Sie sind auf Seite 1von 32

1.

1 Network:
A ``network'' has been defined as ``any set of interlinking lines resembling a net, a network of roads or an interconnected system, a network of alliances.'' This definition suits our purpose well: a computer network is simply a system of interconnected computers. [7]

1.2 Network Security:


In the field of networking, the area of network security consists of the provisions and policies adopted by the network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network and network-accessible resources. Network security involves the authorization of access to data in a network, which is controlled by the network administrator. Users choose or are assigned an ID and password or other authenticating information that allows them access to information and programs within their authority. Network security covers a variety of computer networks, both public and private, that are used in everyday jobs conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access. Network security is involved in organizations, enterprises, and other types of institutions. It does as its title explains: It secures the network, as well as protecting and overseeing operations being done.

1.3 Need of Cryptography:


Cryptography (or cryptology; from Greek, "hidden, secret"; and, graphein, "writing", or, "study", respectively) is the practice and study of techniques for secure communication in the presence of third parties (called adversaries).[11] Modern cryptography follows a strongly scientific approach, and designs cryptographic algorithms around computational hardness assumptions, making such algorithms hard to break by an adversary. It is theoretically possible to break such a system but it is infeasible to do so by any practical means. These schemes are therefore computationally secure.

1.4 Network Security & Cryptography:


Network Security & Cryptography is a concept to protect our network and data transmission over wireless network. Data Security is the main aspect of secure data transmission over unreliable network. Data Security is a challenging issue of data communications today that touches many areas including secure communication channel, strong data encryption technique and trusted third party to maintain the database. The rapid development in information technology, the secure transmission of confidential data herewith gets a great deal of attention. The conventional methods of encryption can only maintain the data security. The information could be accessed by the unauthorized user for malicious purpose. Therefore, it is necessary to apply effective encryption/ decryption methods to enhance data security.[11]

1.5 Encryption & Decryption:


In cryptography, encryption is the process of transforming information (referred to as plaintext) using an algorithm (called a cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information (in cryptography, referred to as cipher text). In many contexts, the word encryption also implicitly refers to the reverse process, decryption (e.g. software for encryption can typically also perform decryption), to make the encrypted information readable again (i.e. to make it unencrypted). [7] Encryption is also used to protect data in transit, for example data being transferred via networks (e.g. the Internet, e-commerce), mobile telephones, wireless microphones, wireless intercom systems, Bluetooth devices and bank automatic teller machines. There have been numerous reports of data in transit being intercepted in recent years. Encrypting data in transit also helps to secure it as it is often difficult to physically secure all access to networks. Encrypting data in transit also helps to secure it as it is often difficult to physically secure all access to networks. Encryption, by itself, can protect the confidentiality of messages, but other techniques are still needed to protect the integrity and authenticity of a message; for example, verification of a message authentication code (MAC) or a digital signature.

2.1 Requirement Analysis And Specification


2.1.1 Hardware Requirement . Processor: Dual Core or Above RAM 1 GB or Above

2.1.2 Software Requirement Supporting OS: Windows XP, VISTA, Seven Xilinx 9.1i

2.2 Introduction to AES [1]


Federal Information Processing Standards Publications (FIPS PUBS) are issued by the National Institute of Standards and Technology (NIST) after approval by the Secretary of Commerce pursuant to Section 5131 of the Information Technology Management Reform Act of 1996 (Public Law 104-106) and the Computer Security Act of 1987 (Public Law 100-235). Name of Standard. Advanced Encryption Standard (AES). Designers Vincent Rijmen, Joan Daemen Category of Standard. Computer Security Standard, Cryptography. Explanation. The Advanced Encryption Standard (AES) specifies a FIPS-approved cryptographic algorithm that can be used to protect electronic data. The AES algorithm is symmetric block cipher that can encrypt (encipher) and decrypt (decipher) information. Encryption converts data to an unintelligible form called cipher text; decrypting the cipher text converts the data back into its original form, called plaintext. The AES algorithm is capable of using cryptographic keys of 128, 192, and 256 bits to encrypt and decrypt data in blocks of 128 bits. Approving Authority. Secretary of Commerce. Maintenance Agency. Department of Commerce, National Institute of Standards and Technology, Information Technology Laboratory (ITL). Applicability. This standard may be used by Federal departments and agencies when an agency determines that sensitive (unclassified) information requires cryptographic protection

