Presentation is loading. Please wait.

Presentation is loading. Please wait.

eSAFE - EE 552 Project Presentation

Published byBathsheba Melton Modified over 6 years ago

Similar presentations

Presentation on theme: "eSAFE - EE 552 Project Presentation"— Presentation transcript:

1 eSAFE - EE 552 Project Presentation
Paul “The Overload” Somogyi Stephen “Network Magic” Caplan Kevin “Encrypt This!” Hackett Javan “Wired” Gargus Introduction of Group Members Steve Caplan will be discussing the ethernet interface. Kevin Hackett will describe the encryption algorithm we decided to implement. Javan Gargus will …

2 Is Your Data Safe? Networks are a shared medium
LANs: ethernet data is sent to all computers Internet: data passes through many routers Anyone can “listen” to data, obtaining: Passwords Sensitive Documents Encryption scrambles your data so that “listeners” cannot understand it All networks require a shared medium to communicate between hosts on that network. Typical LANs, including all the labs on campus, are connected by ethernet. All data sent from one machine is received by all machines on that ethernet segment. Usually each computer only accepts the data sent to it, but a program can be used to display data that is not actually sent to that machine. This is known as “packet sniffing.” Whenever you use telnet, anyone on the same ethernet LAN could see your password. Over the Internet, any data you send or receive passes through many routers and transmission lines, both public and private. Anyone with access to these resources could see your data. All variations of encryption minimally use a key that is known only by the two end points that do the encryption and decryption. Anyone who sees the encrypted data (cipher text) cannot readily determine the plain text.

3 eSAFE - Ethernet Encryption
eSAFE encrypts at the ethernet level - LAN Each computer requiring secure communication connects to the network through an eSAFE device that: encrypts all data going to the network decrypts all data from the network eSAFE/IP encrypts at the IP level - Internet secure communication to and from specific hosts and networks Our solution is the eSAFE device. It encrypts the data sent in ethernet frames. A typical application: - several people on the same network want secure communication - each person connects their computer to an eSAFE device, which then connects to the LAN - each device will encrypt all outgoing data, and decrypt all incoming data - thus, only other computers with the eSAFE device can decrypt the data We use the Blowfish algorithm…? Among the various possible extensions and features, the most important is eSAFE/IP. This would encrypt only IP traffic so that the encrypted data could travel through routers on the Internet. An example is two remote offices that exchange data over the Internet. Each would have an eSAFE device between their LAN and the Internet, which would encrypt data going to the Internet, and decrypt data from the Internet. The destination addresses to encrypt for, and the key to use, could be configured so that only traffic to/from the remote site is encrypted/decrypted, and all other Internet traffic is left untouched.

4 eSAFE System Hierarchy
LUT Access Blowfish Blowfish bf_enc Blowfish Control Blowfish Control LUT Generator Ethernet CRC Ethernet CRC Ethernet Ethernet CRC Receive Buffer Receive Buffer Progressive Blowfish Progressive Blowfish Progressive Blowfish Send Buffer Send Buffer 10... 10... CRC Send Buffer Progressive Blowfish Receive Buffer

5 eSAFE System Hierarchy
LUT Access Blowfish bf_enc Blowfish Control LUT Generator Ethernet CRC Ethernet CRC Ethernet Receive Buffer Progressive Blowfish Send Buffer CRC Send Buffer Progressive Blowfish Receive Buffer

6 Ethernet Interface Block Diagram
FPGA Receive Interface Ethernet Tranciever National DP83910A Transmit Interface MHz Clock CRC Generator

7 Ethernet Receiver Signaling Frame Input PLL clocking
Manchester Encoding - 2 transitions per bit Frame Input preamble detection determine frame length flag data to be encrypted collisions TCP/IP extension

8 Ethernet Transmitter Store and Forward versus Cut-through
64 bit buffer for preamble Transmits headers, data, and appends a CRC checksum CRC Generator Linear feedback shift register Kevin will now describe the Blowfish encryption algorithm.

