ............................................................................... 36 5.4 Project Design Flow ....................................................................................... 37 5.4.1 Design Entry .......................................................................................... 37 5.4.2 Simulation ..............................................................................................40 5.4.3 Synthesis ................................................................................................41 6. CONCLUSION ..................................................................................................... 43 vii Appendix A ................................................................................................................ 45 References .................................................................................................................. 52 LIST OF TABLES Page viii Table 3.1 WirelessHART Network layer PDU........................................................... 15 Table 4.1 Different types of key sizes ........................................................................ 24 Table 4.2 Adding round key transform ....................................................................... 33 LIST OF FIGURES Page ix Figure 2.1 Frequency shift keying enabling simultaneous signals ............................... 4 Figure 2.2 Point to point mode ..................................................................................... 5 Figure 2.3 Multidrop mode ........................................................................................... 6 Figure 2.4 wireless mesh network ................................................................................ 8 Figure 2.5 Layers in WirelessHART ........................................................................... 9 Figure 4.1 Encryption of AES .................................................................................... 27 Figure 4.2 AES specified substitution matrix ............................................................. 29 Figure 4.3 Matrix-row shift transformation matrix, circular left shift ........................ 30 Figure 4.4 AES provided standard matrix .................................................................. 31 Figure 5.1 Virtex Board .............................................................................................. 35 Figure 5.2 Block diagram for AES Encryption .......................................................... 38 Figure 5.3 Finite State Machine for Encryption ......................................................... 39 Figure 5.4 Output of Sub-byte Matrix ........................................................................ 40 Figure 5.5 Key Scheduling ......................................................................................... 41 Figure 5.6 Script for generating timing reports ...........................................................42 Figure 5.7 Gate level diagram of Encryption after synthesis .......................................42 Chapter 1 x 1 INTRODUCTION In this project our aim is to concentrate on several aspects of security in wireless Highway Addressable Remote Transducer (HART) and design an algorithm in Verilog HDL to encrypt data. The input data is encrypted using a key and the transmitted this data to the receiver. We designed an algorithm that can secure the WirelessHART network and it will be useful as a future reference to anyone who intends to design a security system for a specific layer in WirelessHART or for the total network as a whole. We are using the Advanced Encryption Standard (AES) to encrypt the data in a WirelessHART network. AES is a part of the Data-link layer of the WirelessHART network. The algorithm is implemented as a Verilog program that does the actual job of encryption. This algorithm generates the coding keys that are necessary for the encryption of data; the keys are generated continuously as long as the WirelessHART network is in use. This is because the keys in the network are continuously changed to avoid them from being easily breached. Our main focus is on the security of the Data-link layer; this is because Data-link layer is the most important layer in the WirelessHART network. The Data-link layer is responsible for secure, reliable and error free communication of the data between the devices in WirelessHART network, it is used to provide security within the network which is called Per-hop security. 2 Verilog hardware descriptive language is used to implement the algorithm because it is very convenient to change or modify the program later, may it be the logic or addition of extra modules to strengthen security. Another reason for preferring Verilog is that we can design the logic for other devices in the system or network and tie them all together. A control system or a host application controls all the devices in a network; programming the hardware can control the entire automatic operations that can be done by using Verilog. Understanding the architecture and behavior of the WirelessHART network and providing security using AES is all that we do in this project. The chapter 1 is an introduction to WirelessHART and its security. Chapter 2 gives the background knowledge of HART and WirelessHART, modes of operation and their architecture. Chapter 3 explains the types of security and threats faced by WirelessHART networks in general. Chapter 4 details the how we use the AES to provide security, how AES is implemented and the different states that occur which form the base for implementing the algorithm in Verilog, finally chapter 5 which explains design flow which means it explains how simulation and synthesis are carried out and what are the tools used to design encryption, followed by the conclusions and references. 3 Chapter 2 BACKGROUND RESEARCH ON HART AND WIRELESSHART HART protocol is used for communication and control purposes, which is widely accepted in the industry as the standard for digitally enhanced communication with smart field instruments. Rosemount Inc. developed the HART protocol in 1980’s and the protocol was later made open to all. HART user group was formed in 1990, after three years all the rights in the protocol and registered trademark were transferred to the HART communication Foundation (HCF). The main goal of any organization is improving the production, deliver the products rapidly, and improve quality, cut down operational and maintenance costs and HART protocol achieves the above. [1] HART Protocol plays a major part in cost saving, the cost saving could be done in following: 1. Commissioning and installation 2. Plant operations and improved quality 3. Maintenance The HART protocol uses the Bell 202 Frequency Shift Keying (FSK) standard; it is used to superimpose digital signals with 4-20 mA analog signals. This enables HART protocol to carry out multiple operations; a field device returns two or more digital 4 updates per second without interrupting any analog signal transmission that is taking place. This produces a simultaneous communication with a very good response time. Figure 2.1 – Frequency Shift Keying enabling simultaneous signals [17] There are two types of devices in HART communications; master or host and slave or field device. The master device is generally a PC based workstation or a control room full of workstations; the slave devices can be handheld devices, sensors, transmitters etc. The variety ranges from two-wires and four-wired devices to intrinsically safe versions for use in hazardous environments. The host devices have a FSK modem connected externally in series to them and the field (slave) devices have an integrated FSK modem. If we intend to connect many (> 1000) devices a multiplexer is used. HART enables networking of these devices to suit various applications. These networks include pointto-point and multidrop. 