DECRYPTION OF SECURITY SYSTEM FOR A DATA-LINK LAYER IN
WIRELESSHART
Krishna Madduri
B.Tech., Jawaharlal Nehru Technological University, India, 2006
Prashanth Reddy Jonnalagadda
B.Tech., Jawaharlal Nehru Technological University, India, 2007
PROJECT
Submitted in partial satisfaction of
the requirements for the degree of
MASTER OF SCIENCE
in
ELECTRICAL AND ELECTRONIC ENGINEERING
at
CALIFORNIA STATE UNIVERSITY, SACRAMENTO
SUMMER
2010
DECRYPTION OF SECURITY SYSTEM FOR A DATA-LINK LAYER IN
WIRELESSHART
A Project
by
Krishna Madduri
Prashanth Reddy Jonnalagadda
Approved by:
________________________________, Committee Chair
John.C.Balachandra, Ph.D.
________________________________, Second Reader
Russ Tatro, M.S.
_________________________
Date
ii
Students:
Krishna Madduri
Prashanth Reddy Jonnalagadda
I certify that these students have met the requirements for format contained in the
University format manual, and that this project is suitable for shelving in the Library and
credit is to be awarded for the project.
________________________, Department Chair
Suresh Vadhva, Ph.D.
Department of Electrical and Electronic Engineering
iii
_________________________
Date
Abstract
of
DECRYPTION OF SECURITY SYSTEM FOR A DATA-LINK LAYER IN
WIRELESSHART
by
Krishna Madduri
Prashanth Reddy Jonnalagadda
WirelessHART (Wireless Highway Addressable Remote Transducer) is a secured mesh
networking technology based on Time Division Multiple Access (TDMA). The operating
speed of a WirelessHART network is 2.4 GHz. The specifications in the WirelessHART
have been organized well, but security standards are loosely defined. In order to design a
standard security system we incorporate automatic key management system which
generates various keys to shield the data-link layer. The primary goal of the project is to
design a decryption function that receives the transmitted data in the network and
decrypts it to the device usable format using the AES algorithm designed in Verilog.
Decryption is done to compliment the encryption process; this gives us back the original
data. The project report includes mesh security aspects, keying for security system
design, network threats, Verilog coding and simulation of the design.
________________________________, Committee Chair
John.C.Balachandra, Ph.D.
_________________________
Date
iv
ACKNOWLEDGEMENT
Firstly, we would like to thank Professor Dr. John C Balachandra for giving us an
opportunity to do this project. His continuous support was the main thing that helped us
develop immense interest on the project that led to designing a new security system for
one of the emerging technologies. Dr. Balachandra helped us by providing many sources
of information that we needed from beginning of the project till the end. He was always
there to meet, talk and answer the questions that we came across during the project.
Special thanks to our advisor Dr. Suresh Vadhva for helping us complete the writing of
this dissertation, without his encouragement and constant guidance we could not have
finished this report.
We would also like to acknowledge and thank Professor Russ Tatro, Faculty Member,
EEE department for being part of the review committee and extending his guidance for
better formulation of our project. We also thank him for his review and comments on the
project report.
We also thank all our friends and Electrical engineering department who helped us to
complete our project work successfully. Without any of the above-mentioned people the
project would not have come out the way it did. Thank you all.
v
TABLE OF CONTENTS
Page
Acknowledgment .......................................................................................................... v
List of Tables .............................................................................................................. ix
List of Figures ............................................................................................................... x
Chapter
1. INTRODUCTION ...................................................................................................1
2. HART AND WIRELESSHART............................................................................. 3
2.1 Structure of HART Protocol ........................................................................ 3
2.1.1 Physical Layer .................................................................................... 3
2.1.2 Data-link Layer .................................................................................. 3
2.1.3 Network Layer ................................................................................... 4
2.1.4 Transport Layer .................................................................................. 4
2.1.5 Application Layer .............................................................................. 4
2.2 Introduction to WirelessHART ....................................................................4
2.3 Structure of WirelessHART Protocol ........................................................ 7
2.3.1 Physical Layer .....................................................................................8
2.3.2 Data-link Layer .................................................................................. 9
2.3.3 Network Layer ................................................................................. 10
2.3.4 Transport Layer ................................................................................ 11
2.3.5 Application Layer ............................................................................ 11
3. KEYING IN WIRELESSHART........................................................................... 13
3.1 Types of Keys .......................................................................................... 14
3.1.1 Join Key ......................................................................................... 14
3.1.2 Session Key...................................................................................... 14
vi
3.1.3 Network Key .................................................................................... 15
3.1.4 Handheld Key .................................................................................. 16
3.1.5 Well-known Key .............................................................................. 16
3.2 Key Management ...................................................................................... 17
3.2.1 Key Generation ................................................................................ 17
3.2.2 Key Storage ...................................................................................... 17
3.2.3 Key Distribution............................................................................... 18
3.2.4 Key Renewal .................................................................................... 18
3.2.5 Key Revocation ................................................................................ 19
3.2.6 Key Vetting ...................................................................................... 19
4. ADVANCED ENCRYPTION STANDARD ....................................................... 20
4.1 Why Is AES Used? ................................................................................... 22
4.2 Decryption Implementation ...................................................................... 23
4.3 Data Decryption .........................................................................................25
4.3.1 Inverse Shift-Rows Transform ......................................................... 25
4.3.2 Inverse Sub-Bytes Transform .......................................................... 26
4.3.3 Inverse Mix-Column Transform ...................................................... 27
4.3.4 Inverse Add Round Key Transform ................................................. 28
5. DESIGN AND IMPLEMENTATION ....................................................................29
5.1 Assumptions and Specifications ............................................................... 29
5.2 Tools, Languages and Environments Used ............................................... 30
5.3 Virtex FPGA Features ............................................................................... 31
5.4 Project Design Flow ................................................................................... 32
5.4.1 Block Diagram ................................................................................. 32
5.4.2 Finite State Machine (FSM) for Data Decryption ............................34
vii
5.4.3 Simulation ........................................................................................35
5.4.4 Synthesis ..........................................................................................37
5.4.5 Configuration ...................................................................................40
6. CONCLUSION ..................................................................................................... 42
Appendix A Simulation Results ................................................................................. 44
References .................................................................................................................. 48
viii
LIST OF TABLES
Page
Table 3.1 Key Distribution Commands .......................................................................18
Table 4.1 Different Types of Key Sizes...................................................................... 21
ix
LIST OF FIGURES
Page
Figure 2.1 Wireless Mesh Network .............................................................................. 6
Figure 2.2 Layers in WirelessHART ........................................................................... 8
Figure 4.1 Architecture of Data Decryption ............................................................... 24
Figure 4.2 Inverse Shift Rows Transform Circular Right Shift .................................. 26
Figure 4.3 AES Specified Inverse Substitution Matrix .............................................. 27
Figure 4.4 AES Standard Matrix for Inverse Mix-column Transforms...................... 28
Figure 5.1 Virtex Board .............................................................................................. 30
Figure 5.2 Block Diagram for Decryption .................................................................. 33
Figure 5.3 Finite State Machine for Decryption ..........................................................34
Figure 5.4 Output of Inverse Sub-byte Matrix............................................................ 35
Figure 5.5 State Machine Waveforms .........................................................................36
Figure 5.6 Inverse Substitution Matrix ........................................................................37
Figure 5.7 Script for Importing Synopsys Libraries ...................................................38
Figure 5.8 Synthesized Gate Level Output ..................................................................39
Figure 5.9 Synthesized Gate Level Output (zoomed) .................................................39
Figure 5.10 Properties of FPGA .................................................................................40
Figure 5.11 Design Summary ......................................................................................41
x
1
Chapter 1
INTRODUCTION
WirelessHART contains three layers which participate actively while doing
communication, in which Data Link Layer plays an important role. Data link layer
controls the security system and it is responsible for encryption and decryption. Our aim
in this project is to design an algorithm in Verilog HDL which decrypts the received data.
