Get documents about "Encrypt
Document Sample
Implementing Crypto Microprocessor using Rijndael
Algorithm
Abdel-Karim R. Al Tamimi
aa7@cec.wustl.edu
Computer Science and Engineering Department
Washington University in St. Louis
St. Louis, Missouri
Abstract unreasonably dangerous [1]. What is
proposed in this paper is a way to transfer
This work presents a microprocessor for data/programs through sensor networks
executing programs which have been without sacrificing data security. The main
enciphered. Such a crypto- idea is to develop a microprocessor that can
microprocessor deciphers the enciphered execute encrypted instruction gradually as
program piecemeal as it executes it. needed (referenced) inside the running
Deciphered instructions are stored inside program.
another memory module to allow the The idea of encrypting program
processor to access them on the fly. An instructions down to the binary level and
implementation of Rijndael, the decrypting them gradually as they are
Advanced Encryption Standard (AES) of needed in the program was described first by
National Institute of Standards and Best [2, 3]. But because of the cryptographic
Technology (NIST), is used to encrypt functions overhead involved in such circuits,
and decrypt data running its symmetric it was never used on a large scale.
cipher algorithm using a key size of The great innovations in ICs industry
128bits, mode called AES128. Such motivate us to reevaluate the solution and
microprocessor reduces the security risks revisit the subject again. What demanded a
related to code mobility. large power-hungry chip numbers in the old
days now can be implemented by a single,
small and power-efficient chip.
1. Introduction The idea proposed in this paper seeks also
to decrease the performance sacrifice due to
Wireless sensor networks increasingly decrypting functionality to minimum.
becoming viable solutions to many This paper is organized as follows: Section 2
challenging problems and will successively presents an overview about cryptography,
be deployed in many areas in the future. Section 3 shows the reason behind using
Wireless sensor network devices have two Rijndael over other cryptographic
key aspects: they use low power devices, algorithms, Section 4 introduces the new
and they are small in size relatively to other architecture proposed, Section 5 presents
devices used in other kinds of networks. simulation results, while Section 6 describes
Many applications are introduced at the future work and some conclusions.
present time that use wireless network as
their network infrastructure. However,
deploying a new technology without taking
security in mind has often proved to be
2. Cryptography overview key and hands only one of them to host A.
after the operation is done successfully the
Cryptography is not a recent science, but two hosts can now start transferring their
an old strategy to guarantee that information data using symmetric encryption. The secret
is exchanged securely, which means, other key used for the encryption/decryption
people do not have access to encrypted process is the one exchanged [6].
information. Many devices were utilized in Cryptography needs a standard, since
history, like mechanic equipments used by communication is only possible when the
Germany in World War II (Enigma). The same algorithm is used on the both sides.
core of the security back then, is to hide the Data Encryption Standard (DES) is a well-
algorithm you are using so that intruders can known 64-bit block and 56-bit key
not use reverse engineering to find out the private=key symmetric encryption
encryption algorithm used. algorithm. It was made into a federal
Nowadays, cryptography is largely used in standard in 1977 and has since been widely
Internet banking systems and other money used. A #1 million brute-force DES-
transfer operations. cracking machine that can break a DES key
Cryptographic algorithms nowadays are in about 3.5 hours has been reported [7].
provided to the public, since it is believed To replace the old Data Encryption
that security core or emphasis should be Standard (DES); In September, 12 of 1997,
moved from securing the algorithm to the National Institute of Standards and
securing the key used in that algorithm. Technology (NIST) required proposals to
In cryptography, the original data is called what is called Advanced Encryption
plaintext. The process of hiding the Standard (AES) [8]. After Round 1 selection
information is called encryption. The result process, five algorithms were chosen to
(hidden text), is called cipher text. To advance to Round 2, in which NIST improve
extract the original data (plain text) for the the analysis on each proposal, encouraging
hidden text, we execute decryption process, the “attack” to all competitors [9]. The five
which requires knowing the secret key used algorithms selected are:
in the encryption process. MARS
There are two main types of cryptography: RC6
symmetric and asymmetric. In the first type, RIJNDAEL
symmetric cryptography, the communication SERPENT
between the two sides uses one key, that is TWOFISH
called secret key or private key, which At the end of Round 2, the conclusion was
should be known to the two sides before that that the five competitors showed similar
they can communicate. This secret key is characteristics. On October 2nd, NIST
used to encrypt and decrypt the information announced Rijndael algorithm as the winner
exchanged between them. of the contest, because it has the best overall
In asymmetric algorithm, there are two sets scores in security, performance, efficiency,
of keys: public key and private key. Public implementability and flexibility [10].