2.3 Background of AES


The National Institute of Standards and Technology, (NIST), solicited proposals for the Advanced Encryption Standard, (AES). The AES is a Federal Information Processing Standard, (FIPS), which is a cryptographic algorithm that is used to protect electronic data. The AES algorithm is a symmetric block cipher that can encrypt, (encipher), and decrypt, (decipher), information. Encryption converts data to an unintelligible form called cipher-text. Decryption of the cipher-text converts the data back into its original form, which is called plaintext. The AES algorithm is capable of using cryptographic keys of 128, 192, and 256 bits to encrypt and decrypt data in blocks of 128 bits. Many algorithms were originally presented by researchers from twelve different nations. Fifteen, (15), algorithms were selected from the first set of submittals. After a study and selection process five, (5), were chosen as finalists. The five algorithms selected were MARS, RC6, RIJNDAEL, SERPENT and TWOFISH. The conclusion was that the five Competitors showed similar characteristics. On October 2nd 2000, NIST announced that the Rijndael Algorithm was the winner of the contest. The Rijndael Algorithm was chosen since it had the best overall scores in security, performance, efficiency, implementation ability and flexibility

2.4 Published Papers on AES


S.NO TITLE YEAR AUTHOR NAME OF WORK JOURNAL 1. Pipelining Architecture AES and Generation Search Memory of 2010 Subashri , International The speed of encryption

Arunachalam , journal Gokul Kumar Vaidehi

of is of prime importance

Encryption Key with Based

Vinoth VLSI design in applications where , & Communicati on Systems data is to be transmitted at high speeds. Thus, with use of fully

pipelined the hence

architecture and of

throughput the speed

encryption is increased tremendously.

S.NO

TITLE

YEAR AUTHOR

NAME

OF WORK

JOURNAL 2. FPGA Implementation of AES 2009 Ashwini Deshpande, Mangesh M. International Conference The paper presented

that combination of a portable and

S. on Control, simple,

Encryption and Decryption

Deshpande and Automation, Devendra Kayatanavar N. Communicati on Energy Conservation

efficient AES Cryptographic

and algorithm implemented in VHDL source code provides an excellent platform for high

security applications. 3. Design and 2007 Ahmed Ehab Sehely, Rady, IEEE ICM EL A.M. This paper presented an optimized area

Implementation of area optimized AES algorithm on reconfigurable FPGA

implementation of the Enc/Dec AES core with its interfaces in cheap family of FPGA (Spartan-3) instead of use high price family (Virtex)

EL Hennawy

4.

Flexible Hardware Architecture AES Cryptography Algorithm for

2009

z. Ismaili,

Alaoui- Laboratory A. LTI

This work focus the h/w implementation of the AES algorithm using of the partial dynamically reconfiguration of FPGA. The proposed architecture, increase

Moussa, A. EI National Mourabit and School Applied Sciences ENSA BP

K. Amechnoue

1818, the security and safety of the AES algo, give an optimal process.

TangierMorocco

S.NO 5

TITLE Performance Comparison the Submissions of AES

YEAR AUTHOR 1999 Bruce Schneier_ John Kelseyy Doug

NAME OF JOURNAL

WORK This paper presented that it is very difficult to compare cipher

Whitingz David Wagnerx Chris Hall{

designs for efficiency, and even more difficult to design ciphers that are efficient across all platformsand all uses.

Table 2.1 Published Papers of AES

2.5 Proposed Work


We have to implement Advanced Encryption Standard using Software module VHDL and analyze the different complexities in context of space and speed for different implement.

2.6 VHDL (VHSIC hardware description language)


VHDL is a hardware description language used in electronic design automation to describe digital and mixed-signal systems such as field-programmable gate arrays and integrated circuits.

