Encryption Development System Encryption Development System Project Part A Characterization Written by: Yaakov Levenzon Ido Kahan Advisor: Mony Orbach Spring Semester 2012
The Problem We carry sensitive information with us, to practically everywhere… Where is it?!
Our Solution The cyclone II FPGA is fast and quite strong, thus making the Encryption/Decryption process fast, and usable for different needs. Easy to use: the entire process is invisible for the customer, which makes it easy and intuitive to use, just as using a regular disk-on-key (without the difficulty of technical details and the lack of skill). The level of encryption is strong and changeable. The method of block cipher AES (Advanced Encryption Standard) is, De Facto, used by the U.S Government and the private sector.
Project Goals Primary Goal: Creating a complete system which encrypts and deciphers files and transfers them to a disk-on-key, by Implementing a symmetric block cipher/decipher module on DE2 Board. Didactic Goals: Understanding and developing ways of communication between the PC and the DE2 board and its internal memory. Understanding and implementing the Nios ІІ embedded processor, and transfer data by utilizing the Avalon bus.
The DE2 Board
Working Environment Design, synthesis and P&R – Quartus Simulation – Modelsim Debugging – Modelsim Debugging on the chip – SignalTap
DE2 PCPC USB Architecture FPGA Encrypted Memory Nios II AVALON USB PHY & MAC DMA USB CTRL Unencrypted Memory AES USB CTRL AES USB PHY & MAC Disc on key Host animation
Block Diagram - Writing Sending words Words on AVALON bus Words by USB protocol PC Cable USB FPGA Encrypted words AES Block Encrypting words FPGA Memory Unencrypted words FPGA Memory Nios PC
Block Diagram - Reading Sending request Request on AVALON bus Request by USB protocol PC Cable USB FPGA Reading encrypted words AES Block Decrypting FPGA Memory PC Nios Unencrypted words FPGA Memory Words by USB protocol Cable USB PC Nios
Nios II Nios II/s Core – the best of two worlds Can access up to 2 GB of external address space Has instruction cache but no data cache Has Brunch Prediction Five stage pipeline animation
USB host and device CTRL
Avalon Bus Several signals: Clk Read Write Data : 1-32 We will use: 32 (g) Address: 1-32 We will use: 14 (g) animation
Planning ahead… The first part is only a preparation for the AES system Generic design Improving the current system (Example: unused address lines) Using (or creating?) a small File System for writing and reading files from external memories, for example: Flash memory (disk-on-key), SD-card etc. Final product: a complete system which can solve the problem Opening (and selling…) a start up!
Project Timetable task nameduration26/32/49/416/423/430/47/514/521/528/54/611/618/625/6 EXAMEXAM 30/76/813/820/8 Reading materials 1 weeks Reading materials 1 weeks Reading materials 1 weeks Characterization 1 weeks VHDL code writing:6 weeks Data untill Avalon2 weeks Others Components 2 weeks Top level2 weeks Mid presentation 1 weeks Verification and Debugging 3 weeks Final report7 weeks Final presentation1 weeks
Enigma: Encryption & Decryption System Enigma: Encryption & Decryption System Project Part B Characterization Written by: Yaakov Levenzon Ido Kahan Advisor: Mony Orbach Winter Semester 2013
The Problem We carry sensitive information with us, to practically everywhere… Where is it?!
What has we done so far? FPGA Encryption/Decryption Verification System Top Level: Fifo_in Fifo_out Nios Encrypt_sys FSM controller
Problems with previous encryptions systems AES - Same bank of Keys every time AES – Use of limited FPGA resources Repeated patterns makes it easy to decipher
Our Solution The original Enigma machine: In our systems: More characters More combinations Start position to the ASCII table. Every day -> different key.
Project Goals Primary Goal: Creating a complete system which encrypts and deciphers files by using the method of the famous “Enigma” machine, while following the instructions of our part A system. Didactic Goals: Dealing with a design and implementation of a complete encryption/decryption system, thus strengthening our VHDL skills. Implementing the Enigma system into our architecture (while using its generic ability to modify it for working with streams of data).