We are using the Advanced Encryption Standard (AES) to decrypt the data in a
WirelessHART network. AES is a part of the Data-link layer of the WirelessHART
network. This algorithm generates the coding keys that are necessary for the decryption
of data in the receiver. Our main focus is on the security of the Data-link layer; this is
because Data-link layer is the most important layer in the WirelessHART network. The
Data-link layer is responsible for secure, reliable and error free communication of the
data between the devices in WirelessHART network, it is used to provide security within
the network.
Verilog hardware descriptive language is used to implement the algorithm because it is
very convenient to change or modify the program later, may it be the logic or addition of
extra modules to strengthen security. Another reason for preferring Verilog is that we
can design the logic for other devices in the system or network and tie them all together.
A control system or a host application controls all the devices in a network; programming
2
the hardware can control the entire automatic operations that can be done by using
Verilog.
Understanding the architecture and behavior of the WirelessHART network and
providing security using AES is all that we do in this project. The chapter 1 is an
introduction to WirelessHART and its security.
Chapter 2 gives the background
knowledge WirelessHART, modes of operation and their architecture. Chapter 3 looks at
the keying in WirelessHART, i.e. the types of keys and key management. Finally chapter
4 details the how we use the AES to provide security, how AES is implemented and the
different states that occur which form the base for implementing the algorithm in Verilog.
3
Chapter 2
HART AND WIRELESSHART
2.1 Structure of HART Protocol:
The HART protocol is designed based on the Open System Interconnection (OSI) 7-layer
model; the OSI model provides the structure of basic communication system. Though it
is said to use the OSI model the HART protocol structure is a minimized OSI model
having only few main layers.
2.1.1 Physical Layer: It is designed based on the Bell 202 standard. It uses the FSK
principle to communicate with other devices. The physical layer supports an analog and
multiple digital signals simultaneously without any interference. There are two signal
frequencies 2200 and 1200Hz corresponding to bit values 1 and 0 (shown in figure 2.1).
2.1.2 Data-link Layer: Data-link layer is responsible for all the communications
between the devices present in the system; there can be one or two masters in a system
that communicates with the field devices to perform various tasks, and any number of
field devices can be present based on the complexity of the system. Data-link layer is
secured by providing intrinsic safety devices built in the system itself, which is very
necessary as it is the main layer of all.
4
2.1.3 Network Layer: As the name suggests this layer provides routing, transport of the
data and security. This layer is responsible for managing end-to-end communication
sessions between corresponding devices.
2.1.4 Transport Layer: This layer makes sure that all the data successfully travels from
device to device. It can also be used for checking the status of a successful data transfer.
2.1.5 Application Layer: It defines the commands (e.g. read, write), data types, status
reporting and the responses of the devices. The commands are classified as a) Universal
commands b) Common practice commands c) Device specific commands d) Device
family commands.
2.2 Introduction to WirelessHART:
WirelessHART is a secure and TDMA-based wireless mesh networking technology
operating in the 2.4 GHz ISM radio band [13].
WirelessHART
was
specifically
designed
for
Unlike other wireless protocols,
process
control
applications.
WirelessHART is first open standard for automation industry specified by HART
Communication Foundation (HCF) and approved by IEC was officially released in
September 2007.
Before the advent of WirelessHART there have been several
technologies such as Bluetooth, WI-FI and Zigbee. However, these technologies failed to
meet the requirements of automation industry standards because wireless devices should
be able to get updates from sensors every second. Neither Zigbee nor Bluetooth can
update from sensors this quick [5]. Zigbee specification has low transmission rate, low
5
power wireless and has no built-in channel hopping technique, thus would surely fail in
automation environment. Bluetooth assumes quasi-static star network, which is not
scalable enough to be used in large process control systems. WirelessHART is
specifically designed to solve these problems and provide a complete solution for process
control applications [5].
With the release of version 7.0 of the HART protocol referred as WirelessHART,
vendors showed greater interest in developing different products based on this protocol.
WirelessHART is a secure and robust mesh networking technology and also backward
compatible with existing HART devices. The WirelessHART is user friendly, reliable
and interoperable wireless mesh sensor protocol [14]. In Wireless Mesh Network
(WMNs) all devices acts like router that in turn provides multiple network paths for
communication. In each wireless device there should be at least two connected neighbors
that can route traffic. The WMNs are combination of ad hoc and sensor networks where
sensor nodes act as router and hence support multi-hopping. Wireless mesh nodes are
easy to install, making the network extremely adaptable and expandable as more or less
coverage is needed. More nodes means bigger and faster network.
