international journal of video & image processing and ... 11 i 01/118301-4242...
TRANSCRIPT
International Journal of Video & Image Processing and Network Security IJVIPNS-IJENS Vol: 11 No: 01 30
118301-4242 IJVIPNS-IJENS © February 2011 IJENS
I J E N S
Design and Implementation of Encryption Unit
Based on Customized AES Algorithm Nabil Hamdy
#1, Khaled Shehata
#2, Haitham Eldemerdash
#2
#1 Electronics and communication Department, MIU, Cairo, Egypt.
#2 Electronics and communication Department, AAST, Cairo, Egypt.
Abstract — This encryption unit adopts the AES (Advanced Encryption Standard) as the encryption algorithm because it has been extensively challenged, evaluated, and, i t is the most popularly used symmetric key algorithm. In this paper, we propose a customized version of the “AES” block cipher to suit proprietary data encryption applications. We designed the customization of the AES to cover three main AES cryptographic functions, these are: S -box Generation, Mix Column Transformation, and Key Expansion Function. The S -Box generation process results in a new S -Box. The new S -Box is tested to be sure of satisfying the required cryptographic features: algebraic degree, non linearity, propagation criteria, correlation immunity, and balancedness. The customized AES is tested also against statistical randomness properties. The encryption unit is finally designed, implemented, and tested using FPGA technology.
Index Term — Advanced Encryption Standard (AES), S -Box generation, S -Box testing, Field programmable gate arrays (FPGA).
I. INTRODUCTION
Customizing the AES algorithm attracted attention of
researchers to provide proprietary security. In this work, we
propose a customized version of the “AES” block cipher to
suit proprietary data encryption applications. More over, the
customized AES is incorporated in an encryption unit that is
implemented using FPGA. The structure of the original AES
algorithm is built in four main cryptographic functions [1], [2].
We design the customization of the AES to cover the following
three main AES cryptographic functions:
(1) S-box Generation.
(2) Mix Column Transformation.
(3) Key Expansion Function.
Using FPGA, the architecture of the encryption unit is
composed of four main functional block, these are the loop
controller module, the encryption and decryption round
module, key expansion function module, and the ram module.
In the next sections we discuss the customized algorithm
structure and performance testing the building blocks of the
architecture of the encryption unit. We also provide the details
of the simulation results. The results of statistical randomness
tests for the customized algorithm are provided in the
appendix.
II. THE CUSTOMIZED ALGORITHM
In the customized AES algorithm we keep the same sequence
of the standard encryption and decryption procedures shown
below in Fig. 1 [3], but we introduced major modifications into
three main cryptographic functions by generating and testing a
brand new S-Box instead of the one described in the standard
AES version, and modify the standard primitive polynomial
which used for mix column transformation and key expansion
function.
Fig. 1. AES Encryption and Decryption
International Journal of Video & Image Processing and Network Security IJVIPNS-IJENS Vol: 11 No: 01 31
118301-4242 IJVIPNS-IJENS © February 2011 IJENS
I J E N S
A. The Proposed Design for the New S-box
A.1 Generation of the new S-box
Substitution is a nonlinear transformation which performs
confusion of bits. A nonlinear transformation is essential for
every modern encryption algorithm and is proved to be a
strong cryptographic primitive against linear and differential
cryptanalysis [4]. The first question arises as to the best
method of selecting the S-box (SB) entries there is four
approaches of S-box design [3],[15]. These methods are
Random method, Random with testing method, Human-made
method, and Math-made method. We selected the second
technique by using (RC4) algorithm as stream random
generation for customized S-boxes; RC4 algorithm is variable
key size stream cipher with byte oriented operation. RC4
algorithm is based on the use of a random permutation of 256
bit state [3], [10]. Variation on the second technique is to use
S-boxes with random process, which starts with S-boxes filled
with pseudorandom digits from (RC4) generation and alters the
contents using the key. Tables I and Table II represent an
example, of new S-box and its inverse, generated by RC4 when
the key of RC4 is: 7FC023A814B5D69E. T ABLE I
AES-RC4 S-box
T ABLE II
The Inverse S-box
A.2 Testing the new S-box
Testing the contents of the new S-box is essential to insure
that all required parameters of S-box in AES design are
achieved by this design. For testing the S-box parameters we
used the S-box Evaluation Software Package [5], which
measures the following S-box cryptographic parameters:
algebraic degree (AD), non linearity (NL), propagation criteria
(PC), correlation immunity (CI), and balancedness (BL) [6]. The
output results of these tests on the generated new S-boxes
(using the RC4) are illustrated in the following Table III:
T ABLE III
Test results for 10 samples of new S-Boxes generated by RC4
No.