2.6.1 History VHDL was originally developed at the behest of the U.S Department of Defense in order to document the behavior of the ASICs that supplier companies were including in equipment. That is to say, VHDL was developed as an alternative to huge, complex manuals which were subject to implementation-specific details. Due to the Department of Defense requiring as much of the syntax as possible to be based on Ada, in order to avoid re-inventing concepts that had already been thoroughly tested in the development of Ada, VHDL borrows heavily from the Ada programming language in both concepts and syntax. The initial version of VHDL, designed to IEEE standard 1076-1987, included a wide range of data types, including numerical (integer and real), logical (bit and Boolean), character and time, plus arrays of bit called bit vector and of character called string.

A problem not solved by this edition, however, was "multi-valued logic", where a signal's drive strength (none, weak or strong) and unknown values are also considered. This required IEEE standard 1164, which defined the 9-value logic types: scalar std_ulogic and its vector version std_ulogic_vector. The updated IEEE 1076, in 1993, made the syntax more consistent, allowed more flexibility in naming, extended the character type to allow ISO-8859-1 printable characters, added the ex-nor operator, etc Minor changes in the standard (2000 and 2002) added the idea of protected types (similar to the concept of class in C++) and removed some restrictions from port mapping rules.

2.6.2 Design VHDL is commonly used to write text models that describe a logic circuit. Such a model is processed by a synthesis program, only if it is part of the logic design. A simulation program is used to test the logic design using simulation models to represent the logic circuits that interface to the design. This collection of simulation models is commonly called a testbench. VHDL has file input and output capabilities, and can be used as a general-purpose language for text processing, but files are more commonly used by a simulation testbench for stimulus or verification data. There are some VHDL compilers which build executable binaries. In this case, it might be possible to use VHDL to write a testbench to verify the functionality of the design using files on the host computer to define stimuli, to interact with the user, and to compare results with those expected. However, most designers leave this job to the simulator.

2.6.3 Advantage The key advantage of VHDL, when used for systems design, is that it allows the behavior of the required system to be described (modeled) and verified (simulated) before synthesis tools translate the design into real hardware (gates and wires). Another benefit is that VHDL allows the description of a concurrent system. VHDL is a dataflow language, unlike procedural computing languages such as BASIC, C, and assembly code, which all run sequentially, one instruction at a time. VHDL project is multipurpose. Being created once, a calculation block can be used in many other projects. However, many formational and functional block parameters can be tuned

(capacity parameters, memory size, element base, block composition and interconnection structure). VHDL project is portable. Being created for one element base, a computing device project can be ported on another element base, for example VLSI with various technologies.

2.7 XILINX
Xilinx, Inc. is a supplier of programmable logic devices. It is known for inventing the field programmable gate array (FPGA) and as the first semiconductor company with a fabless manufacturing model. Founded in Silicon Valley in 1984, the company is headquartered in San Jose, California, U.S.A.; Dublin, Ireland; Singapore; and Tokyo, Japan. The company has corporate offices throughout North America, Asia and Europe. Xilinx designs, develops and markets programmable logic products including integrated circuits (ICs), software design tools, predefined system functions delivered as intellectual property (IP) cores, design services, customer training, field engineering and technical support. Xilinx sells both FPGAs and CPLDs programmable logic devices for electronic equipment manufacturers in end markets such as communications, industrial, consumer, automotive and data processing. Xilinx's FPGAs have been used for the ALICE (A Large Ion Collider Experiment) at the CERN European laboratory on the French-Swiss border to map and disentangle the trajectories of thousands of subatomic particles. Xilinx has also engaged in a partnership with the United States Air Force Research Laboratorys Space Vehicles Directorate to develop FPGAs to withstand the damaging effects of radiation in space for deployment in new satellites, which are 1,000 times less sensitive to space radiation than the commercial equivalent. The Virtex-II Pro, Virtex-4, Virtex-5, and Virtex-6 FPGA families are focused on system-onchip (SoC) designers because they include up to two embedded IBM PowerPC cores. There are no PowerPC blocks in any Xilinx devices other than Virtex-II Pro. Xilinx FPGAs can run a regular embedded OS (such as Linux or vxWorks) and can implement processor peripherals in programmable logic.

3.1 Problem Statement:


In todays scenario the messages we want to convey to second party are no more confidential. Any intruder or third party can easily attack or access the confidential data. So, to avoid such mishaps many algorithms has been introduced. In these algorithms we encrypt our data into a CIPHER text which is not understandable to the intruders or the third party and our data remains secured. Aim of our project is to study and analyze the network security algorithm. AES ( Advanced Encryption Standard) is one of the most secured algorithm which we choose for our study using VHDL.

3.2 Study of AES


The Rijndael algorithm is a symmetric block cipher that can process data blocks of 128 bits through the use of cipher keys with lengths of 128, 192, and 256 bits.[1] The Rijndael algorithm was also designed to handle additional block sizes and key lengths. However, the additional features were not adopted in the AES. The hardware Implementation of the Rijndael algorithm can provide either high performance or low Cost for specific applications. At backbone communication channels or heavily loaded Servers it is not possible to lose processing speed, which drops the efficiency of the Overall system while running cryptography algorithms in software. On the other side, a Low cost and small design can be used in smart card applications, which allows a wide range of equipment to operate securely.[2]

AES is an algorithm for performing encryption (and the reverse, decryption) which is a series of well-defined steps that can be followed as a procedure. The original information is known as plaintext, and the encrypted form as cipher text. The cipher text message contains all the information of the plaintext message, but is not in a format readable by a human or computer without the proper mechanism to decrypt it; it should resemble random gibberish to those not intended to read it. The encrypting procedure is varied depending on the key which changes the detailed operation of the algorithm. The cipher text message contains all the information of the plaintext message, but is not in a format readable by a human or computer without the proper mechanism to decrypt it; it should resemble random gibberish to those not intended to

read it. Without the key, the cipher cannot be used to encrypt or decrypt. In the past, cryptography helped ensure secrecy in important communications, such as those of government covert operations, military leaders, and diplomats. Cryptography has come to be in widespread use by many civilians who do not have extraordinary needs for secrecy, although typically it is transparently built into the infrastructure for computing and telecommunications. [6]

3.3 Why VHDL?


VHDL was originally developed at the behest of the U.S Department of Defense in order to document the behavior of the ASICs that supplier companies were including in equipment. VHDL is commonly used to write text models that describe a logic circuit. Such a model is processed by a synthesis program, only if it is part of the logic design. A simulation program is used to test the logic design using simulation models to represent the logic circuits that interface to the design. This collection of simulation models is commonly called a testbench. VHDL has file input and output capabilities, and can be used as a general-purpose language for text processing, but files are more commonly used by a simulation testbench for stimulus or verification data. There are some VHDL compilers which build executable binaries. In this case, it might be possible to use VHDL to write a testbench to verify the functionality of the design using files on the host computer to define stimuli, to interact with the user, and to compare results with those expected. However, most designers leave this job to the simulator.[7] The implementation of the AES algorithm based on VHDL devices has the following advantages over the implementation based on others: Shorter design cycle leading to fully functioning device prototypes. Lower cost of the computer-aided design tools, verification and testing. Potential for fast, low-cost multiple reprogramming and experimental testing of a large number of various architectures and revised versions of the same architecture. Higher accuracy of comparison: in the absence of the physical design and fabrication, ASIC designs are compared based on inaccurate pre-layout simulations FPGA designs are compared based on very accurate post-layout simulations and experimental testing.

10

4.1 Data Flow Diagrams


A data flow diagram (DFD) is a graphical representation of the "flow" of data through an information system, modeling its process aspects. Often they are a preliminary step used to create an overview of the system which can later be elaborated. DFDs can also be used for the visualization of data processing (structured design).

Plain Text

Encryption

Decryption

Cipher Text

Figure 4.1 : DFD Level 0

Byte Plain Text Substitution Shift Rows

ADD Cipher Text Round Key Mix Column

Figure 4.2 : DFD Level 1

11

4.2 Encryption Process


The Encryption process of Advanced Encryption Standard algorithm is presented below, in figure 4.3.

Figure 4.3 Encryption Process

This block diagram is generic for AES specifications. It consists of a number of different transformations applied consecutively over the data block bits, in a fixed number of iterations, called rounds. The number of rounds depends on the length of the key used for the encryption process.

12

4.2.1 Bytes Substitution Transformation The bytes substitution transformation Bytesub (state) is a non-linear substitution of bytes that operates independently on each byte of the State using a substitution table(S-box) presented in figure4.4.[1,4] This S-box which is invertible, is constructed by composing two transformations:1. Take the multiplicative inverse in the finite field GF (28), The element {00} is mapped to itself. 2. Apply the following affine transformation (over GF (2)) bi= bi b(i+4)mod8 b(i+5)mod8 b(i+6)mod8 b(i+7)mod8 ci for 0 i 8 , [1,2,4]

where bi is the ith bit of the byte, and ci is the ith bit of a byte c with the value {63} or {01100011}. Here and elsewhere, a prime on a variable (e.g., b ) indicates that the variable is to be updated with the value on the right.In the matrix form, the affine transformation element of the S- box can be expressed as:

Figure 4.4. Application of S-box to the Each Byte of the State[6]

13

The S-box used in the Sub Bytes transformation is presented in hexadecimal form in figure4.5. For example, if =S1,1= {53}, then the substitution value would be determined by the intersection of the row with index 5 and the column with index 3 in figure 4.5. This would result in S'1, 1 having a value of {ed}.

Figure 4.5. S-box Values for All 256 Combinations in Hexadecimal Format [1,2,6,7]

4.2.2 Shift Rows Transformation In the Shift Rows transformation ShiftRows( ), the bytes in the last three rows of the State are cyclically shifted over different numbers of bytes (offsets).[4] The first row, r = 0, is not shifted. Specifically, the ShiftRows( ) transformation proceeds as follows Sr,c= Sr(c+shift(r,Nb))modNb for 0 r<4 and 0 c<Nb

14

Where the shift value shift(r, Nb) depends on the row number, r, as follows (Nb = 4) Shift(1,4) = 1: Shift(2,4) = 2; Shift(3,4) = 3. This has the effect of moving bytes to lower positions in the row (i.e., lower values of c in a given row), while the lowest bytes wrap around into the top of the row (i.e., higher values of c in a given row). Figure 4.6 illustrates the ShiftRows() transformation.[2]

Figure 4.6. Cyclic Shift of the Last Three Rows of the State [1,2,4,6]

4.2.3 Mixing of Columns Transformation This transformation is based on Galois Field multiplication. Each byte of a column is replaced with another value that is a function of all four bytes in the given column. The MixColumns( ) transformation operates on the State column-by-column,treating each column as a four-term polynomial.[4] The columns are considered as polynomials over GF (28) and multiplied modulo x4 + 1 with afixed polynomial a(x), given by the following equation : a(x) = {03}x3 + {01}x2 + {01}x + {02}.

15

this can be written as a matrix multiplication. Let S ' (x) = a(x) S(x)

As a result of this multiplication, the four bytes in a column are replaced by the following

Figure 4.7. Mixing of Columns of the State [1,6]

16

4.2.4 Addition of Round Key Transformation In the Addition of Round Key transformation AddRoundKey( ), a Round Key is added to the State by a simple bitwise XOR operation.[1] Each Round Key consists of Nb words from the key schedule generation. Those Nb words are each added into the columns of the State, such that

Figure 4.8. Exclusive-OR Operation of State and Cipher Key Words [1,6]

where [wi] are the key generation words described in chapter 3, and round is a value in the range in the Encryption, the initial Round Key addition occurs when round = 0, prior to the first application of the round function. The application of the AddRoundKey ( ) transformation to the Nr rounds of the encryption occurs when 1 round Nr. The action of this transformation is illustrated in figure 4.8, where l = round * Nb. The byte address within words of the key schedule.

