Arab Academy For Science & Technology and Maritime...

Arab Academy For Science & Technology and Maritime Transport College of Engineering and Technology

Electronics and Communication Engineering Department

A thesis submitted in Partial Fulfillment of requirements of the M.Sc. in Electronics and Communication Engineering

By

Eng. Hanady Hussein Eissa

Supervised by

Pro. Dr. Khairy Aboul Seoud Dr. Khaled Shehata Dr. Nabil Hamdy

2002

Throughout the work of research and preparation of this

thesis there have been many helping hands that sought only the

final production of good work I think that everyone

participating in this thesis, through his knowledge or his support

deserves an acknowledgement.

First of all, I’d like to express my sincere thanks to Prof.

Dr. Khairy Aboul Seoud for his valuable advice, extensive

assistance, and encouragement during this thesis.

I’d like to express deepest gratitude to Dr. Khaled

Shehata and Dr. Nabil Hamdy for their continuing scientific

and spiritual support throughout this work. Without their advice

and experience, this thesis would have never been a reality.

Last thank to my family and my friends, who supported

me with unfailing persistence and greatest care during the years

of this thesis.

Cryptographic algorithms are more efficiently implemented in custom

hardware than software. Reprogrammable devices such as Field Programmable

Gate Arrays (FPGAs) are highly attractive options for hardware implementation of

encryption algorithms as they provide cryptographic algorithm agility, physical

security, and higher performance than software solutions.

This thesis proposes a new design for encryption and authentication process

called ‘Universal Security Unit’. The unit is implemented on FPGA. The

algorithms used for both encryption and authentication processes are based on the

theory of stream cipher systems. The parameters of the implemented encryption and

authentication algorithm are comparable to the recent industrial data security

standards.

The digital system design steps are followed during the design and

implementation of the proposed security unit. The universal security unit design is

based on VHDL design entry. The simulation and synthesis tools used in this thesis

are Mentor Graphics FPGA advantage pro 5.0. The design is implemented on

Xilinx XC4085XL.

The performance of the proposed security unit has been evaluated using

statistical tests, authentication tests, and VLSI performance measurement.

i

CHAPTER One: Introduction 1.1. Cryptography ----------------------------------------------------------------------- 1 1.2. Hardware versus software implementation of encryption

algorithms --------------------------------------------------------------------------- 2 1.3. Field Programming Gate Array (FPGA). ---------------------------------- 3

1.4. Problem definition.----------------------------------------------------------------- 5 1.5.Thesis Outline ------------------------------------------------------------------------- 5

CHAPTER Two: Field Programmable Logic Device 2.1. Introduction. -------------------------------------------------------------------------- 7

2.2. Programmable Logic Devices. ------------------------------------------------ 8

2.2.1. Simple Programmable Logic Devices (SPLDs). --------------- 9

2.2.2. Complex Programmable Logic Devices (CPLDs).------------- 10

2.2.3. Field Programmable Gate Arrays (FPGAs). -------------------- 12 2.3. FPGA Categories -------------------------------------------------------------------- 13 2.3.1. Raw based Array. -------------------------------------------------------- 13 2.3.2. Symmetrical FPGA. ------------------------------------------------------ 14 2.3.3. Sea of gates category. ------------------------------------------------- 16 2.3.4. Hierarchal PLD. ----------------------------------------------------------- 18 2.4. FPGA programming techniques. ------------------------------------------- 18 2.4.1. Static RAM FPGAs. ------------------------------------------------------- 19 2.4.2. EPROM and EEPROM programming technique.-------------- 21 2.4.3. Antifuse programming technique. ------------------------------- 22

2.4.4. Antifuse versus SRAM technology. -------------------------------- 23

2.5. FPGA Families. ----------------------------------------------------------------------- 24

2.5.1. Xilinx XC4000 Family. --------------------------------------------------- 24

2.5.2. Altera FLEX 8000 and FLEX 10k FPGAs. ------------------------ 26

2.6. FPGA Design Methodology. ----------------------------------------------------- 29

ii

2.7. High-level language based designs and logic synthesis.---------- 33

2.7.1. Definition of the design requirements. --------------- 34

2.7.2. Description of the design in VHDL.--------------------- 34

2.7.3. Source code simulation. ------------------------------------- 35

2.7.4. Synthesis optimization and fitting the design. ---------------------------------------------------------------------------- 35

2.7.5. post layout simulation.--------------------------------------- 38

2.7.6 Programming the device. ---------------------------------- 38

CHAPTER Three: Cryptography

3.1. Introduction. -------------------------------------------------------------------------- 39

3.2. Symmetric Key Algorithm. ----------------------------------------------------- 40

3.2.1. Block Ciphers. --------------------------------------------------------------- 41

3.2.1.1. Modes of operation.------------------------------------------- 42

i. Electronic Code Bock (ECB). ---------------------------- 42 ii. Cipher Block Chaining Mode (CBC).----------------- 44 iii. Cipher FeedBack Mode (CFB). ------------------------ 46 iv. Output FeedBack Mode (OFB). ----------------------- 47 3.2.2. Stream Cipher. ------------------------------------------------------------- 49 i. Self-synchronizing stream ciphers ------------------ 50 ii. Synchronous stream ciphers. -------------------------- 51 3.3. Public key algorithms. ----------------------------------------------------------- 52 3.4. Key Management. ------------------------------------------------------------------ 54

3.4.1.Key management through symmetric-key techniques. --- 54 3.4.2.Key management through public-key techniques. ---------- 56 3.4.3. Public-key certificates. -------------------------------------------------- 58

3.5. Linear Feedback Shift Register (LFSR). ----------------------------------- 58

3.6. Stream ciphers based on LFSRs. -------------------------------------------- 61

3.6.1. Nonlinear combination generators. ------------------------------ 62

3.6.2. Nonlinear filter generators.------------------------------------------- 64

3.6.3. Clock-controlled generators ------------------------------------------ 65

iii

CHAPTER Four: Authentication.

4.1. Introduction. ------------------------------------------------------------------------- 67

4.2. One Way Hash Function. ------------------------------------------------------- 68

4.3. Unkeyed Hash Function (MDC). --------------------------------------------- 70

4.3.1. Hash functions based on block ciphers.----------------------- 70

4.3.2. Customized hash functions. ---------------------------------------- 72 4.3.3. Hash functions based on modular arithmetic.-------------- 72 4.4. Keyed Hash Function (MAC).--------------------------------------------------- 73 4.4.1. MACs based on block ciphers ------------------------------------- 74 i. CBC-MAC. ---------------------------------------------------------------- 74 4.4.2. Stream Cipher MAC. --------------------------------------------------- 75 4.5. Data Integrity and message Authentication. ------------------------- 76 4.5.1. Data integrity using a MAC. ---------------------------------------- 76 4.5.2. Data integrity using an MDC and an authentic channel.---------------------------------------------------------------------------------------- 77 4.5.3. Data integrity combined with encryption.--------------------- 78

4.6. Digital Signature. ------------------------------------------------------------------ 80

CHAPTER Five: Proposed Encryption/Authentication Unit

5.1. Introduction. ------------------------------------------------------------------------ 82

5.2. Proposed Universal Security Unit.----------------------------------------- 83

5.2.1. Description of the proposed encryption algorithm ----- 83 5.2.2. Cryptographic specifications of the proposed encryption algorithm ------------------------------------------------------------------- 85 I. Number of key levels.------------------------------------------------- 85 II. Key Diversity of the LFSR.------------------------------------------- 85 III. Period. ---------------------------------------------------------------------- 86 IV. Key Diversity of the RAM. ------------------------------------------- 87 V. Total key Diversity. ------------------------------------------------------ 87 5.2.3. Description of the proposed authentication algorithm- 88 5.3. TOP LEVEL ARCHITECTURE SPECIFICATION OF THE PROPOSED UNIT.-------------------------------------------------------------------------- 89 5.4. MODULAR DESIGN OF THE PROPOSED UNIT.-------------------------- 90

iv

5.4.1. Linear Feedback Shift Register (LFSR).------------------------- 92 5.4.2. Random Access Memory (RAM)------------------------------------ 94 5.4.3.Control Unit. -------------------------------------------------------------- 96 5.5. SIMULATION RESULTS OF THE MODULES OF THE SECURITY UNIT.------------------------------------------------------------------------------------------- 100

5.5.1 Test benches in VHDL.------------------------------------------------- 100 5.5.2. Linear Feedback Shift Register.----------------------------------- 101 5.5.3. Random Access Memory RAM.------------------------------------ 104 5.6. Universal Security Unit operation modes.------------------------------ 108

5.6.1. Initialization mode.------------------------------------------------------ 108

5.6.2. Encryption/ Decryption mode.------------------------------------- 111

5.6.3. Authentication/ Verification mode. ----------------------------- 113

CHAPTER Six: Integration & Simulation results of the Proposed Security Unit

6.1 Introduction. ------------------------------------------------------------------------- 119

6.2.Matlab simulation.----------------------------------------------------------------- 121

6.1.1. Encryption / Decryption mode.------------------------- 121

6.1.2. Authentication / Verification mode. ----------------- 125

6.3. Function simulation. ----------------------------------------------------------- 127

6.3.1. Initialization mode.------------------------------------------- 130

6.3.2. Encryption / Decryption mode.------------------------- 135

6.3.3. Authentication / Verification mode.------------------ 139

6.4 Timing simulation.----------------------------------------------------------------- 144

6.4.1. Static Timing Analysis.------------------------------------- 145

6.4.2. Back-Annotation. --------------------------------------------- 150

6.4.3. Dynamic Timing Analysis. -------------------------------- 151

6.4.3.1.Initialization mode. ------------------------------- 152

6.4.3.2. Encryption/Decryption mode. -------------- 156

6.4.3.3. Authentication/ Verification mode. ----- 159

6.5. PERFORMANCE MEASURE OF THE PROPOSED UNIT.--------------- 162

v

6.5.1. Randomness Statistical Tests of Encryption/Decryption module ---------------------------------------------------- 162

6.5.1.1. Frequency test (monobit test). ------------ 162

6.5.1.2 Serial test (transition test). ------------------ 164

6.5.1.3. Poker test (Multiple test). -------------------- 165

6.5.2 Authentication unit test. --------------------------------- 168

CHAPTER Seven: Conclusion and Summary.

7.1. Conclusion. -------------------------------------------------------------------------- 174

7.2 Future Work.-------------------------------------------------------------------------- 175

References.------------------------------------------------------------------------------

176

Appendix A.

Matlab Program --------------------------------------------------------------------------

180

Appendix B.

Contents of the tested data ---------------------------------------------------------

182

Appendix C.

XC4085XL Data Sheet -----------------------------------------------------------------

186

Appendix D

RTL Schematics ---------------------------------------------------------------------------

188

vi

CBC Cipher Block Chaining Mode.

CFB Cipher FeedBack Mode.

CLBs Configurable Logic Blocks

CPLDs Complex Programmable Logic Devices.

CRHFs Collision Resistant Hash Functions.

DES Data Encryption Standard

EABs Embedded Array Blocks.

ECB Electronic Code Book.

EDA Electronic Design Automation

EEPROM: Programmable Read-Only Memory.

EPROM: Erasable Programmable Read-Only Memory.

FPGA Field Programmable Gate Array.

FPDs: Field Programmable Devices.

FPLA Field Programmable Logic Array

HDL Hardware Description Language

IDEA International Data Encryption Algorithm

LABs Logic Array Blocks.