Parameters
Key Sequence
AD NL PC CI BL
1 0123456789ABCDEF 6 92 0 0 1
2 C60D3A781BE2F495 7 88 0 0 1
3 D195AF73E028B46C 6 96 0 0 1
4 50D1C783EA29BF46 6 94 0 0 1
5 9FCD45EA172AC8FB 6 88 0 0 1
6 B5D1428AE73C69F0 6 92 0 0 1
7 AE73C69F0B5D1428 6 94 0 0 1
8 D391E60CA4257B8F 6 92 0 0 1
9 A4257B8FD391E60C 6 96 0 0 1
10 7FC023A814B5D69E 7 94 0 0 1
Consequently, we selected the new S-Box that is generated
by the key sequence number (10), because it has the highest
Algebraic Degree between all tested samples and it has the
same Algebraic Degree as Standard AES S-Box which is 7, all
the projections of each S-Box are balanced, and the result for
propagation criteria and Correlation immunity for the S-Boxes
generated by RC4 are the same as standard AES S-Box,
moreover the nonlinearity is very close to the standard AES S-
Box which is 112.
B. Standard Shift Rows Transformation
Shift Rows Transformation is a linear diffusion process,
operating on individual rows. Depending on the row location,
offset of left shift varies from zero to three bytes. The forward
shift row transformation, called Shift Rows (SR) [3], is depicted
in Fig. 2. The (SR) is a cyclic shift of each row by different byte
offsets. Row 0 is not changed. Row 1 is left rotated by one
time. Row 2 is left rotated twice, and row 3 three times.
Fig. 2. Standard Shift Row Transformation.
The inverse shift row transformation, called Inv Shift Rows,
performs the circular shifts in the opposite direction [3], for
International Journal of Video & Image Processing and Network Security IJVIPNS-IJENS Vol: 11 No: 01 32
118301-4242 IJVIPNS-IJENS © February 2011 IJENS
I J E N S
each of the second, third and fourth rows with a one-byte
circular right shift for the second row, and so on.
C. Proposed Mix Column Transformation
Mix Column Transformation is Matrix multiplication over GF
(2^8). Column vector is multiplied with a fixed matrix where the
bytes are treated as polynomials rather than numbers [7], [8],
the standard polynomial of the AES; A (x) is given as:
A (x) = {03} x3 + {01} x2 + {01} x + {02} (1)
Mix Column operates on the State of the data to be encrypted
column by column. Each column is considered as a polynomial
over GF (2^8) which is given by:
M (x) = X 8 + X 4 + X 3 + X + 1 (2)
multiplication of a value by x (i.e., by {02}) can be implemented
as a 1-bit left shift followed by a conditional bitwise XOR with
{1B} for standard polynomial if the leftmost bit of the original
value (prior to the shift) is 1 [3]. Proposed MixColumn
transformation: Consider the customized polynomial B(x) is
given as:
B (x) = {02} x3
+ {03} x2
+ {01} x + {01} (3)
This polynomial has self-inverse with respect to (x4
+1) [14].