4.2.5 Key Schedule Generation Each round key is a 4-word (128-bit) array generated as a product of the previous round key, a constant that changes each round, and a series of S-Box (figure 4.4) lookups for each 32-bit word of the key. The first round key is the same as the original user input. Each byte (w0 w3) of initial key is XORd with a constant that depends on the current round, and the result of the S-Box lookup for wi, to form the next round key. [4]

17

The number of rounds required for three different key lengths is presented in Table 4.1.

Key Length (Nk Words) AES-128 AES-192 AES-256 4 6 8

Block Size (Nb Words) 4 4 4

Number of Rounds(Nr) 10 12 14

Table 4.1 - Key-Block- Round Combinations

The Key schedule Expansion generates a total of Nb(Nr + 1) words: the algorithm requires an initial set of Nb words, and each of the Nr rounds requires Nb words of key data. The resulting key schedule consists of a linear array of 4-byte words, denoted [wi], with i in the range 0 i < Nb(Nr + 1).

Figure 4.9 Block Diagram of AES Key Scheduler

18

4.3 Decryption Process


The Decryption process of Advanced Encryption Standard algorithm is presented below, in figure 4.10

Figure 4.10. Decryption Process

This process is direct inverse of the Encryption process . All the transformations applied in Encryption process are inversely applied to this process. Hence the last round values of both the data and key are first round inputs for the Decryption process and follows in decreasing order.

19

4.3.1 Inverse Bytes Substitution Transformation Inverse Byte Substitution Transformation InvSubBytes( ) is the inverse of the byte substitution transformation, in which the inverse S-Box (figure 4.11) is applied to each byte of the State.[1] This is obtained by applying the inverse of the affine transformation to the equation followed by taking the multiplicative inverse in GF (28).

Figure 4.11. Application of the Inverse S-box to Each Byte of the State [1,4]

Figure 4.12. Inverse S-box Values for All 256 Combinations in Hexadecimal Format[1,4]

20

4.3.2 Inverse Shift Rows Transformation Inverse Shift Rows Transformation InvShiftRows( ) is the inverse of the ShiftRows( ) transformation. The bytes in the last three rows of the State are cyclically shifted over different numbers of bytes. The first row, r = 0, is not shifted. The bottom three rows are cyclically shifted by Nb-shift(r, Nb) bytes, where the shift value shift(r, Nb) depends on the row number.[4] Specifically, the InvShiftRows( ) transformation proceeds as follows Sr(c+shift(r,Nb))modNb=Sr,c for 0 r<4 and 0 c<Nb

Figure 4.13. Inverse Cyclic Shift of the Last Three Rows of the State[1]

4.3.3 Inverse Mixing of Columns Transformation Inverse Mixing of Columns Transformation InvMixColumns( ) is the inverse of the MixColumns ( ) transformation. InvMixColumns ( ) operates on the State column-by-column, treating each column as a four term polynomial. The columns are considered as polynomials over GF (28) and multiplied modulox4 + 1 with a fixed polynomial a-1(x),[4] given by a1(x) = {0b}x3 + {0d}x2 + {09}x + {0e}.

21

This can be written as a matrix multiplication. Let S ' (x) = a1(x) S(x)

As a result of this multiplication, the four bytes in a column are replaced by the following

Figure 4.14. Inverse Mix Column Operation on State[6]

22

4.4. Hardware Implementation


The following figure 4.15 represents complete hardware implementation of the both encryption and decryption with key generation modules.

Figure 4.15 Block Diagram of AES Hardware Implementation

Key Schedule Generation block can generate the required keys for the process with secret key and Clk2 as inputs; these generated keys are stored in internal ROM and read by Encryption/Decryption block for each round to obtain a distinct 128-bit key with Round counter, where Encryption/Decryption module takes 128-bit plaintext or ciphertext as input with respective to the Clk1 (If En=1or 0 process is encryption or decryption respectively). In order to distinguish the number of rounds, a 2-bit Key Length input is given to this module where 00, 01, 10 represents 10(128-bit key), 12(192- bit key), 14(256-bit key) rounds respectively, generates the final output of 128-bit cipher or plaintext.[2]

23

5.1 Result
In order to allow a full parallel process of the state, it is necessary to implement all the transformations over 128 bits. The most expensive one is the Byte substitution, because it is a table lookup operation, implemented as ROM. Each 8 bits requires a 2048 bit ROM. To process 128 bits it is necessary 32768 bits. The Key Expansion uses a Byte substitution operation over 32 bits also, so another 8192 bits should be allocated.