LEs Logic Elements

LFSRs Linear Feedback Shift Registers

LUT Look Up Table.

MAC Message Authentication Code

MD5 Message Digest algorithms

vii

MDC Modification Detection Code.

MIC Message Integrity Check

OFB Output FeedBack Mode.

OWHFs One-Way Hash Functions.

PAL Programmable Array Logic.

PAR Place And Route.

PIP Programmable Interconnect Point.

PLA Programmable Logic Array

PRNG Pseudo RaNdom bit Generator.

PROM: Programmable Read-Only Memory.

RTL Register-Transfer Level

SDF Standard Delay Format

SHA-1 Secure Hash Algorithm

SLI System Level Integration.

SPLDs SImple Programmable Logic Devices.

SRAM Static Random Access Memory.

TTP Trusted Third Party

VHDL Vhsic Hardware Description Language.

VHSIC Very High Speed Integrated Circuit.

VLSI Very Large Scale Integrated Circuit

viii

EK Encryption function using the key K.

DK Decryption function using the key K.

K Key.

P Plain text.

C Cipher text.

IV Initialization Vector.

H one way hash function.

h hash code.

M message, pre-image, plaintext.

e Public key

d Private key

L LFSR length

f Combining function

ix

CHAPTER Two: Field Programmable Logic Device

Figure 2-1 Programmable Array Logic Architecture. ------------ 9

Figure 2-2 Structure of PAL. ------------------------------------------------- 10

Figure 2-3 CPLD architecture. ----------------------------------------------- 12

Figure 2-4 Generic FPGA architecture. ---------------------------------- 13

Figure 2-5 Row based array. ------------------------------------------------- 15

Figure 2-6 Symmetrical FPGAs. --------------------------------------------- 15

Figure 2-7 Routing through programmable switch. -------------- 16

Figure 2-8 Sea of gates architecture. ------------------------------------ 17

Figure 2-9 Unit cell architecture ------------------------------------------- 17

Figure 2-10 Hierarchal architecture. -------------------------------------- 18

Figure 2-11 FPGA Programming techniques. --------------------------- 19

Figure 2-12 SRAM programmable technique. -------------------------- 19

Figure 2-13 SRAM Controlled Programmable switch. -------------- 20

Figure 2-14 Five-transistor memory cell. -------------------------------- 21

Figure 2-15 EPROM programming technology. ------------------------ 22

Figure 2-16 Xilinx XC4000 Configurable Logic Block (CLB). ----- 25

Figure 2-17 Xilinx XC4000 wire segments. ------------------------------ 27

Figure 2-18 FLEX 8000 architecture. -------------------------------------- 28

Figure 2-19 Altera FLEX 8000 Logic Array Block (LAB). ----------- 28

Figure 2-20 Architecture of Altera FLEX 10K FPGAs. --------------- 29

Figure 2-21 FPGA basic design Methodology. -------------------------- 30

Figure 2-22 VHDL provide portability and device independent design. ----------------------------------------------------------------- 33

Figure 2-23 Synthesis process. ----------------------------------------------- 36

x


Figure 3-1 Encryption and decryption. ---------------------------------- 39

Figure 3-2 The encryption and decryption of the symmetric algorithms. ---------------------------------------------------------- 41

Figure 3-3 DES computation path. ---------------------------------------- 43

Figure 3-4 Electronic Codebook mode. ---------------------------------- 44

Figure 3-5 Cipher Block Chaining Mode (CBC). ---------------------- 45

Figure 3-6 8-bit Cipher FeedBack Mode. -------------------------------- 46

Figure 3-7 8-bit Output FeedBack Mode.-------------------------------- 48

Figure 3-8 The keystream generator in OFB mode. --------------- 49

Figure 3-9 Stream cipher. ----------------------------------------------------- 50