The transformation based on this polynomial is the following
proposed MixColumn transformation in a matrix form, this is
written as:
Cb
Cb
Cb
Cb
,3'
,2'
,1'
,0'
01010302
02010103
03020101
01030201
Cb
Cb
Cb
Cb
,3
,2
,1
,0
(4)
These variations are designed over the Galois field GF (2^8)
generated by the selected irreducible primitive polynomial that
tested by Matlab 7 package tool to check its permittivity and
irreducibility, this polynomial N(x) is:
N (x) = X 8 + X 4 + X 3 + X 2 + 1 (5)
And it is multiplied with modified polynomial B(x) modulo
(X4
+1), a conditional bitwise XOR with {1D} for customized
polynomial if the leftmost bit of the original value is 1.The new
Mix Column transformation has self-inverse and uses the
coefficients 01, 02, and 03. Multiplication by these coefficients
involves at most a shift and an XOR. Therefore proposed Mix
column transformation is invertible and constructed with the
polynomial D (x) which given by:
D (x) = {0D} x3
+ {09} x2
+ {0E} x + {0B} (6)
D. Proposed Key Expansion Function
The AES key expansion algorithm takes as input a 4 words
(16 bytes) key and produces a linear array of 44 words (176
bytes). This is sufficient to provide a 4 words round key for the
initial Add Round Key stage and each of the 10 rounds of the
cipher. The round constant is a word in which the three
rightmost bytes are always 0. Thus the effect of an XOR of a
word with Rcon is to perform an XOR on the leftmost byte of
the word. The round constant is different for each round and is
defined as Rcon (j) = (RC (j), 0, 0, 0), with RC (1) = 1 [3].
RC(j) = 2 • RC(j - 1) (7)
Rcon for customized AES given by the newly proposed
irreducible polynomials with multiplication defined over the
field GF (2^8):
N (x) = X 8 + X 4 + X 3 + X 2 + 1 (8)
The values of Rcon (9) and Rcon (10) are changed from its
standard values according the variations of irreducible
polynomial [2].Table IV gives the Rcon values in hexadecimal
related to standard and customized polynomials.
T ABLE IV
Rcon values
Rcon (J) RC
(1)
RC
(2)
RC
(3)
RC
(4)
RC
(5)
RC
(6)
RC
(7)
RC
(8)
RC
(9)
RC
(10)
Standard
Polynomial 01 02 04 08 10 20 40 80 1B 36
Customized
Polynomial 01 02 04 08 10 20 40 80 1D 3A
E. Software Simulation
The customized algorithm was implemented in Microsoft visual
basic 6.0 as software simulation for verifying the encryption
and decryption process. The graphical user interface (GUI)
helps the user to select between encryption and decryption
process easily, and also file processing by clarifying the
source and destination paths and also file length. There are
two text boxes for both AES seed key and S-box initialization
which is RC4 seed key. Software interface can deal with any
type of files formats (text, picture, audio and video) as shown
in Fig. 3.
International Journal of Video & Image Processing and Network Security IJVIPNS-IJENS Vol: 11 No: 01 33
118301-4242 IJVIPNS-IJENS © February 2011 IJENS
I J E N S
Fig. 3. Software Simulation Interface
F. Statistical Randomness Tests
For testing the algorithm output (the ciphertext) a specialized
software package called "The Exhaustive Statistical Test
Package” is used. This test package exists at "The
Communications and Encryption Lab" in "Science and
Technology Center of Excellence (STCE)" of the Ministry of
Military Production. The snapshots from these test results are
included in appendix A. The following Table V provides the
conclusive results from all statistical randomness tests which
were performed on 28 plaintext files with different formats (text,
picture, audio and video). These tests help detecting any
deviation from the assumed randomness property of
ciphertexts generated by the customized AES.
T ABLE V
Conclusion Test Results
No. of
Tested
Files
Overall
No. Of
Tests
No. of
Tests
(Passed)
No. of
Tests
(Failed)
Result
(%)
28 388 374 14 96.4
This is done by taking samples out of encryption unit and
subjecting it to the following statistical tests:
1) Frequency Test.
2) Serial Test.
3) Poker Test.
4) Runs Test.
5) Longest Run of Ones Test.
6) Binary Matrix Rank Test.
7) Auto-correlation Test.