5 2.1 Point to Point: In the point-to-point mode the master device is connected to only one field device. The digital signal takes care of other operations, commissioning, network diagnosis and maintenance. The signals do not interfere with each other. Figure 2.2 – Point-to-point mode [18] 2.2 Multi Drop: In this mode of operation there are multiple field devices that are connected in parallel through a single pair of wires; a maximum of 15 devices can be connected. The field devices are mostly powered externally since the power required for all the devices cannot be channeled from the control center; the current in each field devices is fixed to a minimum value of 4mA. 6 Figure 2.3 – Multidrop Mode [18] 2.3 WirelessHART Architecture: WirelessHART is a secure and TDMA-based wireless mesh networking technology operating in the 2.4 GHz ISM radio band [13]. WirelessHART was specifically designed for Unlike other wireless protocols, process control applications. WirelessHART is first open standard for automation industry specified by HART Communication Foundation (HCF) and approved by IEC was officially released in September 2007. Before the advent of WirelessHART there have been several technologies such as Bluetooth, WI-FI and Zigbee. However, these technologies failed to meet the requirements of automation industry standards because wireless devices should be able to get updates from sensors every second. Neither Zigbee nor Bluetooth can update from sensors this quick [5]. Zigbee specification has low transmission rate, low power wireless and has no built-in channel hopping technique, thus would surely fail in automation environment. Bluetooth assumes quasi-static star network, which is not scalable enough to be used in large process control systems. WirelessHART is 7 specifically designed to solve these problems and provide a complete solution for process control applications [5]. With the release of version 7.0 of the HART protocol referred as WirelessHART, vendors showed greater interest in developing different products based on this protocol. WirelessHART is a secure and robust mesh networking technology and also backward compatible with existing HART devices. The WirelessHART is user friendly, reliable and interoperable wireless mesh sensor protocol [14]. In Wireless Mesh Network (WMNs) all devices acts like router that in turn provides multiple network paths for communication. In each wireless device there should be at least two connected neighbors that can route traffic. The WMNs are combination of ad hoc and sensor networks where sensor nodes act as router and hence support multi-hopping. Wireless mesh nodes are easy to install, making the network extremely adaptable and expandable as more or less coverage is needed. More nodes means bigger and faster network. 8 Figure 2.4 - Wireless Mesh Network [14] Figure 2.4 shows how WirelessHART devices are connected with each other; it consists of five core devices. The wireless sensor devices that are connected to actual processes are called Field devices. An access point that connects wireless network with plant automation network is called Gateway. These gateways are responsible for enabling the communication between host applications and field devices. Network manager is responsible for configuration of the network, scheduling communication between WirelessHART devices; there must be only one active network manager per WirelessHART network. Adaptors are used to connect existing wired HART to 9 WirelessHART devices. Handheld devices can be connected with any field device and is normally used for network monitoring. WirelessHART architecture is similar to the seven layered OSI model with some extensions for more security and reliability. WirelessHART is command oriented; this means all the messages are combinations of commands that flows through the network. WirelessHART protocol is self-healing and self organized, devices are able to find neighbors and establish network by getting channel hopping and measuring signal strength. Figure 2.5 – Layers in WirelessHART [5] 10 All the data transmitting through WirelessHART is well defined and is highly secured. AES-128 (Advanced Encryption Standard) is used for encrypting the data. Figure 2.5 shows different layers in WirelessHART which looks similar to seven layered OSI except for the presentation and session layers. 2.3.1 Physical Layer: The WirelessHART physical layer is based mostly on the IEEE STD 802.15-2006 2.4GHz DSSS physical layer. This layer defines radio characteristics, such as the signaling method, signaling strength, and device sensitivity. WirelessHART operates in 2400-2483.5MHZ license free ISM band with a data rate of up to 250Kbits/s. Its channels are numbered from 11 to 26, with a 5MHz gap between two adjacent channels. Modulation used in this layer is Quadrature Phase Shift Keying (QPSK) with direct sequence spread spectrum [5]. WirelessHART requires that the expected indoor communications distance should be 35 meters with 0dBm transmitter and 75 meters with the transmit power of 10dBm and also it is adjustable in discrete steps. 2.3.2 Data-link Layer: Data-link layer is responsible for secure, reliable, error free communication of data between HART compatible devices. For collision free communication, WirelessHART uses Time Division Multiple Access (TDMA) and channel hopping. A series of time slots form a TDMA superframe, superframe is periodical with total length of the member slots as the period. Communication in a WirelessHART network is defined through the superframe, timeslots and wireless links. WirelessHART defines a strict 10ms time slot and utilizes TDMA technology to provide 11 collision free and deterministic communications. All superframes in a WirelessHART network start from the ASN (Absolute Slot Number) 0; it is the time when the first network is created. Each superframe repeats itself along the time base on its period, one superframe is always enabled while additional superframes can be enabled or disabled. Superframe length is fixed when it is active and length can be modified when inactive. All devices support multiple superframes with differing numbers of timeslots to allow mixing of fast, slow, cyclic and acyclic network traffic. Communication occurs in designated timeslot and frequency channel for that message [16]. Each device supports a class of data units and these units again have different priorities. Commands that include control, configuration information and network related diagnostics are classified to have high priority. The low priority packets belong to ‘alarm’ class that contains only alarm and event payload. All other packets are then grouped into the ‘normal’ class. Priority classification is useful for flow control, which decides how many of which type of packets can be buffered at a relay device. 2.3.3 Network Layer: WirelessHART uses mesh communication technology, so each WirelessHART device must be able to forward packets on behalf of other devices. Two types of routing are supported first one is graph routing and second is source routing. All devices must support both graph and source routing. A graph is a collection of paths that connect network nodes; a path in each graph is explicitly created by the network manager and downloaded to each individual network device. To send a packet, the source device 12 writes a specific graph ID in the network header. All the network devices on the way to the destination must be pre-configured with graph information that specifies the neighbors to whom the packets may be forwarded. Source routing is a supplement of the graph routing aiming at network diagnostics. To send a packet to its destination, the source device includes in the header an ordered list of devices through which the packet must travel. As the packet is routed, each routing device utilizes the next network device address in the list to determine the next hop until the destination device is reached [5]. 