9 eSAFE System Hierarchy
LUT Access Blowfish Blowfish bf_enc Blowfish Control LUT Generator Ethernet CRC Ethernet Receive Buffer Progressive Blowfish Send Buffer CRC Send Buffer Progressive Blowfish Receive Buffer

10 Blowfish Algorithm Key Expansion
divides a key (up to 448-bits) into subkeys (4168 bytes) these subkeys are pre-computed into a p-array and four s-boxes P-array: P1, P2 , … , P18. S-boxes: S1,0, S1,1, … ,S1,255 S2,0, S2,1, … ,S2,255 S3,0, S3,1, … ,S3,255 S4,0, S4,1, … ,S4,255 Now that we have established a method for transferring data, we can deal with the security of our data. The blowfish encryption algorithm was designed to be fast, compact, simple, and variably secure. The author of the algorithm, Bruce Schneier, also ensured that it is a publicly available algorithm. This makes researching a lot simpler as there is an abundance of source code available. The blowfish algorithm is separated into two parts -- Key Expansion and actual encryption. Before anything can be encrypted, a large number of subkeys must be calculated. Specifically, these subkeys are a P-array and four S-boxes. As shown, the P-array has 18 of these 32-bit subkeys, while each of the 32-bit S-boxes has 256 entries. These terms are important in implementing the algorithm into a design since the data encryption part of the algorithm relies upon them.

11 Blowfish Algorithm Data Encryption Begin End Swap xL and xR
xR = xR XOR P17 xL = xL XOR P18 Recombine xL and xR End Begin i < 16 xL = xL XOR Pi xR = F(xL) XOR xR x/2 = xL & xR Now we are ready to implement the data encryption part of the blowfish algorithm. The block diagram shown describes the process by which encryption takes place. Note that decryption is done simply by reversing the order of the P-array (ie. P18, P17, … ,P1). Stepping through the encryption process … First of all, we have to split the incoming 64-bit block cipher into two 32-bit halves. Once this is done, we move into a loop that iterates 16 times. Within this loop, the following operations occur: xL=xL XOR Pi, xR=F(xL)XORxR, and then the two sides (xL and xR) are swapped. The function F(xL) uses the S-boxes: F(xL)=((S1,a + S2,b mod 232) XOR S3,c) + S4, d mod 232. Once the loop has gone through its 16 iterations, xL and xR are, once again, swapped. Then the final outputs for xL and xR are determined: xR=xR XOR P17, and xL=xL XOR P18. Once the two halves are determined, the two halves are recombined back into a 64-bit block cipher. Javan will now continue our functional description. Yes No

12 eSAFE System Hierarchy
LUT Access Blowfish bf_enc Blowfish Control LUT Generator Ethernet CRC Ethernet Receive Buffer Progressive Blowfish Progressive Blowfish Send Buffer CRC Send Buffer Progressive Blowfish Receive Buffer

13 Progressive Encryptor
Blowfish algorithm can only encrypt 64-bit blocks of data ethernet frames are not necessarily multiples of 64 bits Solution: Use progressive XOR encryption with byte resolution Blowfish Time!!!

14 eSAFE System Hierarchy
LUT Access Blowfish bf_enc Blowfish Control LUT Generator LUT Generator Ethernet CRC Ethernet Receive Buffer Progressive Blowfish Send Buffer CRC Send Buffer Progressive Blowfish Receive Buffer

15 LUT Generator Generates the lookup table for the Blowfish algorithm
initializes lookup table with a fixed value from ROM XORs the P-array entries with the 64-bit key performs 521 iterations of Blowfish to generate the table entries; one for every P-array and S-box value Problem: many memory accesses and long generation time are required Solution: a shadow table is used to hold the partially generated lookup table

16 Prototype Results To date: eSAFE is still under development
We have encountered a number of hurtles interfacing to the ethernet that have delayed our product launch A limited private screening is tentatively scheduled for early December

17 eSAFE - EE 552 Project Presentation
Paul “The Overload” Somogyi Stephen “Network Magic” Caplan Kevin “Encrypt This!” Hackett Javan “Wired” Gargus Introduction of Group Members Steve Caplan will be discussing the ethernet interface. Kevin Hackett will describe the encryption algorithm we decided to implement. Javan Gargus will …

Download ppt "eSAFE - EE 552 Project Presentation"

Similar presentations

What's inside a router? We have yet to consider the switching function of a router - the actual transfer of datagrams from a router's incoming links to.

