7/29/2019 A Security PDA System Based on Cryptoprocessor
1/19
Seminar report 2007-08 A Security PDA system based on Cryptoprocessor
ACKNOWLEDGEMENT
Acknowledgement would be hollow and unfound if we fail to thank the entire
faculty of the Electronics and Communication Dept. of Govt. College of Engg.,
Kannur.
We are highly indebted to our respected Head of the Department and guide for
their excellent guidance and cooperation.
In addition we express our heartfelt gratitude to the seminar coordinator Asst.
for his support.
We are also grateful to the faculty of the Dept. Computer Lab for their timely
help.
We would also like to thank all our friends, who were source of constant
encouragement.
Finally, we owe everything to our parents who have been making supreme
sacrifice every time we cross a milestone in our life.
DHANALAKSHMI. P.P
Dept. of Electronics and Communication Govt. College of Engineering, Kannur
7/29/2019 A Security PDA System Based on Cryptoprocessor
2/19
Seminar report 2007-08 A Security PDA system based on Cryptoprocessor
ABSTRACT
. The crypto algorithms comprised the ECC public
algorithm, the AES and ARIA private key algorithms, the MD5 and
SHA-1 hash algorithms and a random number generator. The design
was based on a 0.25um CMOS standard cell library. The proposed
crypto-processor is good security level better than the compared
design. A security circuit board accommodating the cryptography
chip was developed for secure services of various applications.
Dept. of Electronics and Communication Govt. College of Engineering, Kannur
7/29/2019 A Security PDA System Based on Cryptoprocessor
3/19
Seminar report 2007-08 A Security PDA system based on Cryptoprocessor
CONTENTS
1. Introduction 1
2. Cryptoprocessor Design 2
2.1 Public Key Algorithm 3
2.2 Block Cipher Algorithm 4
2.3 Hash and Random Number Generator 83. Performance results 9
4. Features of the Cryptoprocessors 10
5. Application 11
6. Conclusion 14
7. References 15
Dept. of Electronics and Communication Govt. College of Engineering, Kannur
7/29/2019 A Security PDA System Based on Cryptoprocessor
4/19
Seminar report 2007-08 A Security PDA system based on Cryptoprocessor
Chapter 1
INTRODUCTION
Cryptography algorithms provide secure
services such as message confidentiality, data integrity,
authentication and identification in communication. The mobile
systems need secure services. The cryptography algorithms need to
be implemented as hardware. Because cryptography algorithms
demand heavy arithmetic operations their efficiency can be
decreased, when we implement the cryptography algorithms as
software. Security applications such as Crypto API consume more
than 95% of CPU resource for arithmetic . Crypto-processors and
security accelerators are developing for a solution of this problem .
This paper presents a design and implementation of a crypto-
processor comprising major cryptography algorithms to cover vast
areas of security system applications. The design focuses not only
on highthroughput for network applications but also smaller size for
portable devices. A PDA system the cryptoprocessor has been
developed for verification purposes.
Dept. of Electronics and Communication Govt. College of Engineering, Kannur1
7/29/2019 A Security PDA System Based on Cryptoprocessor
5/19
Seminar report 2007-08 A Security PDA system based on Cryptoprocessor
Chapter 2
CRYPTOPROCESSOR DESIGN
This section presents an integration chip design by a crypto-
processor including ECC, Block Cipher (AES, ARIA), Hash, and
Random Number Generator.
2.1. Public Key Algorithm
The authentication and identification services use the asymmetric
ciphers such as ECC. The ECC block in this paper has a new
architecture based on GF(p). We modify the Montgomery multiplier
using precomputation and high-radix multiplication . It can increase
throughput by simpler carry propagations in additions and easier
quotient estimations. Figure 1 shows the ECC block structure. The
ECC block comprises three components: Main Controller (MC),
Arithmetic Controller (AC) and Arithmetic Unit (AU). MC controls the
computation of kp in the ECC algorithm, and interfaces with the host
CPU of its PDA. AC performs point additions, point doubling and
coordinate translations, and controls AU. AU is the main processing
unit of the ECC block. It comprises a register file, adders and
multiplier, and performs addition, squaring, multiplication and
inversion in GF(p) under the control of AC.
Dept. of Electronics and Communication Govt. College of Engineering, Kannur2
7/29/2019 A Security PDA System Based on Cryptoprocessor
6/19
Seminar report 2007-08 A Security PDA system based on Cryptoprocessor
Fig 2.1.1 Structure of ECC Block
Dept. of Electronics and Communication Govt. College of Engineering, Kannur3
7/29/2019 A Security PDA System Based on Cryptoprocessor
7/19
Seminar report 2007-08 A Security PDA system based on Cryptoprocessor
2.2. Block Cipher Algorithm
The AES algorithm implemented in this research employs the full AES
standards including variable length keys of 128/192/256 bits [6]. In this, the
architecture for 128-bit AES has been designed. The number of rounds depend on
both of these parameters . Therefore, the cipher in all configurations presented
operates in Nr = 10 rounds.