2.3.4 Transport Layer: Transport layer provides end-to-end acknowledgement communication, which does automatic retries to confirm successful data transfer. This is a thin layer in WirelessHART that ensures reliable data transmission. A unique feature of this layer is block data transfer mechanism. It sets up a connection oriented communication link between the host application and the field devices. The host application can configure the slave device by opening a port onboard the device using a HART command. The port specifications are also part of the WirelessHART standard. Once the port is opened, transmission rate between the device and host application is negotiated with the network manager to maximize throughput. The block data transfer is required for reliability and end-to-end acknowledgement is necessary to keep track of the data stream. This may call for the network manager to update its routing and scheduling plan to provide the necessary priority. Transport layer is responsible for continuously monitoring the neighbor devices. Devices listen for new neighbors and report if they 13 discover a new neighbor. Each device maintains statistics on communication with other devices like received signal level and packet count. 2.3.5 Application Layer: Application layer is the top-most layer in architecture, WirelessHART uses the standard HART application layer, which is command based. Universal, device family and wireless commands are specified in application layer. Communication between devices and gateway is based on commands and responses. The application layer is responsible for parsing the message content, extracting the command number, executing the specified command, and generating responses. Several new features were added to new version of WirelessHART for better wireless communication and to enhance wired HART capabilities like: 1) Smart data publishing to generate process data messages only when needed. 2) Process values published based on time, variation of signal, or crossing a userdefined threshold. 3) Measurements can be triggered at specific time allowing synchronized operation across multiple devices. 4) Command aggregations enable multiple read commands in one transaction for faster configuration uploads. 14 Chapter 3 SECURITY IN WIRELESSHART In this chapter we will discuss in detail the security in WirelessHART, the security schemes it needs, the security keys needed and the role they play in keeping the system secure. We also analyze and discuss the capabilities and tasks of the security manager, thereby setting up standards for a security manager’s design, specifications, and performance. The WirelessHART standard secures communication between two devices involved in a data transfer, for example a source and the destination at the Network layer and between two neighboring devices at the Data-link layer. The main security services are Confidentiality, data integrity, authenticity and availability. Let us discuss them in detail now: 3.1 End-to-end security: Generally the network layer is used to provide end-to-end security; it can also provide routing and transport services. The network layer gets the Protocol Data Unit (PDU) from Data-link layer and sends it to specific device and if the PDU taken from Data-link layers reaches the wrong device it is sent back to the Data-link layer. The network layer can get the PDU from transport layer directly too. The data that is sent from network layer is enciphered and it can be deciphered only by one particular destination device that is destined to receive that data. The data that travels from the source field device to the end field device always passes through the gateway. The gateway decrypts the data sent by the source field device that has been encrypted by the 15 source field device with a unique session key, the gateway again encrypts with another unique session key which refers to the destination field device and only that destination device can decrypt that. All this is done because two field devices cannot create a session, only gateways and network managers can create sessions with devices [3]. Now let us see how the Network layer implements the end-to-end security using the keys. In any WirelessHART network four session keys, one join key and one network key are used by a device. The transport layer PDU used in the Network layer PDU is encrypted using Advanced Encryption Standard (AES) with a 128-bit key, we will discuss about AES in coming chapters. HEADER SCB COUNTER MIC NPDU Payload Table 3.1 – Wireless HART Network layer PDU SCB – Security control bit MIC – Message Integrity Code SCB: The SCB consists of eight bits, four of which are used to define the type of security and the first four bits are intentionally left blank for security purposes to provide further security in future. 16 MIC: MIC is used for authentication purposes. The data received at the destination device is authenticated by the MIC given by the source device. The MIC is calculated using a process, which will be discussed in detail in the chapter covering AES. 3.2 Per-hop security: The Data-link layer is used to provide Per-hop security, which is basically, the security provided within the system or a network. This security is essential because any network may be tough and secured from the outside but is vulnerable from the inside, thereby can be easily breached. Security is provided between two devices in a network using a network key, which is known to all the devices in that WirelessHART network. The MIC here is calculated for the entire layer. The MIC at the destination device is compared with the one in the Data-link layer PDU by the device, and if both the MICs do not match the data transferred is sent back. The last bit in the Data-link layer is Cyclic Redundancy Check (CRC), it is used to check the errors in data and communication. Devices in a WirelessHART should have a network key to communicate with each other, but the devices only have the join key at beginning and need some key in order to calculate the MIC [2]. The specifier in the Data-link layer PDU is responsible for classifying the type of key being used for authentication, and if that specifier bit is set then the network key is used to authenticate the Data-link layer PDU. If the specifier bit is not set then a key called well-known key is used which is a specified standard in WirelessHART for Per-hop security. 17 3.3 Peer to peer Security: Handheld devices can communicate with one another directly without the involvement of any other manager in the network using a handheld key. First the handheld device has to join the network in order to communicate with the field device, so it needs to get the handheld key from the network manager. As each device has a unique handheld key, the handheld device must acquire that particular key which enables communication with the required field device. The peer-to-peer process is generally used for maintenance purposes. 3.4 THREATS IN SECURITY Threat is defined as an occurrence of an undesirable event in the network. As the WirelessHART network uses both wired and wireless communication, the wireless communication medium is easily prone to threats compared to the wired counterpart [7]. Different kinds of threats are: 3.4.1 Interference: In a mesh network, a number of signals with identical modulation technique and frequency are transmitted at a single event. This sometimes results in the interference of one signal with another within the same band spectrum resulting in the overriding of the actual signal. Some of the devices that share the same spectrum (24002483.5 MHZ) as WirelessHART are Zigbee, and WI-FI. To overcome the interference, WirelessHART standard employs a Frequency Hopping Spread Spectrum (FHSS) [4] that utilizes a pseudorandom code to uniquely identify the receiver and transmitter. Specifying the time and path of the communication also reduces 18 interference. In the wireless medium a reliability of anything less than 100% results in adverse effects. 3.4.2 Jamming: An interruption of the transmitted signal in the target network with the introduction of noise with same frequency and modulation technique is termed jamming. As the WirelessHART communication shares the same band spectrum with most commonly used Bluetooth devices, jamming occurs more frequently compared to interference. Blacklisting technique is used to increase the reliability of communication in WirelessHART. The channel with the most number of jammed communications is identified and it is blacklisted. The blacklisting of a channel results in the reduction of the performance as the number of active channels for communication is reduced. 3.4.3 Sybil Attack: The attacks caused on the communication due to multiple identities of a single device are called Sybil attacks [11]. The previously used sensory and wireless communication systems adapted security systems that allowed a single device to have multiple identities resulting in these attacks. Assigning a unique name to each and every device with in the network reduces the Sybil attacks in a WirelessHART system. All the devices are also tagged with a unique ID to identify them globally. These tags are maintained by the gateway in WirelessHART. 3.4.4 Tampering: The process of modification of communicated data during transmission is called Tampering or modification attack. Generally the data to be transmitted is associated with a protection scheme such as Cyclic Redundancy Check (CRC) or a hash 19 is tagged to the data. The tampering can be easily done in Data-link layer when compared to network layer, but if it is done in network layer the damage will be very serious. Using keyed MIC at both the Data-link layer and Network layer can reduce the data tampering. Frequently changing the network key and protecting the network devices physically can also reduce this. 3.4.5 Collusion: The WirelessHART network consists of many devices that require identical frequency channels for communication. When more than one of these devices try to communicate with the same channel at exactly the same time leads to collusion. The collusion can be caused either by an attacker or even by a device with less timing restrictions. Collusion can be detected by Cyclic Redundancy Check (CRC) [2]. Using specified timing slots for devices and setting the device priorities can reduce collusion. Collusion can also be reduced by proper integration of the Data-link layer and Physical layer. 3.4.6 Exhaustion: All the devices that are part of the WirelessHART network are familiar with all the network parameters that are required to communicate with other device using the well-known key. An attacker device can use this well-known key to calculate the MIC for Data-link layer PDU and uses a fake join key for Network layer PDU. When the Network manager receives the data that is transmitted from the attacker device it checks for the join key and denies the data because a fake join key was used. The exhaustion problem does not cause any damage to the devices but it reduces the 20 performance as the time and resources in the transmission of fake data are wasted. Protecting the network parameters can reduce this problem. 3.4.7 Spoofing: All the devices in the WirelessHART network are associated with a network key, used to connect to a network and communicate with in the network. Sometimes this network key is also used to advertise and attract other devices to join the network. An attacker tracks down the network key, changes it and advertises the modified one. This false network key attracts more number of devices to send join requests causing more network traffic blockages. Frequently changing and monitoring the network key by the network manager can reduce the Spoofing problem in the network. 3.4.8 Denial of Service: The denial of service is the most common and effective attack for the normal operation interruption in the WirelessHART. The denial of service is more frequent in WirelessHART compared to HART protocol. The denial can be caused due to many reasons such as increase in the number of join requests in the network, advertisements by the attacker, jamming or by exhaustion [5]. 3.4.9 De-synchronization: The WirelessHART system is designed with strict timing requirements. The introduction of false timing specifications by an attacker in the network causes the device to miss the timing requirements and this leads the transmission to abort and restart again which means wastage of both resources and time. The timing problem is reduced by introducing a timer module and fixing all the time slots for the devices to a defined amount (10ms). Whenever a node receives an 21 acknowledgement signal, the timer is reset to default value. This helps in keeping the devices in synchronization. 3.4.10 Traffic Analysis: In the wired network there should exist a physical connection between the communicating devices. In a wireless network the transmission medium is air, this makes the wireless communication more prone to traffic analysis by the attacker because the Network layer PDU header and Data-link layer PDU are not encrypted. By using the information from the header the attacker can analyze the network. For example, the join requests from the devices outside the network can be analyzed and fake permission can be issued to the device To minimize the traffic analysis affects the Data-link layer PDU can be encrypted with network key. This results in the increase of the time taken for the communication, because the intermediate devices between the source and destination have to decrypt the Network layer PDU at the Data-link layer to know the information of the destination device. 3.4.11 Wormhole: The attacker can accomplish the wormhole attack by using wired HART devices connected to WirelessHART network. Connecting them either by a wired or wireless link to create a wormhole creates a tunnel. Transferring the data in a pre-specified route from source to destination can minimize the wormhole attacks. These attacks can also be minimized by packet leashing techniques [6]. Providing physical protection to the network can minimize the wormhole attacks in wired connections. 22 3.4.12 Selective Forwarding Attack: Some of the received data packets at a node that are not legitimate are discarded. For example if a fake join key is used for Network layer PDU and transmitted to the destination device, on receiving data the destination device checks for the join key and discards the data because it used a fake join key. A node generally forwards and drops packets of data selectively to be considered as a good device [5]. Monitoring the network by using good network manager can minimize these selective forwarding attacks. The network manager can also be used along with handheld device to monitor the entire network. 23 Chapter 4 ADVANCED ENCRYPTION STANDARD Security plays an important role in communication as it contains sensitive data, especially in wireless communication where the data is shared between different wireless devices. We have to make sure that information must be transmitted over secured networks, so that it cannot be misused by unauthorized person. Cryptography is the process of hiding the data by using secured keys; it provides a method for securing and authenticating the transmission of information over channels. We used Advanced Encryption Standard (AES-128) in WirelessHART protocol to ensure a secured communication [12]. AES specifies the Rijndael algorithm, a symmetric block cipher that can process data blocks of 128 bits using cipher keys with lengths of 128,192 and 256 bits. National Institute of Standards and Technology (NITS) announced AES in 2001. The AES algorithm is performed in Nr (Number of Rounds). The architecture of one round contains two different data-paths, the encryption data-path and key scheduling data-path. The size of data block in AES is 128 bit long and the key size can be 128, 192 and 256 bits. The AES algorithm contains mainly three parts; cipher, inverse cipher and key expansion. Cipher converts data into unintelligible form called ciphertext while inverse cipher converts data back into its original form called plaintext. Key expansion generates a key schedule that is used in cipher and inverse cipher procedure. We have designed 24 AES algorithm using Verilog and RTL code of AES was simulated on Modelsim and synthesized using VCS synopsis. Block size (Nb) Key length (Nk) Number words words Rounds (Nr) AES-128 bits key 4 4 10 AES-192 bits key 4 6 12 AES 256 bits key 4 8 14 of Table 4.1 Different types of key sizes The above table 4.1 shows that number of rounds depend on AES key size. For a 128 bit key, the key is divided into 4X4 matrix in which each element is 8 bits. Similarly, for 192 bit size, the key is divided into 6X6 matrix with each element is 8bit. It is the same case for 256-bit size that is divided into 8X8 matrix. The AES algorithm starts with initial transformation of data matrix followed by ten iteration rounds. A round consists of four transformations they are 1) Byte substitution (SubByte) 2) Row shifting (Shiftrows) 3) Mixing of columns (Mixcoloumns) 25 4) Addition of round key (Addroundkey). From each round, a round key is generated from the original key through key scheduling process. The last round consists of subbytes, shiftrows and addroundkey transformation. 