vladimirova_p.ppt - NASA Office of Logic Design

Document Sample
vladimirova_p.ppt - NASA Office of Logic Design Powered By Docstoc
					              On-Board Encryption in
          Tanya Vladimirova, Roohi Banu and
                  Martin N. Sweeting

           VLSI Design and Embedded Systems
                      Research Group
                    Surrey Space Centre
        School of Electronics and Physical Sciences
                    University of Surrey
                  Guildford, UK, GU2 7XH

Vladimirova             MAPLD 2005/184                1
                     Presentation Overview
      The Need for On-Board Security Services

      Security Services in EO Satellites

               Existing Security Services in Satellites
               Required Security Services in Satellites
               Proposed On-Board Security Architecture for Small
      The Advanced Encryption Standard (AES)

               Algorithm and Hardware Implementations
               Fault Detection and Correction Model for On-Board Use
                 Simulation Results
      Conclusions
Vladimirova                       MAPLD 2005/184                        2
           The Need for On-Board Security
 Intrusions into Satellite Data

     A team at the Embry Riddle Aeronautical   University managed to obtain NOAA
    satellite imagery with the basic apparatus built as a part of their experimental
    project by using open Internet sources
     Recently,researchers from a Japanese University were able to access data
    from the NASA’s Earth observation satellite LandSat as it flew over Japan
 Future Space Internet

     The NASA’s vision of “Space Internet” envisages that satellite users and
    scientists can directly access the satellite just like any other computer over
    Internet to get the required information
     Allowing direct access  to spacecraft certainly gives lots of flexibility, but at
    the cost of threats such as unauthorized access and illegal use of valuable
               the problems faced by Internet due to inadequate security
     Eventually
    measurements will be repeated with the Space Internet.
 Vladimirova                          MAPLD 2005/184                                      3
                    Security Services

 Confidentiality (Encryption) - a serviceused to keep the contents
of information accessible to only those authorized to access it.

 Integrity - a service used to make sure that data is not modified,
deleted or inserted with some other data by unauthorized users.

 Authentication  is a service that is concerned with assuring that
origin of a message is correctly identified.

  Vladimirova                MAPLD 2005/184                      4
                 Existing Security Services
                       in EO Satellites

Spacecraft          Algorithms Used         Implementation         What is
Name                                            Platform        Encrypted?
STRV 1d          Data Encryption Standard   Software on       Low-rate downlink
                 (DES)                      SPARC processor
METOP            ExOR                         Hardware        High-rate downlink
KOMPSAT -II      International Data                           High-rate downlink
                 Encryption Algorithm         Hardware
(EPS)            Triple Data Encryption                       High-rate downlink
EUMETSAT’s       Standard (3 -DES)            Hardware
polar System

   Vladimirova                    MAPLD 2005/184                            5
              Existing Security Services in EO
                    Satellites - Summary

    Only the downlink is protected by encryption

    Existing satellites use old or proprietary algorithms for
   downlink encryption
    The other security services,   like authentication and data
   integrity services, required for protection of the
   communication links are not addressed

Vladimirova                MAPLD 2005/184                          6
              Required Security Services in
   Uplink :
         should be checked for integrity and authentication in
        order to protect the satellite from being taken over by
        unauthorized personnel.
  The issue of Uplink protection was highlighted in the US General
  Accounting Office report (GAO-02-781).

   Downlink :
         should be encrypted with secure and suitable
        algorithms to protect the valuable and sensitive data
        transmitted to ground.

Vladimirova                 MAPLD 2005/184                           7
          SSTL Small Satellite Platforms

Vladimirova           MAPLD 2005/184       8
              The Disaster Monitoring
      Constellation (DMC) Program
   The DMC program is a novel international
    partnership, comprising a network of five low
    cost small satellites and ground stations.
   The satellites are designed and manufactured
    by SSTL as a Know-How transfer to the
    participating countries: the United Kingdom,
    Nigeria, Algeria, Turkey and China.
   From a low Earth orbit (LEO), each satellite
    provides 32 metre multispectral imaging
    (green, red, infrared), over a 600 km swath
   The DMC program offers the possibility for
    daily revisiting of any point on the globe.
Vladimirova                MAPLD 2005/184                     9
                     DMC Images

   UK-DMC image of England (32m)

Vladimirova              MAPLD 2005/184   10
          Proposed Security Architecture

Vladimirova          MAPLD 2005/184        11
                  On-Board Data Processing -
    Small Satellites are resource constrained in terms of – power,
    computational resources, etc
   A typical small satellite has the following parameters:

             Satellite weight      Up to 500 Kilograms

             Average orbit power   50 W
             Downlink speed        up to 60 Mbps

   Algorithms used on-board satellites
      should consume low power and computational resources and yet

      deliver the throughput demanded by the satellite high-speed

    Vladimirova                    MAPLD 2005/184                     12
              Encryption Algorithms for
                   On-Board Use
Authentication           Key Length          Advantages/Disadvantages
Algorithm                (Bits)
Rivest, Shamir,            1024 – 15,360      Large key size
Adleman (RSA)
Elliptic Curve              163 - 571        Small key size, hence suitable for
Cryptography (ECC)                           resource constrained devices

Encryption Algorithm     Key Length        Advantages/Disadvantages
Data Encryption              56            Weak and breakable because of smaller
Standard (DES)                             key length
Advanced Encryption                        Simple and more secure encryption
Standard (AES)             128 - 256       algorithm suitable for a variety of

The algorithms used on-board should be suitable to be implemented in a resource-
constrained environment.
Vladimirova                       MAPLD 2005/184                                   13
         Advanced Encryption Algorithm