5.1.1 Encryption Result The following figure 5.1 shows the waveforms generated by the 8-bit byte substitution transformation. The inputs are clock of 100ns time period, Active High reset, and 8-bit state as a standard logic vector, whose output is 8-bit S-box lookup substitution. This design utilizes 32% of the area of EP1K100FC484-1, around 1631 logic elements are consumed to implement only 8-bit S-box lookup table. Hence, approximately 20,000 logic elements are necessary to implement the complete 128-bit byte substitution transformation.

Figure 5.1. Waveforms of 8-bit Byte Substitution

24

The following figure 5.2 represents the waveforms generated by the Shift Row transformation. The inputs are clock of 100ns time period, Active High reset, and 128-bit state as a standard logic vector, whose output is shifted as explained in the section 2.3. Design utilizes 2% of the area of EP1K100FC484-1, around 128 logic elements are consumed.

Figure 5.2. Waveforms of Shift Row Transformation

The following figure 5.3 represents the waveforms generated by the 128-bit Mix Columns transformation. The inputs are clock of 100ns time period, Active High reset, and 128-bit state as a standard logic vector, whose output is shifted. Design utilizes 5% of the area of EP1K100FC484-1, around 156 logic elements are consumed.

Figure 5.3 Waveforms of Mix Column Transformation

25

The following figure 5.4 represents the waveforms generated by the 128-bit Key Schedule Generation. The inputs are clock of 100ns time period, Active High reset, round, and 128-bit state as a standard logic vector, whose output is the 128-bit key for round one is generated. Design utilizes 74% of the area of EP1K100FC484-1, around 3700 logic elements are consumed.

Figure5.4. Waveforms of Key Schedule Generation.

5.1.2 Decryption Result


The decryption implementation results are similar to the encryption implementation. The key schedule generation module is modified in the reverse order. In which last round key is treated as the first round and decreasing order follows.

The following figure 5.5 represents the waveforms generated by the 8-bit byte substitution transformation. The inputs are clock of 100ns time period, Active High reset, and 8-bit state as a standard logic vector, whose output is 8-bit Inverse S-box lookup substitution. This design utilizes 50% of the area of EP1K30TC144-1, around 877 logic elements are consumed to implement only 8-bit S-box lookup table Active High reset, and 8-bit state as a standard logic vector, whose output is 8-bit Inverse S-box lookup substitution .

26

Figure 5.5. Waveforms of 8-bit Inverse Byte Substitution

The following figure 5.6 represents the waveforms generated by the 8-bit Inverse byte substitution transformation. The inputs are clock of 100ns time period, Active High reset, and 8-bit state as a standard logic vector whose output is shifted. Design utilizes 2% of the area of EP1K100FC484-1, around 128 logic elements are consumed.

Figure 5.6. Waveforms of Inverse Shift Row Transformation

27

The following figure 5.7 represents the waveforms generated by the 8-bit byte substitution transformation. The inputs are clock of 100ns time period, Active High reset, and 8-bit state as a standard logic vector, whose output is shifted. Design utilizes 12% of the area of P1K100FC484-1, around 624 logic elements are consumed.

Figure 5.7. Waveforms of Inverse Mix Column Transformation

5.2 Discussion of Implementation Issues


5.2.1 Key Length Requirements An implementation of the AES algorithm shall support at least one of the three key lengths specified : 128, 192, or 256 bits (i.e., Nk = 4, 6, or 8, respectively). Implementations may optionally support two or three key lengths, which may promote the interoperability of algorithm implementations.