6
Figure 2.1 - Wireless Mesh Network [14]
Figure 2.1 shows how WirelessHART devices are connected with each other; it consists
of five core devices. The wireless sensor devices that are connected to actual processes
are called Field devices. An access point that connects wireless network with plant
automation network is called Gateway. These gateways are responsible for enabling the
communication between host applications and field devices.
Network manager is
responsible for configuration of the network, scheduling communication between
WirelessHART devices; there must be only one active network manager per
WirelessHART network. Adaptors are used to connect existing wired HART to
7
WirelessHART devices. Handheld devices can be connected with any field device and is
normally used for network monitoring.
2.3 Structure of WirelessHART Protocol:
WirelessHART architecture is similar to the seven layered OSI model with some
extensions for more security and reliability. WirelessHART is command oriented; this
means all the messages are combinations of commands that flows through the network.
WirelessHART protocol is self-healing and self organized, devices are able to find
neighbors and establish network by getting channel hopping and measuring signal
strength.
8
Figure 2.2 – Layers in WirelessHART [5]
All the data transmitting through WirelessHART is well defined and is highly secured.
AES-128 (Advanced Encryption Standard) is used for encrypting the data. Figure 2.2
shows different layers in WirelessHART which looks similar to seven layered OSI except
for the presentation and session layers.
2.3.1 Physical Layer: The WirelessHART physical layer is based mostly on the IEEE
STD 802.15-2006 2.4GHz DSSS physical layer. This layer defines radio characteristics,
such as the signaling method, signaling strength, and device sensitivity. WirelessHART
operates in 2400-2483.5MHZ license free ISM band with a data rate of up to 250Kbits/s.
9
Its channels are numbered from 11 to 26, with a 5MHz gap between two adjacent
channels. Modulation used in this layer is Quadrature Phase Shift Keying (QPSK) with
direct sequence spread spectrum [5]. WirelessHART requires that the expected indoor
communications distance should be 35 meters with 0dBm transmitter and 75 meters with
the transmit power of 10dBm and also it is adjustable in discrete steps.
2.3.2 Data-link Layer: Data-link layer is responsible for secure, reliable, error free
communication of data between HART compatible devices. For collision free
communication, WirelessHART uses Time Division Multiple Access (TDMA) and
channel hopping. A series of time slots form a TDMA superframe, superframe is
periodical with total length of the member slots as the period. Communication in a
WirelessHART network is defined through the superframe, timeslots and wireless links.
WirelessHART defines a strict 10ms time slot and utilizes TDMA technology to provide
collision free and deterministic communications. All superframes in a WirelessHART
network start from the ASN (Absolute Slot Number) 0; it is the time when the first
network is created. Each superframe repeats itself along the time base on its period, one
superframe is always enabled while additional superframes can be enabled or disabled.
Superframe length is fixed when it is active and length can be modified when inactive.
All devices support multiple superframes with differing numbers of timeslots to allow
mixing of fast, slow, cyclic and acyclic network traffic.
Communication occurs in
designated timeslot and frequency channel for that message [16].
10
Each device supports a class of data units and these units again have different priorities.
Commands that include control, configuration information and network related
diagnostics are classified to have high priority. The low priority packets belong to ‘alarm’
class that contains only alarm and event payload. All other packets are then grouped into
the ‘normal’ class. Priority classification is useful for flow control, which decides how
many of which type of packets can be buffered at a relay device.
2.3.3 Network Layer: WirelessHART uses mesh communication technology, so each
WirelessHART device must be able to forward packets on behalf of other devices. Two
types of routing are supported first one is graph routing and second is source routing. All
devices must support both graph and source routing. A graph is a collection of paths that
connect network nodes; a path in each graph is explicitly created by the network manager
and downloaded to each individual network device. To send a packet, the source device
writes a specific graph ID in the network header. All the network devices on the way to
the destination must be pre-configured with graph information that specifies the
neighbors to whom the packets may be forwarded. Source routing is a supplement of the
graph routing aiming at network diagnostics. To send a packet to its destination, the
source device includes in the header an ordered list of devices through which the packet
must travel. As the packet is routed, each routing device utilizes the next network device
address in the list to determine the next hop until the destination device is reached [5].
2.3.4 Transport Layer:
Transport layer provides end-to-end acknowledgement
communication, which does automatic retries to confirm successful data transfer. This is
11
a thin layer in WirelessHART that ensures reliable data transmission. A unique feature of
this layer is block data transfer mechanism. It sets up a connection oriented
communication link between the host application and the field devices. The host
application can configure the slave device by opening a port onboard the device using a
HART command. The port specifications are also part of the WirelessHART standard.
Once the port is opened, transmission rate between the device and host application is
negotiated with the network manager to maximize throughput. The block data transfer is
required for reliability and end-to-end acknowledgement is necessary to keep track of the
data stream. This may call for the network manager to update its routing and scheduling
plan to provide the necessary priority. Transport layer is responsible for continuously
monitoring the neighbor devices. Devices listen for new neighbors and report if they
discover a new neighbor. Each device maintains statistics on communication with other
devices like received signal level and packet count.
2.3.5 Application Layer: Application layer is the top-most layer in architecture,
WirelessHART uses the standard HART application layer, which is command based.
Universal, device family and wireless commands are specified in application layer.
Communication between devices and gateway is based on commands and responses. The
application layer is responsible for parsing the message content, extracting the command
number, executing the specified command, and generating responses. Several new
features were added to new version of WirelessHART for better wireless communication
and to enhance wired HART capabilities like:
12
1) Smart data publishing to generate process data messages only when needed.
2) Process values published based on time, variation of signal, or crossing a userdefined threshold.
3) Measurements can be triggered at specific time allowing synchronized operation
across multiple devices.
4) Command aggregations enable multiple read commands in one transaction for
faster configuration uploads.
13
Chapter 3
KEYING IN WIRELESSHART
Keying is very important as it provides a strong security shield for the network. For the
complete protection of a WirelessHART network, security for both wireless and wired
devices is necessary.