 Originally known as Rijndael after its Belgium creators
 Endorsed as AES by the US National Institute of Standards
and Technology (NIST) in 2002
 Suitable for a wide variety of platforms - ranging from smart
cards to servers
 Much simpler, faster and more secure

Vladimirova               MAPLD 2005/184                          14
                      The AES Algorithm

 AES is an iterative algorithm

 Each iteration is known as ROUND

 The number of rounds depends on key
and data block size
 Each round consist of   four
     SubBytes
    ShiftRows
    MixColumns
    AddRoundKey

   Vladimirova                   MAPLD 2005/184   15
                    AES Transformations

  The SubBytes round transformation:

        Two steps: Galois Field multiplicative inverse of each byte
       followed by affine transforms
        Implementation approaches :

              • Look-Up Table (LUT) approach - a predefined 256 X 8
              LUT is used
              • Non-LUT approach - Extended Euclid, Composite Field
              Arithmetic, Powers of Primitive Elements (Generators),
              Itoh Tsujii’s Algorithm

Vladimirova                     MAPLD 2005/184                         16
               AES Transformations (Cont.)

 ShiftRows is carried out by a left shift operation

 MixColumns:

       Uses Galois Field multiplication with a predefined vector
          [2 3 1 1]
         Implementation approaches:
              • LUT approach - Predefined Log, Antilog
              • Non-LUT approach - Galois Field multiplication
 AddRoundKey is an EXOR operation between data and key blocks

Vladimirova                      MAPLD 2005/184                     17
              AES Hardware Implementation

Vladimirova             MAPLD 2005/184      18
                          AES Verilog IP Core

             reset                done

               ld     AES IP      encrypted data
                      Core        [127:0]
       key [127:0]

plain data [127:0]

                                                     (source: www.opencores.org)

       SubBytes – S-Box Look-Up Table (256 bytes of S-Box are stored in memory )
       MixColumn – Galois field multiplication over field GF(2) (involves a single bit
       left shift followed by addition)
       The round permutation module performs 10 iterations (for 128 bit keys).

       Vladimirova                       MAPLD 2005/184                              19
              AES IP Core - Performance

 Experimental results:
     • FPGA - XC2V1000
     • The encryption takes 13 clock cycles to encrypt a 128-bit data block
     • The frequency is 25 MHz.
       (Back annotated simulation frequency)

 Throughput = (128/13)*25*106 = 246 Mbps

CAD tools:
   • Pre & post synthesis and back annotated simulations - ModelSim
   • Synthesis - Synplify
   • Implementation - Xilinx ISE

Vladimirova                    MAPLD 2005/184                             20
    AES for Satellites: Radiation Issues

    Satellites operate in harsh radiation environment

    The implementation should be robust to radiation induced
   bit flip errors
    On average 64 bits (50 %) are corrupted with a single error
   during encryption using AES !!!
    The bit flip errors must be detected and corrected in order
   to avoid the transmission and use of corrupted data

Vladimirova               MAPLD 2005/184                       21
                Existing AES Fault Detection
 The available AES fault detection models are classified into two categories:

     Redundancy Based
          • A decryption module is used in parallel with the encryption module
               and its output is compared with the input to the encryption module
               to detect a fault.
          • More hardware overhead
     Parity Based
        • The fault is detected by comparing the predicted parity with the
          calculated parity at the end of each transformation
          • Less hardware overhead
 There are no fault-tolerant correction models for the AES algorithm

 Vladimirova                        MAPLD 2005/184                             22
        Parity-Based Fault Detection Model
                     for AES

 The fault detection model is based on
parity prediction
 Parity is pre-calculated and stored in the
parity memory
 Given the input state, parity is predicted
from the parity memory and compared with
the calculated parity at the end of each round
 Parity mismatch will lead to fault detection

   Vladimirova                     MAPLD 2005/184   23
          Proposed Fault Correction Model
                     for AES
 The fault correction model is based on the
Hamming code (12,8)
 The Hamming code is pre-calculated and
stored in the Hamming code parity memory
 Given the input state, the Hamming code is
predicted from the parity memory and
compared with the calculated Hamming code
at the end of each round
 A Hamming code mismatch will lead to a
fault detection and to a subsequent single-bit
fault correction.

   Vladimirova                     MAPLD 2005/184   24
           AES Fault Detection & Correction
              JAVA Software Simulation
 JAVA software was developed to simulate the AES fault detection and
correction scheme
 GUI was also developed to effectively display the fault injection and correction:

      input sub-frame - displays the input data block, encryption key, cipher block
     and decipher block etc
      inject error sub-frame - is used to simulate the error injection at different
     levels: round, transformation, byte and bit position
      details sub-frame, which shows:

           • the intermediate state of the output for every transformation and for every
           round in AES and
           • the predicted and calculated parity or the Hamming code.

    Vladimirova                        MAPLD 2005/184                                      25
               AES Fault Detection Model
              Software Simulation in JAVA


                                            detected at
                                            byte level
Vladimirova             MAPLD 2005/184        26
              AES Fault Correction Model
              Software Simulation in JAVA


                                            detected at
                                            bit level
Vladimirova              MAPLD 2005/184          27
        Security services required for overall satellite protection has
       been identified and an on-board security architecture has been
        The AES has been identified as a suitable encryption
       algorithm for on-board use in small satellites.
        An AES fault detection model based on parity prediction has
       been developed and verified by software simulation.
        A novel AES fault correction model to prevent single bit faults
       occurring due to radiation (SEUs) has been proposed,
       developed and verified.
        The proposed AES fault detection and correction model can
       also be used in other harsh radiation environments, for example
       in unmanned aerial vehicles, etc.
Vladimirova                   MAPLD 2005/184                           28

Shared By: