Encryption / Decription on FPGA Using AES (Advances Encryption

advertisement
Encryption Development
System
Project Part A Characterization
Written by: Yaakov Levenzon
Ido Kahan
Advisor:
Mony Orbach
Spring Semester 2012
The Problem
We carry sensitive information with us, to practically everywhere…
Where is it?!
Our Solution
• The cyclone II FPGA is fast and quite strong, thus making the
Encryption/Decryption process fast, and usable for different needs .
• Easy to use: the entire process is invisible for the customer, which makes it easy
and intuitive to use , just as using a regular disk-on-key (without the difficulty of
technical details and the lack of skill).
• The level of encryption is strong and changeable.
The method of block cipher AES (Advanced Encryption Standard) is, De Facto,
used by the U.S Government and the private sector.
Project Goals
Primary Goal:
• Creating a complete system which encrypts and deciphers files and
transfers them to a disk-on-key, by Implementing a symmetric block
cipher/decipher module on DE2 Board.
Didactic Goals:
• Understanding and developing ways of communication between the PC
and the DE2 board and its internal memory.
• Understanding and implementing the Nios ІІ embedded processor, and
transfer data by utilizing the Avalon bus.
The DE2 Board
Working Environment
• Design, synthesis and P&R – Quartus
• Simulation – Modelsim
• Debugging – Modelsim
• Debugging on the chip – SignalTap
Architecture
Host
DMA
Nios II
AES
AES
AVALON
P
C
USB
USB
PHY &
MAC
USB
CTRL
Unencrypted
Memory
Encrypted
Memory
FPGA
DE2
USB
CTRL
USB
PHY &
MAC
Disc
on
key
Block Diagram - Writing
Sending
words
FPGA
Cable USB
PC
PC
Nios
Nios
Words by
USB protocol
FPGA Memory
AES Block
Encrypting
words
Words on
AVALON bus
Nios
Encrypted
words
FPGA Memory
Nios Unencrypted
words
Block Diagram - Reading
Sending
request
FPGA
Cable USB
PC
PC
Nios
Request by
USB protocol
Nios
Nios
Nios
Unencrypted
words
Reading
encrypted
words
Cable USB
FPGA Memory
AES Block
Decrypting
Request on
AVALON bus
FPGA Memory
Nios
Words by
USB protocol
PC
Nios II
Nios II/s Core – the best of two worlds
•
Can access up to 2 GB of external address space
• Has instruction cache but no data cache
• Has Brunch Prediction
• Five stage pipeline
USB host and device CTRL
Avalon Bus
Several signals:
Clk
Read
Write
Data :
1-32
We will use: 32 (g)
Address: 1-32
We will use: 14 (g)
Planning ahead…
• The first part is only a preparation for the AES system
• Generic design
• Improving the current system (Example: unused address lines)
• Using (or creating?) a small File System for writing and reading files
from external memories, for example: Flash memory (disk-on-key), SD-card etc.
• Final product: a complete system which can solve the problem
• Opening (and selling…) a start up! 
Project Timetable
task name
duration
Reading materials
Reading materials
Reading materials
Characterization
1 weeks
1 weeks
1 weeks
1 weeks
VHDL code writing:
Data untill Avalon
Others Components
Top level
6 weeks
2 weeks
2 weeks
2 weeks
1 weeks
Mid presentation
Verification and Debugging
Final report
Final presentation
3 weeks
7 weeks
1 weeks
26/3 2/4 9/4 16/4 23/4 30/4 7/5 14/5 21/5 28/5 4/6 11/6 18/6 25/6
30/7 6/8 13/8 20/8
E
X
A
M
Enigma:
Encryption & Decryption System
Project Part B Characterization
Written by: Yaakov Levenzon
Ido Kahan
Advisor:
Mony Orbach
Winter Semester 2013
The Problem
We carry sensitive information with us, to practically everywhere…
Where is it?!
What has we done so far?
FPGA Encryption/Decryption Verification System
Top Level:
FSM
Fifo_in controller
Encrypt_sys
Nios
Fifo_out
Problems with previous encryptions systems
• AES - Same bank of Keys every time
• AES – Use of limited FPGA resources
• Repeated patterns makes it easy to decipher
Our Solution
• The original Enigma machine:
In our systems:
• More characters
• More combinations
• Start position to the ASCII table.
• Every day -> different key.
Project Goals
Primary Goal:
• Creating a complete system which encrypts and deciphers files by using
the method of the famous “Enigma” machine, while following the
instructions of our part A system.
Didactic Goals:
• Dealing with a design and implementation of a complete
encryption/decryption system, thus strengthening our VHDL skills.
• Implementing the Enigma system into our architecture (while using its
generic ability to modify it for working with streams of data).