But unfortunately neither of the devices has a standard key
management scheme which made way for need of a security manager. But such a security
manager has no well-defined specifications and functionalities. Our implementation of
key management techniques can help improve the reliability of security manager. In this
chapter we will discuss how the keys work and how they are managed to establish a
secure network.
Key generation is a crucial aspect and the encryption should be taken care of automatic
key management system for making the network secure. If a real-time network were
established without the key management system it would practically be impossible to
provide outstanding and reliable security. Manual management is weak as the chance of
committing errors is high and improper selection of key can lead to the complete hack of
the network. The use of similar or identical keys is a common practice in manual key
management that can lead to complete takeover of the network.
We can take the
Wireless LAN as a general example which can be breached easily only because of the
manual key management by Wired Equivalent Privacy (WEP). Let us now see how the
keys are managed in a WirelessHART network, there are some keys which are needed by
14
every device in the network which were already mentioned in the previous chapter and
will be explained in detail here.
3.1 Types of Keys:
3.1.1 Join Key: This is the first and the basic key needed by any device in a
WirelessHART network as it is used to let the device connect the network. The key is
entered into a device by using a handheld device and it is not connected to the network
while the join key is being entered into it, this is because the join key acts as a ID number
and need not be shared with any other device or manager in the network. The join key
provides end-to-end security between a device and the network manager. If the device is
being connected for the first time, the network manager authenticates the device by its
join key and writes back the network key and session key into the device. It should be
noted that the network manager has the capability to change the join key of the device
once it becomes the part of the network.
3.1.2 Session Key:
Session keys are used to provide end-to-end security between
devices in a network. Four session keys are required to establish:
i) A unicast session between the gateway and the device
ii) A unicast session between network manager and the device
iii) Broadcast session from the gateway to all the devices
iv) Broadcast session from the network manager to all the devices
15
Session key along with network key is written into the device after the device verifies
itself with its join key. During the process of sending the session and network keys the
device is connected only to the network manager and nothing else and it can start
communicating with other devices only after getting the gateway session key.
Once a
device has a session key it uses the same to communicate with other devices through the
gateway or network manager. The gateway/network manager then decrypts the key to
know the information of the destination device and again encrypts the data to send the
information to destination device. The destination device then has a session with the
gateway/network manager; it has a different session key that is decrypted by the device to
access the data successfully.
3.1.3 Network Key: WirelessHART secures the transactions between two devices by
providing Per-hop security. The data on its journey towards the destination passes
through many hops, as all the devices in the network act as a router. The medium of
communication in a wireless network is air and a network key secures the air
interference. There is a single network key that is used by all the devices in the network
that protects the Data-link layer PDU. Network manager is the one that has the capability
to initiate the network key write command to a device and the network key is provided to
a device only after it successfully joins the network. Network manager can later manage
the network key by using the required commands.
3.1.4 Handheld Key: The handheld devices behave just like any other device in a
WirelessHART network. Handheld devices are used for installation and maintenance
16
purposes; they are connected to a field device through its maintenance port thereby
providing an input medium and are also used for device maintenance. When a handheld
device is connected to a field device it is not granted access to the network and its
devices, it has to use a join key in order to join a network.
Handheld key is a key that is provided to the handheld device when it connects to a
specific field device, this connection does not need an intermediate gateway. This type of
connection is called peer-to-peer connection. The handheld devices can communicate
with the field devices by requesting a handheld session from the network manager;
handheld device is then issued the handheld key by the network manager after joining the
network using a join key.
To establish a device-to-device connection a handheld
superframe is also required alongside a handheld key that is used for maintenance of the
wireless devices. The handheld devices can communicate with the field devices by
requesting a handheld session from the network manager.
3.1.5 Well-known Key: A 128-bit key generated by automatic encryption standard
(AES) is used to secure the Network layer PDU and Data-link layer PDU. When a
device first tries to join a WirelessHART network it uses a join key to join the network,
join key here is used to protect the Network layer PDU. But there is no network key with
the device at the point of joining the network that is crucial for the protection of Data-link
layer PDU, so a Well-Known key is used as network key. Whether a Well-Known key
(7777 772E 6861 72 636F 6D6D 2E6F 7267) should be used or not is decided by the
17
specifier bit (third bit in the Data-link layer PDU), if the bit is not set then the WellKnown key is used.
3.2 Key Management:
Keys are required in any WirelessHART network to provide security and the security
manager does key management. The keys are assigned and distributed by network
manager [9]. The techniques in key management and their limitations are discussed
below:
3.2.1 Key Generation: There are no specific requirements for key generation in
WirelessHART. The only thing specified is that the security manager is responsible for
key generation and the network manager provides the password that needs to be verified.
AES is used for key generation and the logic for generating various keys may differ
depending on the level of security needed.
3.2.2 Key Storage: The security manager is responsible for the storage of all the keys
safely. All the keys are stored in safe storages that are protected by storage level
passwords and the security administrator is responsible for the storage of these
passwords. Network manager or security manager manages the passwords in the storage,
who manages the passwords depends on the level of trust amongst them. The security
manager stores the following information for every key that is generated:

Network ID
18

Nickname of the device

Key Value (actual key)

Key Type

Generation Date

Expiry Data
3.2.3 Key Distribution: The network manager is responsible for the distribution of keys
to the devices and it should be the only one to provide keys to wireless network. The
table below shows the commands used to manage the keys:
WirelessHART Keys
COMMANDS
Session Key
Command 963 (write session)
Network Key
Command 961 (Write network key)
Handheld Key
Command823 (Request session)
Join key
Command 768 (Write join key)
Table 3.1 – Key Distribution Commands [19]
3.2.4 Key Renewal: Key renewal is very important part in key management since any
key’s security can be breached over time or brute-force attack. So the keys should be
changed frequently and the changes should be automatic to avoid possible errors made by
19
humans. The commands used to change the keys are shown in table 4.1; these commands
will override the existing keys. Drawback in key renewal is that the join key is used to
change the session key and the unicast key changes the join key, both being
interdependent can be revealed when either one of them is compromised.
3.2.5 Key Revocation: The process of deactivating or removing or deleting a key from a
device is called key revocation. This is necessary because when a device is no longer
part of a particular network it should not have any secrets or information related to that
network. Except for the network key all the other keys are device specific. When a
device is disconnected or captured legally or illegally the device should have a capability
to self-destruct [8] itself or all the data in it should be blanked automatically to keep the
network away from threats. The only information a device carries before joining a
network is its join key and the other keys are given to it only after that, so when the
device leaves the network its join key should automatically be invalidated to secure the
network.
3.2.6 Key Vetting: Key vetting is a process that verifies and authenticates the keys.
This concept is similar to authenticating the certificates but here the device status is
checked and reported to the main control system.
20
Chapter 4
ADVANCED ENCRYPTION STANDARD
The most important aspect of any communication system either a wired communication
or a wireless communication is to provide security to the data that is transmitted and
received between the devices. To ensure that the transmitted data is received correctly
without any security breach the original data is processed along with some secured keys.
This process of hiding the original data using secured keys is called cryptography. We
have used the AES algorithm in our design of WirelessHART security system to ensure
secured and authenticated transmission of data [12].
AES specifies the Rijndael algorithm, a symmetric block cipher that can process data
blocks of 128 bits using cipher keys with lengths of 128,192 and 256 bits. National
Institute of Standards and Technology (NITS) announced AES in 2001. The AES
algorithm is performed in Nr (Number of Rounds). The architecture of one round
contains two different data-paths, the decryption data-path and inverse key scheduling
data-path. The size of data block in AES is 128 bit long and the key size can be 128, 192
and 256 bits [12].
The AES algorithm contains three main parts; cipher, inverse cipher and key expansion.
Cipher converts data into unintelligible form called ciphertext while inverse cipher
converts data back into its original form called plaintext. Key expansion generates a key
schedule that is used in cipher and inverse cipher procedure. We have designed the
21
decyption algorithm using Verilog, and RTL code of AES decryption algorithm was
simulated in Modelsim and synthesized using VCS synopsis.
Block size (Nb) Key length (Nk) Number
words
words
Rounds (Nr)
AES-128 bits key
4
4
10
AES-192 bits key
4
6
12
AES 256 bits key
4
8
14
of
Table 4.1 Different Types of Key Sizes
The above table 4.1 shows that number of rounds depend on AES key size. For a 128 bit
key, the key is divided into 4X4 matrix in which each element is 8 bits. Similarly, for 192
bit size, the key is divided into 6X6 matrix with each element of 8bits. It is the same case
for 256-bit size that is divided into 8X8 matrix. The AES algorithm starts with initial
transformation of data matrix followed by ten iteration rounds. A round consists of four
transformations they are
1) Inverse shift rows transform
2) Inverse sub-bytes transform
3) Inverse mix-column transform
4) Inverse Add round key transform.
22
From each round, an inverse round key is generated from the original key through key
scheduling process. The last round consists of only inverse sub-bytes; inverse shift rows
and inverse add round key transformation, inverse mix column transform is not
performed as the last round gives the original data.
4.1 Why is AES Used?
There are many algorithms for data encryption and decryption such as Data Encryption
Standard (DES) algorithm and RSA algorithm, but AES is used for providing security in
our project on WirelessHART because [15]
1) It has strong resistance against all known attacks as it uses a minimum of 10
rounds for generating cipher text. The number of rounds is not fixed; they are
varied according to the security level and size of the key.
2)
As it is symmetric algorithm the operation is faster compared to other
cryptography algorithms. The round transformation is parallel by design; this
makes all the round calculations faster, which generates output block.
3) Compared to other cryptographic algorithms the AES algorithm has a simple
design.
4) It is hard to crack AES because it uses different steps like shifting, mixing and
adding schedule keys.
5) Guarantees high diffusion over multiple rounds.
23
6) Corresponds to the parallel application of S-boxes that have optimum worst-case
non-linearity properties.
7) Finally the AES is well suited to be implemented efficiently on a wide range of
processors and in dedicated hardware typical for a PC.
4.2 Decryption Implementation:
The decryption algorithm implementation starts when the data to be decrypted is received
by the device in the network. The received data is divided into equal blocks of 128,192 or
256 bits each depending on the key size. The key size used in our project is 128 bits. So,
the received data is divided into a 4x4 matrix with each element of 8-bits. The matrix is
formed such that the four elements in the first column are the first 32 bits of the data. The
length of the data block (Nb) is defined as the number of 32-bit words in each block and
is equal to 4 for 128 bit data. The length of the key (Nk) is defined as the number of 32bit words in the key. The length of the key for 128, 192 and 256 bits are 4, 6 and 8
respectively. Depending on the length of the decryption key the number of iterations
performed to decrypt the data increase. The number of rounds (Nr) required for
decrypting the data for a key length of 128, 192 and 256 bits are 10, 12 and 14
respectively [12].
24
CIPHER DATA
ROUND KEY (0)
INVERSE ADD ROUND KEY
INVERSE SHIFT ROWS
INVERSE SUB-BYTE
INVERSE MIX-COLUMNS
ROUND KEY (i)
INVERSE ADD ROUND KEY
INVERSE SHIFT ROWS
INVERSE SUB BYTE
ROUND KEY(Nr)
(Nr)
INVERSE ADD ROUND KEY
PLAIN DATA
Figure 4.1- Architecture of Data Decryption [12]
25
4.3 Data Decryption:
The encrypted data that is transmitted from the source device is to be decrypted at the
destination device. The decryption of the received data is done in the reverse order of the
encryption process. The reverse transformation also consists of four steps and they are
1) Inverse shift rows transform
2) Inverse sub-bytes transform
3) Inverse mix-column transform
4) Inverse Add round key transform.
4.3.1 Inverse Shift Rows Transform: In this transform the rows in the data matrix are
shifted right in the circular shift method. The rows in the matrix are shifted such that the
first row is not shifted; the second row is shifted right by one element, third row by two
and fourth row by three elements. The inverse shift rows transform is best illustrated by
figure 4.2.
26
Figure 4.2 Inverse Shift Rows Transform Circular Right Shift [12]
4.3.2 Inverse Sub-bytes Transform: In the inverse sub-byte transformation each
element of the matrix obtained from the inverse shift-row transform step is replaced by a
corresponding element from the inverse sub-byte substitution table provided by the AES
in figure 4.3.