4.1 Why AES? There are many algorithms like Data Encryption Standard (DES) and triple DES, then why is AES used for security in the WirelessHART? [15] The reasons for using AES 1) It has strong resistance against all known attacks because it uses a minimum of 10 rounds for generating ciphertext. The number of rounds is not fixed; they are varied according to the security level and size of the key. 2) As it is symmetric algorithm the operation is faster compared to other cryptography algorithms. The round transformation is parallel by design; this makes all the round calculations faster, which generates output block. 3) Compared to other cryptographic algorithms the AES algorithm has a simple design. 4) It is hard to crack AES because it uses different steps like shifting, mixing and adding schedule keys. 26 5) Guarantees high diffusion over multiple rounds. 6) Corresponds to the parallel application of S-boxes that have optimum worst-case non-linearity properties. 7) Finally the AES is well suited to be implemented efficiently on a wide range of processors and in dedicated hardware typical for a PC. 4.2 AES Algorithm Implementation: In the implementation of the algorithm, the data to be transmitted is divided into equal blocks of 128 bits each. The data is further divided into a 4x4 matrix in which each element is of 8-bits. The elements in the matrix are represented in hexadecimal form. The matrix is formed such that the four elements in the first column are the first 32 bits of the data. The length of the data block (Nb) is defined as the number of 32-bit words in each block and is equal to 4. The length of the key that is used for encryption of the data can be 128, 192 or 256 bits in length. The length of the key (Nk) is defined as the number of 32-bit words in the key. The length of the key for 128, 192 and 256 bits are 4, 6 and 8 respectively. Depending on the length of the encryption key the number of iterations performed to encrypt the data increases. The number of rounds (Nr) required encrypting the data for a key length of 128, 192 and 256 bits are 10, 12 and 14 respectively [12]. 27 PLAIN TEXT ROUND KEY (0) ADD ROUND KEY Ro SUB BYTES SHIFT ROWS MIX COLUMNS ROUND KEY (i) ADD ROUND KEY SUB BYTE SHIFT ROWS ADD ROUND KEY ROUND KEY (Nr) CIPHER TEXT Figure 4.1- Encryption of AES [12] 28 The encryption starts by copying the input data in matrix form into a two-dimensional array called data array and performing the addition operation on the array with the initial cipher key. The data array is then transformed 10, 12 or 14 times depending on the length of the cipher key. The length of cipher key used in our project is 128 bits and the number of transformation rounds required to encrypt the data with the key is 10. Each transformation round consists of four basic steps and they are 1) Sub-byte transformation 2) Matrix-row shift transformation 3) Mix-column Transformation 4) Adding round key transformation All the rounds of transformation perform these four steps in the same order except the final round, which skips the third step. 4.2.1 Sub-Byte Transformation: In the sub-byte transformation each element of the matrix is replaced by a corresponding element from the substitution table provided by the AES in figure 4.2. The elements of both the sub-byte matrix and the substitution matrix are represented in hexadecimal format. As the elements in the matrix are in hexadecimal form each element can only be represented by two digits and can be easily substituted from the substitution table. For example if the element in the sub-byte matrix is [A5] it will be replaced by [06] after the transformation. The first digits ‘A’ matches with the 29 digit represented by row ‘a’ and the second digit ‘5’ corresponds to the column ‘5’. The element in the substitution table representing this combination replaces the sub-byte element. Figure 4.2 AES specified substitution matrix [12] 4.2.2 Matrix-row shift transformation: In the matrix-row shift transformation the elements of the matrix obtained after the sub-byte transformation are shifted left in circular shift method. In the circular row shift method the first element is replaced by second element, second by third, third by fourth and fourth element by the first. In this step the first row is not shifted, second row is shifted one time, third row is shifted two times and the fourth row by three times. This step is illustrated in figure 4.3. 30 Figure 4.3 Matrix-row shift transformation matrixes, circular left shift [12] 4.2.3 Mix-column Transformation: In the mix-column transformation step, the matrix obtained after the matrix-row transformation is multiplied with a standard matrix (in fig 4.4) provided by AES. The matrix multiplication performed in this step is not the general matrix multiplication, because in general if we multiply two 2-digit numbers we get a result with more than two digits. As we just have only 2-hexadecimal digits to represent each element before and after transformation, the multiplication and addition required in the general matrix multiplication are not performed here. Instead, the multiplication is performed by representing both the elements to be multiplied in the polynomial form and then multiplying them and reducing the obtained polynomial with modulo by an irreducible polynomial of 8th degree. The standard irreducible polynomial provided by AES is ‘x8+x4+x3+x+1’. 31 Figure 4.4 AES provided standard matrix [12] For example if the two elements to be multiplied are ‘63’ and ‘34’, 63 is represented in binary form as 01100011 and 34 as 00110100 and in polynomial form as 63= x6+x5+x+1, 34= x5+x4+x2. The multiplication of these two polynomials results in (63). (34) = (x6+x5+x+1) (x5+x4+x2) = x11+x9+x8+x7+x6+x4+x3+x2. The modulo is performed on the above result using the AES standard irreducible polynomial to obtain a polynomial with a degree less than eight. (x11+x9+x8+x7+x6+x4+x3+x2) modulo (x8+x4+x3+x+1) = x5+x3+1. As the elements in the standard matrix consist of only 01, 02 and 03 a easy method can be used to obtain the multiplication result. If an element is multiplied by 01, the result is the element itself and the multiplication with 02 can be obtained by left shifting the element bit-wise. The multiplication by 03 can be obtained by splitting the 03 into (01 ⨁ 02) ⨁ represents XOR. For example: (63). (03) = (63). (01 ⨁ 02) = [(63). (01)] ⨁ [(63). (02)] = (63) ⨁ (C6) = [A5] 32 The addition part of the matrix multiplication is done by performing bit-wise XOR operation on the numbers that are to be added after multiplication of each element. 