5.2.2 Keying Restrictions No weak or semi-weak keys have been identified for the AES algorithm, and there is no restriction on key selection.[1]

28

5.2.3 Parameterization of Key Length, Block Size, and Round Number This standard explicitly defines the allowed values for the key length (Nk), block size (Nb), and number of rounds (Nr) see Fig. 4. However, future reaffirmations of this standard could include changes or additions to the allowed values for those parameters. Therefore, implementers may choose to design their AES implementations with future flexibility in mind.[1]

29

6.1 Conclusions
Optimized and Synthesizable VHDL code is developed for the implementation of both encryption and decryption process. Each program is tested with some of the sample vectors provided by NIST and output results are perfect with minimal delay. Therefore, AES can indeed be implemented with reasonable efficiency on an FPGA, with the encryption and decryption taking an average of 320 and 340 ns respectively (for every 128 bits). The time varies from chip to chip and the calculated delay time can only be regarded as approximate. Adding data pipelines and some parallel combinational logic in the key scheduler and round calculator can further optimize this design.

6.2 Scope of Further Work


This work can be enhanced for the designing of CRYPTOPROCESSOR, a special-purpose microprocessor optimized for the execution of cryptography algorithms. This crypto processor can be used for various security applications such as storage devices, embedded systems, network routers, security gateways using IPSec and SSL protocol, etc. The crypto processor consists of a 32-bit RISC processor block and coprocessor blocks dedicated to the AES, KASUMI, SEED, triple-DES private key crypto algorithms and ECC and RSA public key crypto algorithm

30

Bibliography

REFERENCES [1] FIPS 197, Advanced Encryption Standard (AES), November 26, 2001

http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf [2] FPGA Implementation of AES Encryption and Decryption by Ashwini M. Deshpande, Mangesh S. Deshpande and Devendra N. Kayatanavar at INTERNATIONAL CONFERENCE ON CONTROL, AUTOMATION, COMMUNICATION AND

ENERGY CONSERVATION -2009, 4th-6th June 2009 [3] Performance Comparison of the AES Submissions by Bruce Schneier,John Kelsey, Doug Whiting, David Wagner, Chris Hall and Niels Ferguson , Version 2.0 in February 1, 1999 [4] J.Daemen and Vincent Rijmen,''A specification For the AES Algorithm Rijndael", V 3.6, 15th, April, 2003. [5] Design and Implementation of area optimized AES algorithm on reconfigurable FPGA by Ahmed Rady, Ehab EL Sehely and A.M. EL Hennawy, IEEE ICM in December 2007 [6] Flexible Hardware Architecture for AES Cryptography Algorithm by z. Alaoui-Ismaili, A. Moussa, A. EI Mourabit and K. Amechnoue at Laboratory LTI, National School of Applied Sciences ENSA BP 1818, Tangier-Morocc [7] [8] [9] www.wikipedia.com www.google.com Digital Electronics By Anand kumar

[10] Peter J. Ashenden, The Designer's Guide to VHDL, 2nd Edition, San Francisco,CA, Morgan Kaufmann, 2002 [11] Crptography and Network Security by William Stallings

31

APPENDIX

Definitions:

AES Advanced Encryption Standard Bit A binary digit having a value of 0 or 1. Block Sequence of binary bits that comprise the input and output. The length of a sequence is the number of bits it contains. Blocks are also interpreted as arrays of bytes. Byte A group of eight bits that is treated either as a single entity or as an array of 8 individual bits. Cipher Series of transformations that coverts plaintext to ciphertext using the Cipher Key. Cipher Key Secret, cryptographic key that is used by the Key Expansion routine to generate a set of Round Keys; can be pictured as a rectangular array of bytes, having four rows and n columns. Ciphertext: Data output from the Cipher or input to the Inverse Cipher. Inverse Cipher: Series of transformations that converts ciphertext to plaintext using the Cipher Key. Key Expansion: Routine used to generate a series of Round Keys from the Cipher Key. Plaintext: Data input to the Cipher or output from the Inverse Cipher. Rijndael: Cryptographic algorithm specified in this Advanced Encryption Standard (AES). Round Key: Round keys are values derived from the Cipher Key using the Key Expansion routine; they are applied to the State in the Cipher and Inverse Cipher. State Intermediate Cipher result that can be pictured as a rectangle array of bytes, having four rows and m columns. Word A group of 32 bits that is treated either as a single entity or as an array of 4 bytes.

32