27
Figure 4.3 AES Specified Inverse Substitution Matrix [12]
4.3.3 Inverse Mix-column Transform: The inverse mix-column transform is simply the
inverse of the mix-column transform performed in the encryption of data. This transform
is performed on each column of the matrix obtained from the previous transform step
separately. In this transformation step the matrix obtained after the inverse sub-bytes
transformation is multiplied by a standard matrix (in fig 4.4) provided by AES. All the
other operations are performed similar to the mix-column transform step in the
encryption of data.
28
Figure 4.4 AES Standard Matrix for Inverse Mix-Column Transforms [12]
4.3.4 Inverse Add Round Key Transform: The inverse add round key transform is
performed by inversing the round key matrix obtained from add round key transform of
encryption. And XOR this matrix with the matrix obtained from the inverse-mix column
transform. Some of the transformation steps in both the encryption and decryption of the
data can be interchanged with respect to their order. The sub-byte transformation and
matrix-row shift transform can be interchanged in the encryption. This can also be done
for Inverse sub-byte and inverse shift-row transform in decryption.
29
Chapter 5
DESIGN AND IMPLEMENTATION
WirelessHART is now an emerging network technology which was standardized in 2007
and it is flourishing rapidly. There are more than 30 companies engaged in bringing
WirelessHART products to the market. Many challenges are being set: like increasing the
speed, bringing down the cost of producing firmware and radios, gateways, and adapters.
After doing research on WirelessHART we found that it is a layered protocol and out of
which Data Link Layer is important. Here in this project we made an attempt to design
security system in Data Link Layer so that we can integrate the design logic in chips
(ASIC/FPGA).
5.1 Assumptions and Specifications:
1) 128-bit inverse key is used for decryption to generate plain text from cipher text.
2) The data input which comes from the test bench is considered as four words in
size so that decryption is performed correctly.
3) The inverse sub-byte matrix which is used in decryption is generated from
Verilog test bench and is not used for synthesis.
4) Xilinx Virtex FPGA (Model: XC5VLX30-1FF324C) is used for implementation.
5) The cipher text is assumed as serial data input for our design.
30
5.2 Tools, Languages and Environments Used:
1) Modelsim XE III 6.4b is used for simulation of our design. Modelsim is an RTL
design and simulation tool developed by Mentor Graphics.
2) VCS Synopsys is used for synthesis of our design after simulation is done and the
design is optimized.
3) Virtex board comes with a mounted FPGA on the board. This FPGA is used to
dump the RTL code.
4) ISE Project Navigator is used for configuring the FPGA on virtex board. ISE
project navigator is developed by Xilinx.
5) The programming language used for RTL design is Verilog HDL.
6) TCL is used for writing and running scripts.
7) Windows and UNIX operating systems are used in various phases of our project.
Figure 5.1 Virtex Board
31
5.3 Virtex FPGA Features:
We used a Virtex-5 FPGA for our project. The features are as follows:
1. It has five platforms LX, LXT, SXT, TXT, and FXT.
2. It is cross-platform compatible.
3. Power clock management tile (CMT) clocking.
4. 36-kbit blocks RAM/FIFOs.
5. High-performance parallel select IO technology.
6. Advanced DSP48E slices.
7. Flexible configuration options.
8. System monitoring capability on all devices.
9. Integrated endpoint blocks for PCI express designs.
10. Tri-mode 10/100/1000 Mb/s Ethernet MACs.
11. Rocket IO GTP transceivers 100 Mb/s to 3.75 GB/s and 150 Mb/s to 6.5 Gb/s.
12. PowerPC 440 Microprocessors.
13. 65-nm copper CMOS process technology.
32
14. High signal-integrity flip-chip packaging available in standard or Pb-free package
options.
5.4 Project Design Flow:
There are five phases in our project, they are:
5.4.1 Block Diagram: The block diagram (Figure 5.2) shows how the data is decrypted
in the message handling module. The data comes into the DUT from the test bench in the
form of 32-bit data blocks. These 32-bit chunks are passed to the inverse mix column
module. After the inverse mix column transform is performed the resulting data is
transferred to inverse shift rows block. The data is then transferred to inverse sub-byte
block where each 8-bit is replaced by the values from inverse sub-byte table as shown in
figure 4.3. Then the inverse add round key module performs the generation and addition
of inverse key. This process is continued for ten rounds in the top module and the
resulting data is the original transmitted data after ten rounds of transforms.
33
TestBench
Inverse key
Inverse
mixcolumns
Cipher text
Inverse shifter
Inverse
mixcolumns
Plain Text
Figure 5.2 Block Diagram for Decryption
34
5.4.2 Finite State Machine (FSM) for Data Decryption: The operation of the FSM for
data decryption has the same number of states as that of encryption. In S1 ciphertext is
XORed with key schedule bytes which are generated using test bench. In S2 inverse subbyte matrix is generated from inverse substitution matrix.
In S3 inverse row-shift
operation takes place and in S4 plain text is generated when round key reaches ten.
Reset
Cnt < 2'b11
S0
S1
Cnt = 2'b11
Inverse add round key
transformation
Cnt < 2'b11
S2
Inverse shift rows
Cnt = 2'b11
Cnt = 2'b11
S3
Inverse matrix
multiplication
Inverse Sub-byte
Cnt < 2'b11
Cnt = 2'b11
S5
Plain text
Cnt = 2'b11
&
Round = 10
S4
Cnt < 2'b11
Figure 5.3 Finite State Machine for Decryption
35
5.4.3 Simulation: Simulation of a design is performed after the RTL coding is done in
Verilog and the logic is verified. Modelsim is used for the simulation of our design. Test
bench is written to verify the logical behavior of the design. Modelsim also provides
features for generating simulation results to a word file and waveforms using DVE
command. Figure 5.4 shows the waveforms for the inverse sub-byte matrix, Figure 5.5
shows the waveforms for the decryption finite state machine and Figure 5.6 shows the
waveforms for inverse substitution matrix.
Figure 5.4 Output of Inverse Sub-byte Matrix
36
Figure 5.5 State Machine Waveforms
37
Figure 5.6 Inverse Substitution Matrix
5.4.4 Synthesis: The process of optimizing and converting the required logic behavior of
the design into logic gates is termed as logic synthesis. Synthesis enables us to take the
design from RTL level to chip level. A design can be dumped into the FPGA after it is
simulated and synthesized. In our project Synopsys VCS is used to perform synthesis of
our design.