4.2.4 Adding round key Transformation: In this transformation step, a bit-wise XOR operation is performed for the matrix obtained from step 3 and the round key obtained in the respective stage. To obtain the round key for the first round, the encryption key that is used to XOR with the original data before the start of first round is used. The original encryption key is divided into four 32-bit words and the first 32-bit word of the round key for first round is obtained by performing a bit-wise XOR operation for first 32-bit word and last 32-bit word of the original encryption key. The second word of round key is obtained by XOR operation between the second word of original encryption key and the first word of round key. For third word of round key the XOR operation is performed between third word of original encryption key and second word of round key. The fourth word is obtained by performing the XOR operation between fourth 32-bit word of original encryption key and the third word of round key obtained above. The round key obtained in the first round is used as the original encryption key for the second round and so on. For example consider Encryption key = 6c 9d 7e b3 4d 5e 63 34 80 52 1e 22 de 34 2c cd The 32-bit words will be w1 = 6c9d7eb3 w2 = 4d5e6334 w3 = 80521e22 w4 = de342ccd 33 Original encryption Word to be XOR Round Key key with 6c9d7eb3 de342ccd b2a9527e 4d5e6334 b2a9527e fff7314a 80521e22 fff7314a 7fa52f68 de342ccd 7fa52f68 a19103a5 Table4.2 Adding round key transform In the last round of the data encryption the mix-column transformation step is skipped and XOR operation is performed between the matrix obtained from the row-shift transformation step and the round key to obtain the final encrypted data matrix. 34 Chapter 5 DESIGN AND IMPLEMENTATION WirelessHART is now an emerging network technology which was standardized in 2007 and it is growing and flourishing rapidly. There are more than 30 companies engaged in bringing WirelessHART products to market. Many challenges are being set: like increasing the speed, bringing down the cost of producing firmware and radios, gateways, and adapters. After doing research on WirelessHART we found that it is a layered protocol and out of which Data Link Layer is important. Here in this project we made an attempt to design security system in Data Link Layer so that we can integrate the design logic in chips (ASIC/FPGA). 5.1 Assumptions and Specifications: 1) 128-bit key is used for encryption to generate cipher text from plain text. 2) The data input which comes to the Data-link layer is considered as four words in size so that encryption is done properly. 3) The Sub-byte matrix which is used in encryptions is generated from Verilog test bench and is not used for synthesis. 4) Xilinx Virtex FPGA (Model: XC5VLX30-1FF324C) is used for implementation. 5) The plain text is assumed as serial data input for our design. 35 5.2 Tools and Languages: 1) Environments used: Windows is used for RTL design and simulation. UNIX is used for synthesis and generating timing and area reports. 2) The RTL design was performed using Verilog HDL. The coding is done using Modelsim simulation tool. 3) The synthesis of the design was performed using Synopsys VCS. 4) Virtex board: Virtex board has a FPGA connected to switches and LEDs. The FPGA is at the bottom of the silk screening. The program developed to run our logic is dumped into the FPGA. 5) TCL scripting is used for generating timing and area reports. Figure 5.1 Virtex Board 36 5.3 Features of Virtex FPGA: We used a Virtex-5 FPGA for our project because of its salient features, these are: 1. It has five platforms LX, LXT, SXT, TXT, and FXT. 2. It is cross-platform compatible. 3. Power clock management tile (CMT) clocking. 4. 36-kbit blocks RAM/FIFOs. 5. High-performance parallel select IO technology. 6. Advanced DSP48E slices. 7. Flexible configuration options. 8. System monitoring capability on all devices. 9. Integrated endpoint blocks for PCI express designs. 10. Tri-mode 10/100/1000 Mb/s Ethernet MACs. 11. Rocket IO GTP transceivers 100 Mb/s to 3.75 GB/s and 150 Mb/s to 6.5 Gb/s. 12. PowerPC 440 Microprocessors. 13. 65-nm copper CMOS process technology. 37 14. High signal-integrity flip-chip packaging available in standard or Pb-free package options. 5.4 Project design flow: There are three phases in our project, they are: 5.4.1 Design Entry: The block diagram (Figure 6.2) shows how the data is encrypted in the message handling module. The data which comes into the module is first converted into four 32-bit chunks (represented in a 4x4 matrix form) using serial to parallel converter. Then these 32-bit chunks are XORed with a key (user-defined). The resulting 32-bit chunks are converted into sub-byte blocks of data using s-chart as shown in figure 4.2. We have designed a shifter block to manipulate the 4x4 matrix using three different functions; first function will shift one byte of substitution matrix, second function shifts two and the third shifts three respectively. After generating shifter block we have designed a matrix multiplier method in which we multiply the elements of the 4x4 matrix with AES specified mixed column matrix as described in section 4.2. This process repeats for ten rounds to generate a ciphertext. 38 Serial data input Serial to parallel converter Serial data output Parallel to serial converter Xor block Shifter Mix columns Key scheduler Matrix column Test bench Figure 5.2 Block diagram for AES Encryption Finite State Machine (FSM) for data Encryption: Figure 5.3 shows the state diagram of data encryption. Each state represents a transform; there are a total of 6 states in this finite state machine. S0 is the idle state, initialization of all the signal is done in this state and whenever the FSM is reset it returns to this state. In S1, S2, S3 and S4 sub-byte transform, matrix-row shift transform, mix-column transform and adding round key transform are performed respectively. Each state has a counter (cnt) which counts from 39 zero to three (four 32-bit words). S5 is final state where the ciphertext is generated when round key equals to ten (tenth round). Figure 5.3 Finite State Machine for Encryption 40 5.4.2 Simulation: In this phase we used Modelsim tool to write the Verilog program for our logic design. We simulated the Verilog program and checked the functionality of the design. The following waveforms show the simulated output which were generated using Modelsim. Figure 5.4 shows the sub-byte matrix output for two rounds. Figure 5.5 shows the simulated waveform of Key scheduling module. The simulation results are included in appendix A. Figure 5.4 Output of sub-byte matrix 41 Figure 5.5 Key scheduling 5.4.3 Synthesis: Logic synthesis is a process by which an abstract form of desired circuit behavior (typically register transfer level (RTL)) is turned into a design implementation in terms of logic gates. In this phase we used Synopsys VCS for synthesis of Verilog code which was developed in simulation phase using Modelsim. During synthesis TCL script importing symbol library, target library and link library to synthesize the RTL code to get a gate level design. Synthesizer uses the gate delays, gate size from symbol library for generating the gate circuit. 