What's inside a router? We have yet to consider the switching function of a router - the actual transfer of datagrams from a router's incoming links to.
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
1 Version 3 Module 8 Ethernet Switching. 2 Version 3 Ethernet Switching Ethernet is a shared media –One node can transmit data at a time More nodes increases.

1 Version 3 Module 8 Ethernet Switching. 2 Version 3 Ethernet Switching Ethernet is a shared media –One node can transmit data at a time More nodes increases.
Internetworking Devices that connect networks are called Internetworking devices. A segment is a network which does not contain Internetworking devices.

Internetworking Devices that connect networks are called Internetworking devices. A segment is a network which does not contain Internetworking devices.
TCP: Software for Reliable Communication. Spring 2002Computer Networks Applications Internet: a Collection of Disparate Networks Different goals: Speed,

TCP: Software for Reliable Communication. Spring 2002Computer Networks Applications Internet: a Collection of Disparate Networks Different goals: Speed,
1 LAN switching and Bridges Relates to Lab 6. Covers interconnection devices (at different layers) and the difference between LAN switching (bridging)

1 LAN switching and Bridges Relates to Lab 6. Covers interconnection devices (at different layers) and the difference between LAN switching (bridging)
Introduction to IT and Communications Technology Justin Champion C208 – 3292 Ethernet Switching CE00378-1.

Introduction to IT and Communications Technology Justin Champion C208 – 3292 Ethernet Switching CE
Chapter 4: Managing LAN Traffic

Chapter 4: Managing LAN Traffic
Name Resolution Domain Name System.

Name Resolution Domain Name System.
Characteristics of Communication Systems

Characteristics of Communication Systems
ICOM 6115©Manuel Rodriguez-Martinez ICOM 6115 – Computer Networks and the WWW Manuel Rodriguez-Martinez, Ph.D. Lecture 16.

ICOM 6115©Manuel Rodriguez-Martinez ICOM 6115 – Computer Networks and the WWW Manuel Rodriguez-Martinez, Ph.D. Lecture 16.
Delivery, Forwarding, and Routing of IP Packets

Delivery, Forwarding, and Routing of IP Packets
Description of a New Variable-Length Key, 64-Bit Block Cipher (BLOWFISH) Bruce Schneier BY Sunitha Thodupunuri.

Description of a New Variable-Length Key, 64-Bit Block Cipher (BLOWFISH) Bruce Schneier BY Sunitha Thodupunuri.
Computer Networks 15-1 Connecting Devices. Connecting Device We divide connecting devices into five different categories based on the layer in which they.

Computer Networks 15-1 Connecting Devices. Connecting Device We divide connecting devices into five different categories based on the layer in which they.
©Brooks/Cole, 2003 Model and protocol  A model is the specification set by a standards organization as a guideline for designing networks.  A protocol.

©Brooks/Cole, 2003 Model and protocol  A model is the specification set by a standards organization as a guideline for designing networks.  A protocol.
Cisco 3 - Switching Perrine. J Page 16/4/2016 Chapter 4 Switches The performance of shared-medium Ethernet is affected by several factors: data frame broadcast.

Cisco 3 - Switching Perrine. J Page 16/4/2016 Chapter 4 Switches The performance of shared-medium Ethernet is affected by several factors: data frame broadcast.
Sem1 - Module 8 Ethernet Switching. Shared media environments Shared media environment: –Occurs when multiple hosts have access to the same medium. –For.

Sem1 - Module 8 Ethernet Switching. Shared media environments Shared media environment: –Occurs when multiple hosts have access to the same medium. –For.
Chapter 9 Hardware Addressing and Frame Type Identification 1.Delivering and sending packets 2.Hardware addressing: specifying a destination 3. Broadcasting.

Chapter 9 Hardware Addressing and Frame Type Identification 1.Delivering and sending packets 2.Hardware addressing: specifying a destination 3. Broadcasting.
TCP/IP (Transmission Control Protocol / Internet Protocol)

TCP/IP (Transmission Control Protocol / Internet Protocol)
Network Models. The OSI Model Open Systems Interconnection (OSI). Developed by the International Organization for Standardization (ISO). Model for understanding.

Network Models. The OSI Model Open Systems Interconnection (OSI). Developed by the International Organization for Standardization (ISO). Model for understanding.

Similar presentations

Ads by Google