38
Figure 5.7 Script for Importing Synopsys Libraries
Figure 5.7 shows the TCL script importing symbol library, target library and link library
to synthesize the RTL code to get a gate level design. Synthesizer uses the gate delays,
gate size from symbol library for generating the gate circuit.
The figures 5.8 and 5.9 are the synthesized outputs generated by the VCS Synopsys tool
using the above script. The timing, area and attribute reports are included in the appendix
A.
39
Figure 5.8 Synthesized Gate Level Output
Figure 5.9 Synthesized Gate Level Output (zoomed)
40
5.4.5 Configuration: In this phase we have dumped the synthesized code in to the
FPGA using Xilinx ISE Project Navigator.
Figure 5.10 Properties of FPGA
Figure 5.10 shows the properties of Virtex-5 FPGA and the tools used for synthesis,
simulation and design. This FPGA contains 220 I/O pins. It consists 4,800 configurable
logic blocks (CLB). It consists of 16.4 Mbits of integrated block memory.
41
Figure 5.11 Design Summary
42
Chapter 6
CONCLUSION
A security system is successfully designed to protect the WirelessHART network. The
work involved a lot of material related to the HART protocol, wireless implementation of
HART, various algorithm implementations and keying concepts. We used Verilog to
write the programs that implement the AES algorithm, on the Modelsim IDE (Integrated
Development Environment). AES algorithm is used to decrypt the data in our project; it
can also be used to encrypt the data. By using keying, key management techniques and
AES algorithm the security is made stronger and the transactions more secure in the
Data-link layer of the WirelessHART network.
Many trials of decrypting the data received were not successful because of a particular
step; it was the inverse mix-column operation. After not so many trials we solved that
particular problem and then another problem showed up which was related to
configuration of the FPGA we used in our project. Later on we had to deal with bugs in
the programs used to implement the algorithm that were fixed later on. We represented
the bits of the data in matrix form which helped us a lot as there are a lot of ways in
which a matrix can be manipulated and also because matrix operations can be easily
done.
The major success in our attempt to secure a WirelessHART network came from a
decision which we made at early stages of our project; we used Verilog HDL for
43
implementation of the AES algorithm which made our task easy as the simulation process
makes it easy to figure out the errors if any in our program. Some previous attempts were
made using different algorithms and programming languages to encrypt data, but our
attempt is unique and it also is very beneficial since the algorithms can be easily
implemented without much effort, error detection in implementation can be easily
rectified and can be maintained easily by the control system of the WirelessHART
network.
This was a sincere attempt to make WirelessHART a secure communication network. As
we work towards the goal of making WirelessHART a reliable and productive option for
networking, this effort will help understand the use of implementing AES algorithm
using Verilog to secure the WirelessHART better.
44
APPENDIX A
Simulation Results
Inverse Shift Row Results
Chronologic VCS simulator copyright 1991-2005
Contains Synopsys proprietary information.
Compiler version Y-2006.06-SP1; Runtime version Y-2006.06-SP1;
10:23 2010
Inverse shift row Values after First Round
VCD+ Writer Y-2006.06-SP1 Copyright 2005 Synopsys Inc.
0subin=89ef4e27, inverseshiftrows=89d5f50b
10subin=2bca100b, inverseshiftrows=2beffd9f
20subin=3d9ff59f, inverseshiftrows =3dca4ea7
inverseshiftrows Values after Second Round
30subin=54d990a1, inverseshiftrows =5411f4b5
40subin=6ba09ab5, inverseshiftrows =6bd9700e
50subin=96bbf40e, inverseshiftrows =96a0902f
60subin=a111702f, inverseshiftrows =a1bb9aa1
inverseshiftrows Values after Third Round
70subin=3e1c22c0, inverseshiftrows =3e175076
80subin=b6fcbf76, inverseshiftrows =b61c0467
90subin=8da85067, inverseshiftrows =8dfc2295
100subin=f6170495, inverseshiftrows =f6a8bfc0
inverseshiftrows Values after Fourth Round
110subin=b458124c, inverseshiftrows =b415f801
120subin=68b68a01, inverseshiftrows =6858552e
130subin=4b99f82e, inverseshiftrows =4bb6124c
140subin=5f15554c, inverseshiftrows =5f998a4c
inverseshiftrows Values after Fifth Round
150subin=e8dab690, inverseshiftrows =e847f565
160subin=1477d465, inverseshiftrows =14dadde2
170subin=3ff7f5e2, inverseshiftrows =3f77b64f
180subin=e747dd4f, inverseshiftrows =e7f7d490
inverseshiftrows Values after Sixth Round
190subin=36339d50, inverseshiftrows =36400926
200subin=f9b53926, inverseshiftrows =f9336d2d
210subin=9f2c092d, inverseshiftrows =9fb59d23
220subin=c4406d23, inverseshiftrows =c42c3950
inverseshiftrows Values after Seventh Round
230subin=2d6d7ef0, inverseshiftrows =2dfb0234
240subin=3f33e334, inverseshiftrows =3f6d12dd
250subin=093602dd, inverseshiftrows =09337ec7
260subin=5bfb12c7, inverseshiftrows =5b36e3f0
inverseshiftrows Values after Eighth Round
270subin=3bd92268, inverseshiftrows =3b59cb73
May
5
45
280subin=fc74fb73, inverseshiftrows =fcd90ee0
290subin=5767cbe0, inverseshiftrows =5774222d
300subin=c0590e2d, inverseshiftrows =c067fb68
inverseshiftrows Values after Ninth Round
310subin=a7be1a69, inverseshiftrows =a761ca9b
320subin=97ad739b, inverseshiftrows =97be8b45
330subin=d8c9ca45, inverseshiftrows =d8ad1a61
340subin=1f618b61, inverseshiftrows =1fc97369
inverseshiftrows Values after Final Round
350subin=6353e08c, inverseshiftrows =63cab704
360subin=0960e104, inverseshiftrows =0953d051
370subin=cd70b751, inverseshiftrows =cd60e0e7
380subin=bacad0e7, inverseshiftrows =ba70e18c
$finish at simulation time
500
V C S
S i m u l a t i o n
R e p o r t
Time: 500
CPU Time:
0.020 seconds;
Data structure size:
0.0Mb
Wed May 5 10:23:01 2010
46
Inverse Sub-byte Results
Chronologic VCS simulator copyright 1991-2005
Contains Synopsys proprietary information.