42 Figure 5.6 Script for generating timing reports Figure 5.6 shows the TCL script which generates timing, area and attribute reports. In this script we set constraints like clock, clock delay, area and operating conditions. The timing, area and attribute reports are included in the appendix A. Figure 5.7 Gate level diagram of Encryption after synthesis 43 Chapter 6 CONCLUSION The security requirements for a WirelessHART network have been studied and security system is designed using AES algorithm. The algorithm is implemented using Verilog. The data in the WirelessHART network is encrypted using AES algorithm and authenticated using keys. The Verilog code written to implement the AES algorithm is simulated using Modelsim and the results are generated. Therefore the security provided for the WirelessHART is strong and can protect the network. The encrypted data is compared with the decrypted data and the results differed slightly at the first two trails, this was because the algorithm implementation went wrong. Verilog executes the program in a parallel fashion unlike the programs in C language or any other programming language, so we had to carefully go through each and every step of the procedure of encryption of data many times. We represented the bits of the data in matrix form which helped us a lot as there are a lot of ways in which a matrix can be manipulated and also because matrix operations can be easily done. The major success in our attempt to secure a WirelessHART network came from a decision which we made at early stages of our project; we used Verilog HDL for implementation of the AES algorithm which made our task easy as the simulation process makes it easy to figure out the errors if any in our program. Some previous attempts were made using different algorithms and programming languages to encrypt data, but our 44 attempt is unique and it also is very beneficial since the algorithms can be easily implemented without much effort, error detection in implementation can be easily rectified and can be maintained easily by the control system of the WirelessHART network. This was a sincere attempt to make WirelessHART a secure communication network. As we work towards the goal of making WirelessHART a reliable and productive option for networking, this effort will help understand the use of implementing AES algorithm using Verilog to secure the WirelessHART better. 45 APPENDIX A Simulation Results Round key results Chronologic VCS simulator copyright 1991-2005 Contains Synopsys proprietary information. Compiler version Y-2006.06-SP1; Runtime version Y-2006.06-SP1; 12:05 2010 May 3 VCD+ Writer Y-2006.06-SP1 Copyright 2005 Synopsys Inc. 0subin=xxxxxxxx, subout=xxxxxxxx, shiftrows=xxxxxxxx,key=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx,datain=xxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxx 10subin=xxxxxxxx, subout=xxxxxxxx, shiftrows=xxxxxxxx,key=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx,datain=00110010 010000111111011010101000 20subin=xxxxxxxx, subout=xxxxxxxx, shiftrows=xxxxxxxx,key=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx,datain=10001000 010110100011000010001101 30subin=xxxxxxxx, subout=xxxxxxxx, shiftrows=xxxxxxxx,key=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx,datain=00110001 001100011001100010100010 40subin=xxxxxxxx, subout=xxxxxxxx, shiftrows=xxxxxxxx,key=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx,datain=11100000 001101110000011100110100 50subin=xxxxxxxx, subout=xxxxxxxx, shiftrows=xxxxxxxx,key=00101011011111100001010100010110,datain=11100000 001101110000011100110100 60subin=xxxxxxxx, subout=xxxxxxxx, shiftrows=xxxxxxxx,key=00101000101011101101001010100110,datain=11100000 001101110000011100110100 70subin=xxxxxxxx, subout=xxxxxxxx, shiftrows=xxxxxxxx,key=10101011111101110001010110001000,datain=11100000 001101110000011100110100 Subbyte Values after First Round 80subin=xxxxxxxx, subout=xxxxxxxx, shiftrows=xxxxxxxx,key=00001001110011110100111100111100,datain=11100000 001101110000011100110100 90subin=19a09ae9, subout=d4e0b81e, shiftrows=d4e0b81e,key=00001001110011110100111100111100,datain=11100000 001101110000011100110100 100subin=3df4c6f8, subout=27bfb441, shiftrows=bfb44127,key=00001001110011110100111100111100,datain=11100000 001101110000011100110100 46 110subin=e3e28d48, subout=11985d52, shiftrows=5d521198,key=00001001110011110100111100111100,datain=11100000 001101110000011100110100 Subbyte Values after Second Round 120subin=be2b2a08, subout=aef1e530, shiftrows=30aef1e5,key=00001001110011110100111100111100,datain=11100000 001101110000011100110100 130subin=a4686b02, subout=49457f77, shiftrows=30aef1e5,key=00001001110011110100111100111100,datain=11100000 001101110000011100110100 140subin=9c9f5b6a, subout=dedb3902, shiftrows=dedb3902,key=00001001110011110100111100111100,datain=11100000 001101110000011100110100 150subin=7f35ea50, subout=d2968753, shiftrows=968753d2,key=00001001110011110100111100111100,datain=11100000 001101110000011100110100 Subbyte Values after Third Round 160subin=f22b4349, subout=89f11a3b, shiftrows=1a3b89f1,key=00001001110011110100111100111100,datain=11100000 001101110000011100110100 170subin=aa618268, subout=acef1345, shiftrows=45acef13,key=00001001110011110100111100111100,datain=11100000 001101110000011100110100 180subin=8fddd232, subout=73c1b523, shiftrows=45acef13,key=00001001110011110100111100111100,datain=11100000 001101110000011100110100 190subin=5fe34a46, subout=cf11d65a, shiftrows=cf11d65a,key=00001001110011110100111100111100,datain=11100000 001101110000011100110100 Subbyte Values after Fourth Round 200subin=03efd29a, subout=7bdfb5b8, shiftrows=dfb5b87b,key=00001001110011110100111100111100,datain=11100000 001101110000011100110100 210subin=48674dd6, subout=5285e3f6, shiftrows=e3f65285,key=00001001110011110100111100111100,datain=11100000 001101110000011100110100 220subin=6c1de35f, subout=50a411cf, shiftrows=cf50a411,key=00001001110011110100111100111100,datain=11100000 001101110000011100110100 230subin=4e9db158, subout=2f5ec86a, shiftrows=cf50a411,key=00001001110011110100111100111100,datain=11100000 001101110000011100110100 Subbyte Values after Fifth Round 240subin=ee0d38e7, subout=28d70794, shiftrows=28d70794,key=00001001110011110100111100111100,datain=11100000 001101110000011100110100 250subin=e0c8d985, subout=e1e83597, shiftrows=e83597e1,key=00001001110011110100111100111100,datain=11100000 001101110000011100110100 47 260subin=9263b1b8, subout=4ffbc86c, shiftrows=c86c4ffb,key=00001001110011110100111100111100,datain=11100000 001101110000011100110100 270subin=7f6335be, subout=d2fb96ae, shiftrows=aed2fb96,key=00001001110011110100111100111100,datain=11100000 001101110000011100110100 Subbyte Values after Sixth Round 280subin=e8c05001, subout=9bba537c, shiftrows=aed2fb96,key=00001001110011110100111100111100,datain=11100000 001101110000011100110100 290subin=f1c17c5d, subout=a178104c, shiftrows=a178104c,key=00001001110011110100111100111100,datain=11100000 001101110000011100110100 300subin=0092c8b5, subout=634fe8d5, shiftrows=4fe8d563,key=00001001110011110100111100111100,datain=11100000 001101110000011100110100 310subin=6f4c8bd5, subout=a8293d03, shiftrows=3d03a829,key=00001001110011110100111100111100,datain=11100000 001101110000011100110100 Subbyte Values after Seventh Round 320subin=55ef320c, subout=fcdf23fe, shiftrows=fefcdf23,key=00001001110011110100111100111100,datain=11100000 001101110000011100110100 330subin=263de8fd, subout=f7279b54, shiftrows=fefcdf23,key=00001001110011110100111100111100,datain=11100000 001101110000011100110100 340subin=0e4164d2, subout=ab8343b5, shiftrows=ab8343b5,key=00001001110011110100111100111100,datain=11100000 001101110000011100110100 350subin=2eb7728b, subout=31a9403d, shiftrows=a9403d31,key=00001001110011110100111100111100,datain=11100000 001101110000011100110100 Subbyte Values after Eighth Round 360subin=177da925, subout=f0ffd33f, shiftrows=d33ff0ff,key=00001001110011110100111100111100,datain=11100000 001101110000011100110100 370subin=5a19a37a, subout=bed40ada, shiftrows=dabed40a,key=00001001110011110100111100111100,datain=11100000 001101110000011100110100 380subin=4149e08c, subout=833be164, shiftrows=dabed40a,key=00001001110011110100111100111100,datain=11100000 001101110000011100110100 390subin=42dc1904, subout=2c86d4f2, shiftrows=2c86d4f2,key=00001001110011110100111100111100,datain=11100000 001101110000011100110100 Subbyte Values after Ninth Round 400subin=b11f650c, subout=c8c04dfe, shiftrows=c04dfec8,key=00001001110011110100111100111100,datain=11100000 001101110000011100110100 48 410subin=ea046585, subout=87f24d97, shiftrows=4d9787f2,key=00001001110011110100111100111100,datain=11100000 001101110000011100110100 420subin=83455d96, subout=ec6e4c90, shiftrows=90ec6e4c,key=00001001110011110100111100111100,datain=11100000 001101110000011100110100 430subin=5c3398b0, subout=4ac346e7, shiftrows=90ec6e4c,key=00001001110011110100111100111100,datain=11100000 001101110000011100110100 Subbyte Values after Final Round 440subin=f02dadc5, subout=8cd895a6, shiftrows=8cd895a6,key=00001001110011110100111100111100,datain=11100000 001101110000011100110100 450subin=eb598b1b, subout=e9cb3daf, shiftrows=cb3dafe9,key=00001001110011110100111100111100,datain=11100000 