8) Maurer's Universal Test.
9) Lempel-Ziv Compression Test.
10) Approximate Entropy Test.
11) Cumulative Sums Test.
12) Random Excursions Variant Test.
13) Random Excursions Test.
14) Non Overlapping Template Matching Test.
15) OVERLAPPING TEMPLATE MATCHING TEST .
III. FPGA DESIGN ARCHITECTURE
In this section, we provide a detailed description of our
proposed FPGA architecture for the Customized AES
Algorithm [9], [11]. The design consists of four main units; the
first unit is loop controller module which responsible for
controlling the encryption and decryption processes by
receiving an external interrupt and mode select signals which
are used to control the data processing during the round
operations in the second module, the second unit is AES
Encryption & Decryption Round module this module performs
the encryption and decryption operations during the round
functions by receiving data, round keys, and control signals
from other modules. It consists of four main components, four
mix column units to perform mix column function, 32 Rom units
which contain S-box and inverse S-box values. Four inverse
mix column units to perform inverse operation of mix column
function and the last component is the add _round _key to
make XOR operation of data and round key.
Fig. 4. Top Level of a Customized Unit
The third main unit is Key Expansion Function module which
used to generate the sub-keys (round keys) from the original
seed key (128 bits) based on the AES key expansion algorithm.
It produces a linear array of 44 words (176 bytes) [3] by
expanding the four words (16 bytes) key input. Key Expansion
Function module consists of three components, the key
controller unit which is used for fully controlling the round
keys generation function, 4 units of Rom unit which contain S-
box values, the third component is Rcon unit which used to
make XOR operation between round constant and substituted
International Journal of Video & Image Processing and Network Security IJVIPNS-IJENS Vol: 11 No: 01 34
118301-4242 IJVIPNS-IJENS © February 2011 IJENS
I J E N S
word. The last main unit is Ram module; it is responsible for
generating the output sequence of (128) output round key. All
the four basic units are illustrated in Fig. 4. All modules are
designed using VHDL design Entry .The used tools is FPGA
advantage 5.2 from Mentor Graphics [12].
IV. SIMULATION
The simulation tool, used to verify the validity of the design,
is the ModelSim SE PLUS 5.5e which is a downstream tool in
the FPGA advantage 5.2 package. The simulation result of the
top design of AES encryption process is shown in Fig. 5. The
data with length of 128-bit is received on port (aes_ip) in AES
controller module and then encrypted using the (seed_key)
with its sub rounds keys to get the ciphered data output 128-
bit denoted as (round_out). The fig. shows the main 5 control
signals produced by the loop controller module and key
controller module. The enc_dec signal is used for mode
selection between encryption and decryption process, both
(ip_intr) and (key_intr) interrupt signals are used to apply
input data and seed key data, (key_rdy) and (output_rdy) that
give the information that both key generation in key expansion
function and encryption operation are completed.
Fig. 6, shows the simulation waveforms for decryption process
to be confirm that the plain data will be recovered again from
ciphered data. From simulation results we find that the key
expansion process finished and generated all round keys in
(112 m sec) and also the encryption process take (8300 n sec)
till the cipher output is ready. For decryption process, the
overall operation takes (20200 n sec). The clock speed used is
50 MHz this mean that the design clock duration is 50 n sec
[13]. From Fig. 6 we observe that the value of enc_dec control
signal changed according to the process selection between
encryption and decryption operations.
V. CONCLUSION
Implementation of new encryption unit based on customized
AES Algorithm is introduced. This customization depends on
variations of three main functions in the standard AES. The
customized S-Box is generated using the random output of the
Key Interrupt
Key Ready
Input Interrupt
Seed Key
Reset Output Ready
Cipher Data
Plain Data
Clock
Mode Select Enc/Dec
Fig. 5. Simulation of the encryption process
Cipher Data Plain Data
Seed Key Mode Select Enc/Dec
Fig. 6. Simulation of the decryption process
International Journal of Video & Image Processing and Network Security IJVIPNS-IJENS Vol: 11 No: 01 35
118301-4242 IJVIPNS-IJENS © February 2011 IJENS
I J E N S
RC4 algorithm , testing the new S-Box is carried out to insure
that the new S-boxes contents satisfy the required
cryptographic features ; Nonlinearity, Algebraic Degree,
Correlation immunity, Propagation criteria, and Balancedness .