Figure 3-10 Self-synchronous keystream generator. -------------- 51

Figure 3-11 Synchronous stream cipher.--------------------------------- 52

Figure 3-12 The encryption and decryption of the public key algorithms. ---------------------------------------------------------- 54

Figure 3-13 The hybrid cryptosystem. ------------------------------------ 55

Figure 3-14 Key management using a trusted third party (TTP).-------------------------------------------------------------------- 56

Figure 3-15 Key management using public key technique. ------ 57

Figure 3-16 Active adversary in key management through public key. ----------------------------------------------------------- 57

Figure 3-17 Linear Feedback shift register. ---------------------------- 58

Figure 3-18 4-bit linear feedback shift register. ---------------------- 59

Figure 3-19 A nonlinear combination generator. -------------------- 62

Figure 3-20 Geffe generator. -------------------------------------------------- 63

Figure 3-21 The summation generator. ---------------------------------- 64

Figure 3-22 A nonlinear filter generator. -------------------------------- 65

Figure 3-23 Alternating stop and go generator. ---------------------- 66

xi

CHAPTER Four: Authentication.

Figure 4-1 Hash Function Model. ------------------------------------------- 68

Figure 4-2 One-way function. ------------------------------------------------ 69

Figure 4-3 Classification of hash function and applications. - 69

Figure 4-4 General hash function. ---------------------------------------- 71

Figure 4-5 The four secure hash function. ---------------------------- 71

Figure 4-6 The iterated construction of the hash function. --- 72

Figure 4-7 Message Authentication Code MAC. --------------------- 73

Figure 4-8 CBC MAC. ------------------------------------------------------------ 75

Figure 4-9 Stream Cipher MAC. -------------------------------------------- 76

Figure 4-10 Data integrity using MAC. ------------------------------------ 77

Figure 4-11 Data integrity using MDC and authentic channel. 78

Figure 4-12 Data integrity using encryption and MDC. ----------- 79

Figure 4-13 Data integrity using encryption and MAC. ----------- 80


Figure 5-1 Linear feedback shift register architecture. --------- 84

Figure 5-2 Encryption algorithm basic building block.----------- 84

Figure 5-3 Authentication algorithm basic building block.----- 88

Figure 5-4 Universal Security unit----------------------------------------- 89

Figure 5-5 Internal block diagram of the universal security unit.--------------------------------------------------------------------- 91

Figure 5-6 The LFSRs in the proposed unit connected together. ------------------------------------------------------------- 95

Figure 5-7 The pin designation of RAM 256 X 1. ------------------- 96

Figure 5-8 Control Unit. -------------------------------------------------------- 98

Figure 5-9 Control Unit Flow Chart. -------------------------------------- 99

Figure 5-10 The structure of the test bench. --------------------------- 101

Figure 5-11 LFSR L= 17 test bench structure. ------------------------- 102

Figure 5-12 Loading operation of LFSR L=17. ------------------------- 103

Figure 5-13 RAM testbench structure. ------------------------------------ 105

xii

Figure 5-14 The Unit Under test structure. ----------------------------- 105

Figure 5-15 The RAM write mode simulation results. -------------- 106

Figure 5-16 The RAM read mode simulation results. --------------- 107

Figure 5-17 Universal security unit in the initialization mode. 110

Figure 5-18 Universal security unit in the encryption mode. --- 112

Figure 5-19 First proposed authentication unit. ---------------------- 117

Figure 5-20 Universal security unit in the authentication mode-------------------------------------------------------------------- 118


Figure 6-1 Digital design steps --------------------------------------------- 120

Figure 6-2 Lena (256 X 256). ------------------------------------------------ 123

Figure 6-3 The Cipher output. ---------------------------------------------- 124

Figure 6-4 The recovered image. ------------------------------------------ 124

Figure 6-5 The testbench security unit structure. ----------------- 128

Figure 6-6 The security unit architecture block diagram. ----- 129

Figure 6-7 Hierarchical structure of the LFSRs. -------------------- 130

Figure 6-8 TOT_LFSR architecture. --------------------------------------- 132

Figure 6-9 Functional simulation results of Initializing LFSRs and RAM. ------------------------------------------------------------- 133