001101110000011100110100 460subin=402ea1c3, subout=0931322e, shiftrows=322e0931,key=00001001110011110100111100111100,datain=11100000 001101110000011100110100 470subin=f2381342, subout=89077d2c, shiftrows=2c89077d,key=00001001110011110100111100111100,datain=11100000 001101110000011100110100 480subin=1e84e7d2, subout=725f94b5, shiftrows=2c89077d,key=00001001110011110100111100111100,datain=11100000 001101110000011100110100 $finish at simulation time 2000 V C S S i m u l a t i o n R e p o r t Time: 2000 CPU Time: 0.010 seconds; Data structure size: 0.0Mb Mon May 3 12:05:12 2010 Shiftrow results Chronologic VCS simulator copyright 1991-2005 Contains Synopsys proprietary information. Compiler version Y-2006.06-SP1; Runtime version Y-2006.06-SP1; 02:13 2010 Subbyte Values after First Round VCD+ Writer Y-2006.06-SP1 Copyright 0subin=19a09ae9, 10subin=3df4c6f8, 20subin=e3e28d48, Subbyte Values after Second Round 30subin=be2b2a08, 40subin=a4686b02, May 3 2005 Synopsys Inc. subout=d4e0b81e, shiftrows=d4e0b81e subout=27bfb441, shiftrows=bfb44127 subout=11985d52, shiftrows=5d521198 subout=aef1e530, shiftrows=30aef1e5 subout=49457f77, shiftrows=30aef1e5 49 50subin=9c9f5b6a, subout=dedb3902, shiftrows=dedb3902 60subin=7f35ea50, subout=d2968753, shiftrows=968753d2 Subbyte Values after Third Round 70subin=f22b4349, subout=89f11a3b, shiftrows=1a3b89f1 80subin=aa618268, subout=acef1345, shiftrows=45acef13 90subin=8fddd232, subout=73c1b523, shiftrows=45acef13 100subin=5fe34a46, subout=cf11d65a, shiftrows=cf11d65a Subbyte Values after Fourth Round 110subin=03efd29a, subout=7bdfb5b8, shiftrows=dfb5b87b 120subin=48674dd6, subout=5285e3f6, shiftrows=e3f65285 130subin=6c1de35f, subout=50a411cf, shiftrows=cf50a411 140subin=4e9db158, subout=2f5ec86a, shiftrows=cf50a411 Subbyte Values after Fifth Round 150subin=ee0d38e7, subout=28d70794, shiftrows=28d70794 160subin=e0c8d985, subout=e1e83597, shiftrows=e83597e1 170subin=9263b1b8, subout=4ffbc86c, shiftrows=c86c4ffb 180subin=7f6335be, subout=d2fb96ae, shiftrows=aed2fb96 Subbyte Values after Sixth Round 190subin=e8c05001, subout=9bba537c, shiftrows=aed2fb96 200subin=f1c17c5d, subout=a178104c, shiftrows=a178104c 210subin=0092c8b5, subout=634fe8d5, shiftrows=4fe8d563 220subin=6f4c8bd5, subout=a8293d03, shiftrows=3d03a829 Subbyte Values after Seventh Round 230subin=55ef320c, subout=fcdf23fe, shiftrows=fefcdf23 240subin=263de8fd, subout=f7279b54, shiftrows=fefcdf23 250subin=0e4164d2, subout=ab8343b5, shiftrows=ab8343b5 260subin=2eb7728b, subout=31a9403d, shiftrows=a9403d31 Subbyte Values after Eighth Round 270subin=177da925, subout=f0ffd33f, shiftrows=d33ff0ff 280subin=5a19a37a, subout=bed40ada, shiftrows=dabed40a 290subin=4149e08c, subout=833be164, shiftrows=dabed40a 300subin=42dc1904, subout=2c86d4f2, shiftrows=2c86d4f2 Subbyte Values after Ninth Round 310subin=b11f650c, subout=c8c04dfe, shiftrows=c04dfec8 320subin=ea046585, subout=87f24d97, shiftrows=4d9787f2 330subin=83455d96, subout=ec6e4c90, shiftrows=90ec6e4c 340subin=5c3398b0, subout=4ac346e7, shiftrows=90ec6e4c Subbyte Values after Final Round 350subin=f02dadc5, subout=8cd895a6, shiftrows=8cd895a6 360subin=eb598b1b, subout=e9cb3daf, shiftrows=cb3dafe9 370subin=402ea1c3, subout=0931322e, shiftrows=322e0931 380subin=f2381342, subout=89077d2c, shiftrows=2c89077d 390subin=1e84e7d2, subout=725f94b5, shiftrows=2c89077d $finish at simulation time 500 V C S S i m u l a t i o n R e p o r t Time: 500 CPU Time: 0.020 seconds; Data structure size: 0.0Mb Mon May 3 02:13:07 2010 50 Sub-byte results Chronologic VCS simulator copyright 1991-2005 Contains Synopsys proprietary information. Compiler version Y-2006.06-SP1; Runtime version Y-2006.06-SP1; 01:39 2010 Subbyte Values after First Round VCD+ Writer Y-2006.06-SP1 Copyright 0subin=xxxxxxxx, 10subin=19a09ae9, 20subin=3df4c6f8, 30subin=e3e28d48, Subbyte Values after Second Round 40subin=be2b2a08, 50subin=a4686b02, 60subin=9c9f5b6a, 70subin=7f35ea50, Subbyte Values after Third Round 80subin=f22b4349, 90subin=aa618268, 100subin=8fddd232, 110subin=5fe34a46, Subbyte Values after Fourth Round 120subin=03efd29a, 130subin=48674dd6, 140subin=6c1de35f, 150subin=4e9db158, Subbyte Values after Fifth Round 160subin=ee0d38e7, 170subin=e0c8d985, 180subin=9263b1b8, 190subin=7f6335be, Subbyte Values after Sixth Round 200subin=e8c05001, 210subin=f1c17c5d, 220subin=0092c8b5, 230subin=6f4c8bd5, Subbyte Values after Seventh Round 240subin=55ef320c, 250subin=263de8fd, 260subin=0e4164d2, 270subin=2eb7728b, Subbyte Values after Eighth Round 280subin=177da925, 290subin=5a19a37a, 300subin=4149e08c, 310subin=42dc1904, Subbyte Values after Ninth Round 320subin=b11f650c, 2005 Synopsys Inc. subout=xxxxxxxx subout=d4e0b81e subout=27bfb441 subout=11985d52 subout=aef1e530 subout=49457f77 subout=dedb3902 subout=d2968753 subout=89f11a3b subout=acef1345 subout=73c1b523 subout=cf11d65a subout=7bdfb5b8 subout=5285e3f6 subout=50a411cf subout=2f5ec86a subout=28d70794 subout=e1e83597 subout=4ffbc86c subout=d2fb96ae subout=9bba537c subout=a178104c subout=634fe8d5 subout=a8293d03 subout=fcdf23fe subout=f7279b54 subout=ab8343b5 subout=31a9403d subout=f0ffd33f subout=bed40ada subout=833be164 subout=2c86d4f2 subout=c8c04dfe May 3 51 330subin=ea046585, subout=87f24d97 340subin=83455d96, subout=ec6e4c90 350subin=5c3398b0, subout=4ac346e7 Subbyte Values after Final Round 360subin=f02dadc5, subout=8cd895a6 370subin=eb598b1b, subout=e9cb3daf 380subin=402ea1c3, subout=0931322e 390subin=f2381342, subout=89077d2c 400subin=1e84e7d2, subout=725f94b5 $finish at simulation time 500 V C S S i m u l a t i o n R e p o r t Time: 500 CPU Time: 0.020 seconds; Data structure size: Mon May 3 01:39:48 2010 0.0Mb 52 REFERENCES [1] HART Communication Foundation http://www.hartcomm.org/ (2010-03-17) [2] W. Simpson, “PPP in HDLC Framing”. Network Working Group, Request for Comments (RFC): 1549; December 1993 [3] Morris Dworkin, “Recommendation for Block Cipher Modes of Operation: The CCM Mode for Authentication and Confidentiality”. NIST Special Publication 80038C; NIST Technology Administration, US Department of Defense. [4] Frequency Hopping Spread Spectrum (FHSS) http://en.wikipedia.org/wiki/Frequency- hopping_spread_spectrum (2010-03-04) [5] Jianping Song, et al., “WirelessHART: Applying Wireless Technology in Real-Time Industrial Process Control”. IEEE Real-Time and Embedded Technology and Applications Symposium, DOI 10.1109/RTAS.2008.15 [6] Yih-Chun Hu, et al., “Wormhole Attacks in Wireless Networks”. IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, VOL. 24, NO. 2, FEBRUARY 2006. [7] Christopher Alberts, at al., “Managing Information Security Risks: The OCTAVE Approach”., Addison Wesley July 09, 2002 (ISBN: 0-321-11886-3) [8] Hiran Kumar, et al., “Security Threats in Wireless Sensor Networks”. IEEE A&E Systems Magazine, June 2008. [9] William Stallings, Data and Computer Communications, 8th Edition. Page 713 53 [10] Leung C, “Evaluation of the Undetected Error Probability of Single Parity-Check Product Codes”. IEEE Transactions on Communications- vol. 31 No. 2 page 250253 (1983) [11] J. R. Douceur, “The Sybil Attack”. Proceedings of the 1st International workshop on Peer- To-Peer Systems (IPTPS), March 2002 [12] Announcing the ‘ADVANCED ENCRYPTION STANDARD (AES)’, Federal Information, Processing Standards Publication 197, November 26, 2001 [13] A Complete WirelessHART Network, Jianping Song, Song Han, Xiuming Zhu, Al Mok, Deji Chen, Mark Nixon [14] “The Official source for HART communication technology”, HCF_LIT-89 May 2007 [15] C. Sanchez – Avila and R. Sanchez Reillo, “The Rijndael Block Cipher (AES Proposal): A comparison with DES, IEEE 2001 [16] Anna N. Kin, Fredrik Hekland, Stig Petersen and Paula Doyle, “When HART Goes Wireless: Understanding and Implementing the WirelessHART Standard”, IEEE 2008 [17] “HART: An introduction for users and manufacturers”, revised on oct-1995. [18] “Hart application guide”, HCF_LIT-34 1999. [19] Shahid Raza, Adriaan Slabbert, Thiemo Voigt, “Security Consideration for the WirelessHART Protocol” IEEE April, 2009.