The proposed Mix Column Transformation and Key Expansion
function was implemented using different primitive polynomial.
The proposed encryption unit is implemented using FPGA.
The ciphered output was tested using exhaustive statistical
test package, and other National Institute of Standards and
Technology (NIST) tests [2]. Using customized algorithm
increase the complexity and also makes the differential and
linear cryptanalysis more difficult
APPENDIX
▪ Snapshots from Randomness Test Results :
Fig. 7. Final Result of Frequency Test
Fig. 8. Final Result of Runs Test
Fig. 9. Final Result of Serial Test
Fig. 10. Final Result of Cumulative Sums Test
Fig. 11. Final Result of Auto Correlation Test
International Journal of Video & Image Processing and Network Security IJVIPNS-IJENS Vol: 11 No: 01 36
118301-4242 IJVIPNS-IJENS © February 2011 IJENS
I J E N S
Fig. 12. Final Result of Poker Test
Fig. 13. Final Result of Maurer’s Test
Fig. 14. Final Result of Lempel-Ziv Compression Test
Fig. 15. Final Result of Approximate Entropy Test
Fig. 16. Final Result of Random Excursions Variant Test
Fig. 17. Final Result of NonOverlapping Template Test
International Journal of Video & Image Processing and Network Security IJVIPNS-IJENS Vol: 11 No: 01 37
118301-4242 IJVIPNS-IJENS © February 2011 IJENS
I J E N S
REFERENCES [1] J. Daemen, V. Rijmen, AES proposal: Rijndael Document version 2,
1999.
[2] National Institute of Standards and Technology (NIST), Advanced
Encryption Standard (AES), Federal Information Processing
Standards Publications (FIPS) PUBS #197, 2001.
[3] William Stallings, "Cryptography and Network Security Principles
and Practices", Fourth Edition, 2005.
[4] Kazys KAZLAUSKAS, Jaunius KAZLAUSKAS "Key-Dependent S-
Box Generation in AES Block Cipher System", paper 2009.
[5] Adham Elhosary, Evaluation software package on platform Linux
Ubuntu, Kernel 2.6.32-25 used in "Wireless Computer
Communication Network" , a Ph.D. Dissertation, Registered at
MTC, 2008, (in Progress).
[6] Claude Carlet, "Boolean Functions for Cryptography and Error
Correcting Codes”, University of Paris, France, 2008.
[7] V.CH.Venkaiah, K, Srinathanan Bruhadeshwar, “Variations to S-
box and MixColumn Transformations of AES", international
institute of information technology, paper 2005.
[8] Hua Li ,Zac Friggstad, "An Efficient Architecture for the AES Mix
Columns Operation" ,Department of Mathematics and Computer
Science University of Lethbridge. Canada, 2005.
[9] Douglas L. Perry, "VHDL: Programming by Example", Fourth
Edition, 2002.
[10] Bruce Schneier, “Applied Cryptography”, Second Edition,1996.
[11] Volnei A. Pedroni, “Circuit Design with VHDL” Fourth Edition,
2004.
[12] Clive “Max” Maxfield, “The Design Warrior’s Guide to FPGAs”
2004.
[13] Xilinx, “Spartan-3 Starter Kit Board User Guide” V1.0, 2004.
[14] Brian Carter, Ari Kassin, and Tanja Magoc, “Advanced Encryption
Standard”, 2007.
[15] Eltayeb Salih Abuelyman, and Mohamed Ahmed El- Affendi"An
Optimized Real T ime Generation of S-Box Inverses Using
Arithmetic Modulo Powers of Two", IJCSNS International Journal
of Computer Science and Network Security, VOL.7 No.12,
December 2007