Figure 6-10 Final states of LFSRs and RAM after initializing. -- 134

Figure 6-11 Functional simulation results of encryption mode 137

Figure 6-12 Functional simulation results of decryption mode. 138

Figure 6-13 Functional simulation results at the beginning of the authentication mode. ------------------------------------- 141

Figure 6-14 The final functional simulation results (MAC) for message1. ----------------------------------------------------------- 142

Figure 6-15 The final functional simulation results (MAC) for message2. ----------------------------------------------------------- 143

Figure 6-16 The RTL schematic of the Universal Security Unit.--------------------------------------------------------------------- 146

Figure 6-17 Critical path routing before place and route. ------- 148

Figure 6-18 Critical path routing after place and route. --------- 149

Figure 6-19 Back Annotation design flow. ------------------------------- 151

xiii

Figure 6-20 Gate Level Verification. ---------------------------------------- 152

Figure 6-21 LFSR and RAM timing simulation for initialization mode. ------------------------------------------------------------------ 154

Figure 6-22 The initial states of LFSRs and RAM modules in timing simulation.------------------------------------------------ 155

Figure 6-23 Timing simulation results for encryption mode.---- 157

Figure 6-24 Timing simulation results for decryption mode.---- 158

Figure 6-25 Timing simulation results at the beginning of the authentication mode.-------------------------------------------- 160

Figure 6-26 The final timing simulation results (MAC) for message1------------------------------------------------------------- 161

Figure 6-27 The percent MAC changes corresponding to change in the beginning of the message (plain text).--------------------------------------------------------------------- 170

Figure 6-28 The percent MAC changes corresponding to change in middle bits of the message (plain text)- 171

Figure 6-29 The percent MAC changes corresponding to change in end of the message (plain text).------------ 172

Figure 6-30 The percent MAC changes corresponding to change in the key. ----------------------------------------------- 173

xiv

CHAPTER Two: Field Programmable Logic Device

Table 2-1 Comparison of programming technologies.--------------- 23

Table 2-2 Place and Route Timescale. -------------------------------------- 37


Table 3-1 Addition modulo 2. ------------------------------------------- 59

Table 3-2 The internal state of LFSR with taps [4,1] and initial state [1111]. ------------------------------------------ 60

Table 3-3 Some Primitive Polynomials Mod 2.------------------- 60


Table 5-1 An example for the Initial Vector for LFSR L=17.-- 93

Table 5-2 1st Iteration of LFSR after initialization. ------------- 94

Table 5-3 RAM truth table. ------------------------------------------------- 94

Table 5-4 Control Unit truth table. ------------------------------------- 98


Table 6-1 Frequency Test results. --------------------------------------- 163

Table 6-2 Serial test results. ----------------------------------------------- 165

Table 6-3 Poker test m=3. -------------------------------------------------- 166

Table 6-4 Poker test m =4. ------------------------------------------------- 167

Table 6-5 Poker test m=5. -------------------------------------------------- 167

Table 6-6 Poker test m = 6. ----------------------------------------------- 167

Table 6-7 Poker test m = 7.- ---------------------------------------------- 168

Table 6-8 Poker test m = 8.------------------------------------------------ 168

Table 6-9 Percent change in the beginning of the message and the corresponding MAC percent change.------- 169

xv

Table 6-10 Percent MAC changes corresponding to the changes in the middle of the message (plain text).-------------------------------------------------------------------- 170

Table 6-11 Percent MAC changes corresponding to the changes at the end of the message (plain text).--- 171

Table 6-12 Percent MAC changes corresponding to key change.--------------------------------------------------------------- 172

Arab Academy For Science & Technology and Maritime...

Documents

Transcript of Arab Academy For Science & Technology and Maritime...