Compiler version Y-2006.06-SP1; Runtime version Y-2006.06-SP1;
03:09 2010
InverseSubbyte Values after First Round
VCD+ Writer Y-2006.06-SP1 Copyright 2005 Synopsys Inc.
0subin=7a9f1027, subout=bd6e7c3d
10subin=89d5f50b, subout=f2b5779e
20subin=2beffd9f, subout=0b61216e
30subin=3dca4ea7, subout=8b10b689
InverseSubbyte Values after Second Round
40subin=5411f4b5, subout=fde3bad2
50subin=6bd9700e, subout=05e5d0d7
60subin=96a0902f, subout=3547964e
70subin=a1bb9aa1, subout=f1fe37f1
InverseSubbyte Values after Third Round
80subin=3e175076, subout=d1876c0f
90subin=b61c0467, subout=79c4300a
100subin=8dfc2295, subout=b45594ad
110subin=f6a8bfc0, subout=d66ff41f
InverseSubbyte Values after Fourth Round
120subin=b415f801, subout=c62fe109
130subin=6858552e, subout=f75eedc3
140subin=4bb6124c, subout=cc79395d
150subin=5f998a4c, subout=84f9cf5d
InverseSubbyte Values after Fifth Round
160subin=e847f565, subout=c81677bc
170subin=14dadde2, subout=9b7ac93b
180subin=3f77b64f, subout=25027992
190subin=e7f7d490, subout=b0261996
InverseSubbyte Values after Sixth Round
200subin=36400926, subout=24724023
210subin=f9336d2d, subout=6966b3fa
220subin=9fb59d23, subout=6ed27532
230subin=c42c3950, subout=88425b6c
InverseSubbyte Values after Seventh Round
240subin=2dfb0234, subout=fa636a28
250subin=3f6d12dd, subout=25b339c9
260subin=09337ec7, subout=40668a31
270subin=5b36e3f0, subout=57244d17
InverseSubbyte Values after Eighth Round
280subin=3b59cb73, subout=4915598f
290subin=fcd90ee0, subout=55e5d7a0
300subin=5774222d, subout=daca94fa
310subin=c067fb68, subout=1f0a63f7
InverseSubbyte Values after Ninth Round
320subin=a761ca9b, subout=89d810e8
330subin=97be8b45, subout=855ace68
May
5
47
340subin=d8ad1a61, subout=2d1843d8
350subin=1fc97369, subout=cb128fe4
InverseSubbyte Values after Final Round
360subin=63cab704, subout=00102030
370subin=0953d051, subout=04050607
380subin=cd60e0e7, subout=08090a0b
390subin=ba70e18c, subout=0c0d0e0f
$finish at simulation time
500
V C S
S i m u l a t i o n
R e p o r t
Time: 500
CPU Time:
0.020 seconds;
Data structure size:
Wed May 5 03:09:12 2010
0.0Mb
48
REFERENCES
[1]
HART Communication Foundation http://www.hartcomm.org/ (2010-03-17)
[2]
W. Simpson, “PPP in HDLC Framing”. Network Working Group, Request for
Comments (RFC): 1549; December 1993
[3]
Morris Dworkin, “Recommendation for Block Cipher Modes of Operation: The
CCM Mode for Authentication and Confidentiality”. NIST Special Publication 80038C; NIST Technology Administration, US Department of Defense.
[4]
Frequency
Hopping
Spread
Spectrum
(FHSS)
http://en.wikipedia.org/wiki/Frequency- hopping_spread_spectrum (2010-03-04)
[5]
Jianping Song, et al., “WirelessHART: Applying Wireless Technology in Real-Time
Industrial Process Control”. IEEE Real-Time and Embedded Technology and
Applications Symposium, DOI 10.1109/RTAS.2008.15
[6]
Yih-Chun Hu, et al., “Wormhole Attacks in Wireless Networks”. IEEE JOURNAL
ON SELECTED AREAS IN COMMUNICATIONS, VOL. 24, NO. 2,
FEBRUARY 2006.
[7]
Christopher Alberts, at al., “Managing Information Security Risks: The OCTAVE
Approach”., Addison Wesley July 09, 2002 (ISBN: 0-321-11886-3)
[8]
Hiran Kumar, et al., “Security Threats in Wireless Sensor Networks”. IEEE A&E
Systems Magazine, June 2008.
[9] William Stallings, Data and Computer Communications, 8th Edition. Page 713
[10] Leung C, “Evaluation of the Undetected Error Probability of Single Parity-Check
49
Product Codes”. IEEE Transactions on Communications- vol. 31 No. 2 page 250253 (1983)
[11] J. R. Douceur, “The Sybil Attack”. Proceedings of the 1st International workshop on
Peer- To-Peer Systems (IPTPS), March 2002
[12] Announcing the ‘ADVANCED ENCRYPTION STANDARD (AES)’, Federal
Information, Processing Standards Publication 197, November 26, 2001
[13] A Complete WirelessHART Network, Jianping Song, Song Han, Xiuming Zhu, Al
Mok, Deji Chen, Mark Nixon
[14] “The Official source for HART communication technology”, HCF_LIT-89 May
2007
[15] C. Sanchez – Avila and R. Sanchez Reillo, “The Rijndael Block Cipher (AES
Proposal): A comparison with DES”, IEEE 2001
[16] Anna N. Kin, Fredrik Hekland, Stig Petersen and Paula Doyle, “When HART Goes
Wireless: Understanding and Implementing the WirelessHART Standard”, IEEE
2008
[17] “HART: An introduction for users and manufacturers”, revised on oct-1995.
[18] “Hart application guide”, HCF_LIT-34 1999.
[19] Shahid Raza, Adriaan Slabbert, Thiemo Voigt, “Security Consideration for the
WirelessHART Protocol” IEEE April, 2009.