Encryption Development System

Project Part A Characterization

Written by: Yaakov Levenzon

Ido Kahan

Advisor: Mony Orbach

Spring Semester 2012

The Problem

We carry sensitive information with us, to practically everywhere…

Where is it!?

Our Solution

• The cyclone II FPGA is fast and quite strong, thus making the

Encryption/Decryption process fast, and usable for different needs .

• Easy to use: the entire process is invisible for the customer, which makes it easy

and intuitive to use , just as using a regular disk-on-key (without the difficulty of

technical details and the lack of skill).

• The level of encryption is strong and changeable.

The method of block cipher AES (Advanced Encryption Standard) is, De Facto,

used by the U.S Government and the private sector.

Project GoalsPrimary Goal:

• Creating a complete system which encrypts and deciphers files and

transfers them to a disk-on-key, by Implementing a symmetric block

cipher/decipher module on DE2 Board.

Didactic Goals:

• Understanding and developing ways of communication between the PC

and the DE2 board and its internal memory.

• Understanding and implementing the Nios ІІ embedded processor, and

transfer data by utilizing the Avalon bus.

The DE2 Board

Working Environment

• Design, synthesis and P&R – Quartus

• Simulation – Modelsim

• Debugging – Modelsim

• Debugging on the chip – SignalTap

DE2

PC

USB

Architecture

FPGA

EncryptedMemory

Nios II

AVALON

USBPHY &MAC

DMA

USBCTRL

UnencryptedMemory

AES

USBCTRL

AES

USBPHY &MAC

Disc on key

Host

Block Diagram - Writing

Sending words

Words on AVALON bus

Words by USB protocol

PC Cable USB FPGA

Encryptedwords

AES Block

Encryptingwords

FPGA Memory

Unencryptedwords

FPGA Memory

Nios Nios

Nios

Nios

PC

Block Diagram - Reading

Sending request

Request on AVALON bus

Request by USB protocol

PC Cable USB FPGA

Reading encrypted

words

AES Block

Decrypting

FPGA Memory

PC Nios Nios

Unencryptedwords

FPGA Memory

Words by USB protocol

Cable USB

PCNiosNios

Nios

Nios II

Nios II/s Core – the best of two worlds

• Can access up to 2 GB of external address space

• Has instruction cache but no data cache

• Has Brunch Prediction

• Five stage pipeline

USB host and device CTRL

Avalon BusSeveral signals:

Clk

Read

Write

Data : 1-32We will use: 32 (g)

Address: 1-32We will use: 14 (g)

Planning ahead…• The first part is only a preparation for the AES system

• Generic design

• Improving the current system (Example: unused address lines)

• Using (or creating?) a small File System for writing and reading filesfrom external memories, for example: Flash memory (disk-on-key), SD-card etc.

• Final product: a complete system which can solve the problem

• Opening (and selling…) a start up!

Project Timetabletask name duration 26/3 2/4 9/4 16/4 23/4 30/4 7/5 14/5 21/5 28/5 4/6 11/6 18/6 25/6

EXAM

30/7 6/8 13/8 20/8

Reading materials  1 weeks                                    Reading materials  1 weeks                                    Reading materials  1 weeks                                    Characterization  1 weeks                                    

VHDL code writing: 6 weeks                                    

Data untill Avalon 2 weeks                                    Others Components  2 weeks                                    

Top level 2 weeks                                    

Mid presentation 1 weeks

                                     

Verification and Debugging 3 weeks

                                     

Final report 7 weeks                                    

Final presentation 1 weeks                                    

Thank you for listening

Enigma: Encryption & Decryption System

Project Part B Characterization

Written by: Yaakov Levenzon

Ido Kahan

Advisor: Mony Orbach

Winter Semester 2013

The Problem

We carry sensitive information with us, to practically everywhere…

Where is it!?

What has we done so far?

FPGA Encryption/Decryption Verification SystemTop Level:

Fifo_in Fifo_outNiosEncrypt_sysFSM controller

Problems with previous encryptions systems

• AES - Same bank of Keys every time

• AES – Use of limited FPGA resources

• Repeated patterns makes it easy to decipher

Our Solution

• The original Enigma machine:

In our systems:

• More characters

• More combinations

• Start position to the ASCII table.

• Every day -> different key.

Project GoalsPrimary Goal:

• Creating a complete system which encrypts and deciphers files by using

the method of the famous “Enigma” machine, while following the

instructions of our part A system.

Didactic Goals:

• Dealing with a design and implementation of a complete

encryption/decryption system, thus strengthening our VHDL skills.

• Implementing the Enigma system into our architecture (while using its

generic ability to modify it for working with streams of data).