Our System’s Data Sheet Maximum possible Encryption/Decryption memory size: bits (46% of DE2 board) (Recommended size – for 85% capacity: bits) Maximum possible Encryption/Decryption number of LE: Key Size: 128 bits (Generic Design) Data width: 128 bits (Generic Design) System speed: 1 MBPS (dictated by the DLP module) DLP FIFO size: 1024 bits DLP FIFO Speed: 384 byte Transmit buffer / 128 byte receive buffer
Working Environment Design, synthesis and P&R – Quartus Simulation – Modelsim Debugging – Modelsim Debugging on the chip – SignalTap
DE2 PCPC USB Architecture – High Level FPGA Nios II AVALON DLP ENIGMA System Host controller In_Data FIFO 8->128 Out_Data FIFO 128->8 Encryption/ Decryption
0x01 0x02 0x03 0x04 0xFF First rotor 0xA2 0x4B 0x67 0x89 0xAC First keyASCII table PC 0x02, 0x02 0x4B, 0xA2 1 The Algorithm – step 1
0x01 0x02 0x03 0x04 0xFF First rotor 0xA2 0x4B 0x67 0x89 0xAC Key AASCII table 0x02, 0x02 Ox4B, OxA2 0x01 0x02 0x03 0x04 0xFF Second rotor 0x14 0x98 0x76 0x94 0xE1 ASCII table 11/2 0x01 0x02 0x03 0x04 0xFF Third rotor 0x23 0x55 0x09 0x11 0x2B ASCII table 1/3 Key BKey C Encrypted data PC Encryption Data Flow – step 2
PC 0x x23 0x68 0x54 0x43 0xA2 0x28 0x x38 0x74 0x78 0x04 0x12 0x43 0xEC x1A 0x3C 0xA8 0xD5 0x55 0xF2 0x9F x3B 0x23 0xD2 0x89 0x17 0x98 256*3= RAM ASCII KEY A ASCII KEY B ASCII KEY C First rotor Second rotorThird rotor Every rotor receives different key The keys will be changed every day The keys file will be saved in a safe file Keys – step 3
0x01 0x02 0x03 0x04 0xFF a rotor ASCII table 0xFE 0xFF 0x01 0x02 0xFD a rotor ASCII table Promote 2 steps The First Position – step 4 Another level of security Every rotor have a different first-position The first-positions will be changed every day
PC RAM ASCII KEY A ASCII KEY B ASCII KEY C First rotor Second rotorThird rotor First Positions For The Rotors – step 5 Another level of security Every rotor have a different first-position The first-positions will be changed every day Two separated files: keys and positions
Decryption Algorithm The encryption-system is symmetrical as the Enigma machine. Should use the same keys, same positions for the keys and the same rotor-positions. 0x01 0x02 0x03 0x04 0xFF First rotor 0xA2 0x4B 0x67 0x89 0xAC First keyASCII table
0x01 0x02 0x03 0x04 0xFF First rotor 0xA2 0x4B 0x67 0x89 0xAC First keyASCII table PC 0x02, 0x02 0x4B, 0xA2 1 Decryption Algorithm Encrypted data
0x01 0x02 0x03 0x04 0xFF First rotor 0xA2 0x4B 0x67 0x89 0xAC Key AASCII table 0x02, 0x02 Ox4B, OxA2 0x01 0x02 0x03 0x04 0xFF Second rotor 0x14 0x98 0x76 0x94 0xE1 ASCII table 1 1/2 0x01 0x02 0x03 0x04 0xFF Third rotor 0x23 0x55 0x09 0x11 0x2B ASCII table 1/3 Key BKey C Encrypted data PC Decryption Data Flow
Another element of complexity Using hopping method to determine how much the rotor will spin in every char encryption cycle. Both ends of the communication will know the function ahead so there is no need to send data for this method (less use of FPGA memory resources). The function we will use will be a generation of Fibonacci sequence, with randomly chosen start conditions (we will need 2 random integers, different ones for each rotor).
Rotor A Top Level – part B GUI for the user keys file positions file Send data file send text date DLP RAM First- position RAM key mux RX text
Project Timetable task nameduration21/1028/104/1111/1118/1125/112/129/1216/1223/1230/126/113/120/127/13/2 Reading materials 1 weeks Characterization 1 weeks VHDL code writing:8 weeks encryption5 weeks Mid presentation1 weeks decryption 3 weeks Verification and Debugging 3 weeks Final report7 weeks Final presentation1 weeks EXAMEXAM Until the middle-presentation in the next month – encryption data flow should be ready to synthesis. Validation system written in C by Golden Model.