key is used to encrypt the secret key you
want to exchange. In a simple scenario if we 3. Rijndael Encryption Algorithm
assume that host A wants to contact host B
securely, it will send a request to host B Rijndael Algorithm was developed by Joan
requesting its public key. When it arrived to Daemon, and Vincent Fijmen. The name
host A it encrypt the secret key it wants to Rijndael is a portmanteau comprising of
be used in the communication process and the names of the inventors. Rijndael is a
sends back to host B. The only one can private-key symmetric block encryption
decrypt the encrypted secret key is host B, algorithm that supports 128, 192, and 256-
think of it as if host B holds two parts of the bit length keys and operates on 128, 192,
256-bit blocks. All nine combinations of key 4. Crypto Microprocessor
length and block size are possible. In this Architecture
work, all the implementation was focused on
AES128. Rijndael has been implemented in The proposed architecture can be attached
software using C/C++, Java, C#, assembly to any processor design available, simple
languages and many other languages [11, 32-bit 5-stages pipeline processor was used
12]. Software implementation offer limited to demonstrate the behavior of the model.
throughput capabilities, compared to
specialized hardware chips. In this paper a
hardware implementation called AES86 is
used, provided by ht-lab and working at
relatively low rate (since the proposed
solution aimed to provide a solution to
privacy risks regardless of the speed) of
about 37Mb/s [13].Table A shows software
implementation throughputs [14].
Implementation Encryption Speed
ANSI C 27 Mb/s
Visual C++ 70.5 Mb/s
Table A: Software implementation throughput.
Figure A: Simple MIPS microprocessor
Table B shows some of the commercial
hardware AES cores available nowadays Figure B shows the extra components
[15]. added to the simple MIPS microprocessor to
implement the proposed architecture. There
Core Technology Speed Throughput
AES 32-bit TSMC 0.13 u 400 MHz ~1.16 Gbit/s
are 5 modules added to the architecture (4
AES 32-bit UMC 0.18 u 344 MHz ~997 Mbit/s
are shown only).
AES 128-bit TSMC 0.13 u 400 MHz ~4.64 Gbit/s
AES 128-bit UMC 0.18 u 344 MHz ~3.99 Gbit/s
Table B: Hardware implementation throughput
As we can notice in table B, customized
hardware implementation of Rijndael can
offer a very high throughput rate. Rijndael
has two main modes of operation, Electronic
Code Book (ECB) and Cipher Block
Chaining (CBC). The ECB mode is the
simplest one and will encrypt each block of
128bits independently of each other. A more
secure method is to XOR each input block
with the cipher-text of the preceding block
before encryption; this is called Cipher
Block Chaining [13]. The proposed module
uses ECB mode since it offers more
throughput and it is easier to implement. Figure B: Changes made to simple MIPS MP.
In the front end, these modules were added 4. If the memory reference is not
(beside the decryption module described valid (USED = „0‟), the decision
before): maker stalls the pipe lines (by
128-bit SRAM memory module: a sending FREEZE signal),
64-KBx16 Bytes memory module is putting the processor in freeze
used to store the encrypted state, and then it decrypts the
instructions. The length 128-bit is 128-bit reference and stores it
used because it is the most suitable back into the main system
length as a trade of convenient and memory module as four 32-bit
efficiency. Four 32-bit instructions chunks of data.
are stored as one 128-bit encrypted Figure C shows the flow diagram of
entry, since the Encryption/ decision maker behavior.
Decryption module uses AES128 bit
ECB. If the total size of the
New PC available
instructions is not 128-bit divisible,
zero padding is used to keep the
system able to encrypt/decrypt the
needed instructions.
False Mem. Ref. True
Used bit array (64-Kb ≡ 8KB): Valid ?
this module is used to tell whether
the instruction in the 128-bit SRAM
module has been encrypted before
or not, this information helps the Decrypt the required
instruction and store it.
decision maker module (will be
introduced in the following point) to
decide whether the memory
references in the main system
memory (32-bit long) is valid or not. Continue working normally
In most of the times this check is the
only overhead added to the system. Figure C: Decision maker flow chart
Decision maker: This module is the The decryption process results of
heart of the system it works decrypting 4 instructions at a time. This
according to the following gives the system the opportunity to reference
algorithm: them without the need to decrypt the whole
1. New PC value is available. 128-bit entry again. When the program
2. Check whether the memory references all the pages it uses normally, the
reference was decrypted before behavior of the system will be almost
(using used bit for each entry) identical to the one without security
and if it is in the main memory capabilities. Since all the needed instructions
(is the memory reference valid will be ready to be fetched from the system
in the main memory), then we main memory module.
will have two options. On the other end (output) one module was
3. If the memory reference is valid added to let the system output its results in
(the instruction has been already encrypted form. In this case two possible
decrypted, USED = „1‟), the approaches were available:
system will continue as if there 1. Encrypt each 32-bit output after
are no extra modules in the way. adding 128-bit zero padding to
This reduces the performance it.
penalty to this extra checking.
2. Wait until four 32-bit output
chunks are ready and then
encrypt them without adding
any kinds of padding.
Option number 1 was used, since it is
related more to sensor networks world
constraints.