Our System’s Data Sheet
• Maximum possible Encryption/Decryption memory size: 221696 bits
(46% of DE2 board)
(Recommended size – for 85% capacity: 149120 bits)
• Maximum possible Encryption/Decryption number of LE: 32645
• Key Size: 128 bits (Generic Design)
• Data width: 128 bits (Generic Design)
• System speed: 1 MBPS (dictated by the DLP module)
• DLP FIFO size: 1024 bits
• DLP FIFO Speed: 384 byte Transmit buffer / 128 byte receive buffer
Working Environment
• Design, synthesis and P&R – Quartus
• Simulation – Modelsim
• Debugging – Modelsim
• Debugging on the chip – SignalTap
Architecture – High Level
Host
controller
USB
P
C
Nios II
AVALON
DLP
In_Data
FIFO
8->128
ENIGMA
Encryption/
System
Decryption
FPGA
DE2
Out_Data
FIFO
128->8
The Algorithm – step 1
First rotor
0x02, 0x02
PC
0x01
0x02
0x03
0x04
0xA2
0x4B
0x67
0x89
0x4B, 0xA2
1
0xFF 0xAC
ASCII
table
First key
Encryption Data Flow – step 2
First rotor
0x02, 0x02
PC
0x01
0x02
0x03
0x04
0xA2
0x4B
0x67
0x89
Second rotor
Ox4B, OxA2
0x01
0x02
0x03
0x04
0x14
0x98
0x76
0x94
1
0x01
0x02
0x03
0x04
0x23
0x55
0x09
0x11
1/2
0xFF 0xAC
0xFF
ASCII
table
ASCII
table
Key A
Third rotor
0xE1
Key B
Encrypted
data
PC
1/3
0xFF 0x2B
ASCII
table
Key C
Keys – step 3
256*3=768
31
0x28 0xA2 0x43 0x54 0x23 0x68........0x85
0x43 0x12 0x04 0x78 0x38 0x74........0x13
0xF2 0x55 0xD5 0xA8 0x1A 0x3C........0xEC
0x98 0x17 0x89 0xD2 0x3B 0x23........0x9F
PC
RAM
• Every rotor receives different key
• The keys will be changed every day
• The keys file will be saved in a safe file
First rotor
Second rotor
Third rotor
The First Position – step 4
• Another level of security
• Every rotor have a different first-position
• The first-positions will be changed every day
a rotor
0x01
0x02
0x03
0x04
a rotor
Promote 2 steps
0xFE
0xFF
0x01
0x02
0xFF
0xFD
ASCII
table
ASCII
table
First Positions For The Rotors – step 5
3
31
5
46
54
76
8
89
23
55
34
12
83
23
PC
RAM
• Another level of security
• Every rotor have a different first-position
• The first-positions will be changed every day
• Two separated files: keys and positions
First rotor
Second rotor
Third rotor
Decryption Algorithm
• The encryption-system is symmetrical as the Enigma machine.
• Should use the same keys, same positions for the keys and the same rotor-positions.
First rotor
0x01
0x02
0x03
0x04
0xA2
0x4B
0x67
0x89
0xFF 0xAC
ASCII
table
First key
Decryption Algorithm
First rotor
0x4B, 0xA2
PC
Encrypted
data
0xA2
0x4B
0x67
0x89
0x01
0x02
0x03
0x04
0x02, 0x02
1
0xAC
First key
0xFF
ASCII
table
Decryption Data Flow
Third rotor
PC
Encrypted
data
0x23
0x55
0x09
0x11
Second rotor
0x14 0x01
0x98 0x02
0x76 0x03
0x94 0x04
0x01
0x02
0x03
0x04
Key C
0xFF
ASCII
table
Ox4B, OxA2
0xA2
0x4B
0x67
0x89
0x01
0x02
0x03
0x04
0xE1 0xFF
0xAC
Key B
Key A
ASCII
table
0x02, 0x02
PC
1
1/2
1/3
0x2B
First rotor
0xFF
ASCII
table
Another element of complexity
• Using hopping method to determine how much the rotor will spin in every
char encryption cycle.
Both ends of the communication will know the function ahead so there is
no need to send data for this method (less use of FPGA memory
resources).
• The function we will use will be a generation of Fibonacci sequence, with
randomly chosen start conditions (we will need 2 random integers,
different ones for each rotor).
Top Level – part B
GUI for the user
RAM
key
keys file
positions file
date
DLP
mux
Rotor A
Rotor
RotorAA
Send data file
send text
RX text
RAM
Firstposition
Project Timetable
task name
Reading materials
Characterization
duration
1 weeks
1 weeks
VHDL code writing:
encryption
Mid presentation
decryption
8 weeks
5 weeks
1 weeks
3 weeks
Verification and
Debugging
Final report
Final presentation
3 weeks
21/10 28/10
4/11 11/11 18/11 25/11 2/12 9/12 16/12 23/12 30/12 6/1
13/1 20/1
27/1
3/2
E
X
A
M
7 weeks
1 weeks
Until the middle-presentation in the next month – encryption data flow should be ready to synthesis.
Validation system written in C by Golden Model.
Download