Our System’s Data Sheet• Maximum possible Encryption/Decryption memory size: 221696 bits

(46% of DE2 board) (Recommended size – for 85% capacity: 149120 bits)

• Maximum possible Encryption/Decryption number of LE: 32645

• Key Size: 128 bits (Generic Design)

• Data width: 128 bits (Generic Design)

• System speed: 1 MBPS (dictated by the DLP module)

• DLP FIFO size: 1024 bits

• DLP FIFO Speed: 384 byte Transmit buffer / 128 byte receive buffer

Working Environment

• Design, synthesis and P&R – Quartus

• Simulation – Modelsim

• Debugging – Modelsim

• Debugging on the chip – SignalTap

DE2

PC

USB

Architecture – High Level

FPGA

Nios II

AVALONDLP

ENIGMA System

Host controller

In_DataFIFO

8>-128

Out_DataFIFO

128>-8Encryption/Decryption

0x010x020x030x04

0xFF

First rotor

0xA20x4B0x670x89

0xAC

First keyASCIItable

PC

0x02, 0x02 0x4B, 0xA2

1

The Algorithm – step 1

0x010x020x030x04

0xFF

First rotor

0xA20x4B0x670x89

0xAC

Key AASCIItable

0x02, 0x02 Ox4B, OxA20x010x020x030x04

0xFF

Second rotor

0x140x980x760x94

0xE1

ASCIItable

1 1/2

0x010x020x030x04

0xFF

Third rotor

0x230x550x090x11

0x2B

ASCIItable

1/3

Key B Key C

Encrypteddata

PCPC

Encryption Data Flow – step 2

PC

0x85........0x23 0x68 0x54 0x43 0xA2 0x280x13........0x38 0x74 0x78 0x04 0x12 0x43

0xEC........0x1A 0x3C 0xA8 0xD5 0x55 0xF20x9F........0x3B 0x23 0xD2 0x89 0x17 0x98

256*3=768

31

RAM

ASCII KEY

A

ASCIIKEY B

ASCII KEY C

First rotor Second rotor Third rotor

• Every rotor receives different key

• The keys will be changed every day

• The keys file will be saved in a safe file

Keys – step 3

0x010x020x030x04

0xFF

a rotor

ASCIItable

0xFE0xFF0x010x02

0xFD

a rotor

ASCIItable

Promote 2 steps

The First Position – step 4• Another level of security

• Every rotor have a different first-position

• The first-positions will be changed every day

PC

5 8 3446 89 1254 23 8323 76

55

3

31

RAM

ASCII KEY A

ASCIIKEY B

ASCII KEY C

First rotor Second rotor Third rotor

First Positions For The Rotors – step 5

• Another level of security

• Every rotor have a different first-position

• The first-positions will be changed every day

• Two separated files: keys and positions

Decryption Algorithm

• The encryption-system is symmetrical as the Enigma machine.

• Should use the same keys, same positions for the keys and the same rotor-positions.

0x010x020x030x04

0xFF

First rotor

0xA20x4B0x670x89

0xAC

First keyASCIItable

0x010x020x030x04

0xFF

First rotor

0xA20x4B0x670x89

0xAC

First key ASCIItable

PC

0x02, 0x020x4B, 0xA2

1

Decryption Algorithm

Encrypteddata

0x010x020x030x04

0xFF

First rotor

0xA20x4B0x670x89

0xAC

Key AASCIItable

0x02, 0x02Ox4B, OxA2

0x010x020x030x04

0xFF

Second rotor0x140x980x760x94

0xE1

ASCIItable

11/2

0x010x020x030x04

0xFF

Third rotor

0x230x550x090x11

0x2B

ASCIItable

1/3

Key BKey C

Encrypteddata

PCPC

Decryption Data Flow

Another element of complexity• Using hopping method to determine how much the rotor will spin in every

char encryption cycle.Both ends of the communication will know the function ahead so there is no need to send data for this method (less use of FPGA memory resources).

• The function we will use will be a generation of Fibonacci sequence, with randomly chosen start conditions (we will need 2 random integers, different ones for each rotor).

Rotor ARotor ARotor A

Top Level – part B

GUI for the user

keys file

positions file

Send data file

send text

dateDLP

RAMFirst-

position

RAMkey

mux

RX text

Project Timetable

task name duration

21/10 28/10

4/11

11/11

18/11

25/11

2/12 9/12

16/12

23/12

30/12 6/1 13/1 20/1 27/1 3/2

Reading materials  1 weeks                                Characterization  1 weeks                                

VHDL code writing: 8 weeks                                 encryption 5 weeks                                

Mid presentation 1 weeks                                 decryption 3 weeks

                                 Verification and Debugging 

3 weeks                                 

Final report 7 weeks                                

Final presentation 1 weeks                                

EXAM

Until the middle-presentation in the next month – encryption data flow should be ready to synthesis. Validation system written in C by Golden Model.

Thank you for listening