5. Modeling and Simulation Results
In this section I will show both sides of the
project. First part is to convert the binary
instruction from plain binary instruction 32- Figure D.b: (Step 2) Decode instructions
bit wide, to 128bit wide encrypted units. An
assembler was created to facilitate the
process. The assembler was programmed
using C#.NET. It is divided into three
stages:
1. Separate data section from
instructions section. Compute labels
values and replace labels with their
values.
2. Convert instruction from their text
format to binary format with 32-bit
width.
3. Convert binary instruction data to
128-bit encrypted chunks.(Rijndael Figure D.c: (Step 3) Encrypt binary
managed class provided with .NET instructions
framework 1.1 was used [16]) The second part of the project is the
simulation process for the model. The
Figures D.a, D.b and D.c show the three simulation was done using ModelSim 6.0a.
steps. In this simulation a small program to
execute bubble sort algorithm was used. The
following figure show how the simulation
executed.
Figure E: Project Simulation
Figure E shows how the system reacted
Figure D.a: (Step 1) Replacing after an invalid memory references.
labels with their line values. New address is requested.
The decrypted data is ready and it is
written as four chunks of 32-bit instruction.
Write bit is activated to allow the 6. Conclusions and future work
decision maker to write to main memory
module. A simple and efficient solution to security
Decrypted instructions are written to the vulnerabilities in sensor networks world,
main memory module and ready to be especially when updating mobile sensors
fetched. program, was presented. The solution
Input Address for memory module supports the capability of sending encrypted
changes according to the data written to the instructions through sensor networks
module. For instance if we have 1010 without sacrificing security.
memory reference the sequence of memory Although the system adds an extra
addresses will be: [w]1000, [w]1001, overhead due to the decryption process, but
[w]1010, [w]1011, [r]1010. the nowadays chips show a great capability
of throughput that exceeds the needs of
Freeze signal (stall system pipelines) is mobile hosts. Moreover, this overhead is
activated while the decryption process is applied once per program, i.e. once the
processing, then it deactivated after finishing program is decrypted into the system main
writing the four 32-bit chunks back to the memory the performance will be almost
memory. identical to prior unsecured systems.
The next step is to synthesize the project
Figure F shows how the memory is and have it available on ready to use chip.
changed after the last memory reference. Extra work might be done to produce a top
notch decryption/encryption unit with low
power consumption to allow mobile units to
live longer.
Acknowledgements
I would like to thank my professor (Prof.
Young Cho) for his sincere work and
important directions. Also, I would like to
thank my classmates who provided a
challenging environment that led to this
proposal.
Figure F: Memory Contents References
As shown in the figure above the system [1] Stefan Schmidt, Holger Krahn, Stefan Fischer, and
Dietmar Watjen, “A Security Architecture for Mobile
decrypts the instructions gradually as Wireless Sensor Networks”.
needed. Since most –if not all- sensor [2] R.M. Best, “Preventing Software Piracy with Crypto-
networks programs executes their program Microprocessors,”
Proc. IEEE Spring COMPCON ’80, pp. 466-469, San
infinite times, after the first execution of the Francisco, 25-
program, it will be decrypted and ready to 28 Feb. 1980.
be fetched from the main memory .The [3] R.M. Best, Microprocessor for Executing Enciphered
Programs, U.S.
system shows almost an identical patent 4,168,396, 18 Sept. 1979.
performance results to the same system [4] R.M. Best, Crypto Microprocessor for Executing
Enciphered Programs,
configuration without encryption U.S. patent 4,278,837, 14 July 1981.
capabilities. [5] R.M. Best, Crypto Microprocessor that Executes
Enciphered Programs,
U.S. patent 4,465,901, 14 Aug. 1984.
[6] Alex Panato, Marcelo Barcelos, Ricardo Reis , A Low
Device Occupation IP to implement Rijndael Algorithm.
[7] D. Runje and M. Kovac, “Univerisal Strong Encryption
FPGA Core Implementation,” Proceedings of IEEE Design
Automation and Test in Europe, pp.923-924.
[8] NIST. Advanced Encryption Standard (AES). Official
NIST homepage about AES.
[9] NIST. AES Round 2 Information, Official NIST
information about the five algorithms selected to the second
round of AES.
[10] NIST. Commerce Department Announces Winner of
Global Information Security Competition, Official NIST site.
[11] J. Daemon and V. Rijmen, The Rijndael Block Cipher,
AES proposal. ver.2 , March 1999.
[12] The Rijndael Page, available at http://www.iaik.tu-
graz.ac.at/research/krypto/AES/old/~rijmen/rijndael/.
[13] ht-lab website, free cores page. http://www.ht-lab.com
[14] Mrs. G. Umamaheswari, Dr. A. Shaunmugam, “Efficient
VLSI implementayion of the block cipher Rijndael
algorithm,”
[15] CAST cores, http://www.cast-
inc.com/cores/aes/index.shtml
[16] MSDN website,
http://msdn.microsoft.com/library/default.asp?url=/library/en
us/cpref/html/frlrfsystemsecuritycryptographyrijndaelmanage
dclasstopic.asp