Dept. of Electronics and Communication Govt. College of Engineering, Kannur4
7/29/2019 A Security PDA System Based on Cryptoprocessor
8/19
Seminar report 2007-08 A Security PDA system based on Cryptoprocessor
Fig. 2.2.1: Structure of AES algorithm
Fig. 2.2.1 shows the encryption and decryption structure of the AES
algorithm applied in this work. In encryption, after he initial roundkey addition, Nr
rounds are performed. The operations are the same in the first Nr -1 rounds, with a
small difference in the final round. As shown in Fig. 2.2.1(a), each of the first Nr-1
rounds consists of four transformations: SubBytes, ShiftRows, MixColumns and
AddRoundKey. The final round excludes the MixColumns transformation. The
decryption algorithm uses a different ordering of the inverse forms of the
transformations used in the encryption algorithms as shown in Fig. 2.2.1(b). The four
transformation operations are summarized as follows:
SubBytes: This transformation is a non-linear byte substitution using a substitution
table (S-box). The S-box is constructed of the compositions of two transformations:
multiplicative inverse in GF(28) with irreducible polynomial m(x) = x8+x4+x3+x+1,
and an affine mapping over GF(2). Inthe decryption process, the inverse S-box is
used.
ShiftRows: In this transformation, the rows of the State shift cyclically to the left
with different offsets. In the decryption process, the shifting offsets have different
values.
MixColumns: The MixColumns transformation is performed on the State column-
by-column. Each column is considered as s four-term polynomial over GF(28)
anmultiplierby a(x) modulo x4 + 1, given by a(x) = {03}x3+ {01}x2 + {01}x + 1 for
encryption and a(x) = {0B}x3 + {0D}x2 + {09}x + {0E} for decryption process.
Dept. of Electronics and Communication Govt. College of Engineering, Kannur5
7/29/2019 A Security PDA System Based on Cryptoprocessor
9/19
Seminar report 2007-08 A Security PDA system based on Cryptoprocessor
AddRoundKey: In this transformation, a round key is added to the State using a
bitwise Exclusive-OR (XOR) operation. AddRoundKey is the same for the decryption
process.
The decryption model given in Fig. 2.2.1(b) is modified from the
original described in the NIST standard. It has been rearranged with some changes to
the key generation unit to obtain a structure similar to the encryption model. This
modification is based on the properties of the AES algorithm, which is:
InvShiftRows transformation immediately followed by an InvSubBytes
transformation is equivalent to InvSubBytes transformation immediately followed by
an InvShiftRows transformation.
InvMixColumns transformation is linear, which means: InvMixColumns(State
XOR roundkey) = InvMixColumns(State) XOR InvMixColumns(roundkey)
Fig. 2.2.2 shows the hardware architecture of AES crypto processor
core designed in this work. It combines encryption and decryption into one block,
permitting the sharing of common modules. This crypto processor is designed based
on 4-state pipeline so as to increase the maximum running frequency and timing
performance. It consists of three main modules, which are KeyGen, Control Unit and
Encryption/Decryption Unit. The KeyGen is designed to generate the roundkey for
AddRoundKey transformation in every round. The data path for
encryption/decryption is as follows:
Pt/Ct m2 ARK M-SB M-SR M-MC m1m2ARK Ct/Pt. We
implemented the SubBytes block (S-box) based on the calculation of multiplicative
inverse and affine transform instead of using ROM-based lookup table to reduce the
hardware logic count
Dept. of Electronics and Communication Govt. College of Engineering, Kannur6
7/29/2019 A Security PDA System Based on Cryptoprocessor
10/19
Seminar report 2007-08 A Security PDA system based on Cryptoprocessor
.
Fig 2.2.2 Block Diagram of AES 128 Core
The symmetric ciphers such as Block Cipher (AES,
ARIA) are for confidential message exchanges. The proposed symmetric cipher
module complies with the AES and ARIA standard. It operates in Cipher Block
Dept. of Electronics and Communication Govt. College of Engineering, Kannur7
7/29/2019 A Security PDA System Based on Cryptoprocessor
11/19
Seminar report 2007-08 A Security PDA system based on Cryptoprocessor
Chaining (CBC) and Electronic Code Block (ECB) modes. There is no throughput
degradation in the CBC mode even under the feedback operation. Both AES and
ARIA algorithms employ the one round loop structure for high performance.
2.3. Hash and Random Number Generator
Hash algorithms are for message
authentication. SHA-1 implemented in this design employs the key
length of 160bits [8]. The circuit for SHA-1 comprises control,
parsing, internal number generation, hashing operation and output
circuit units as shown in Figure 4. The control unit fetches user
commands and generates control signals for hashing operations.
The internal number generator schedules hashing operations
processing incoming data. The hash value generated by the hash
computation is used to determine the message digest. Carry save
adders in this design yield higher throughput. The random number
generator is an essential element achieving a high level of security.
Dept. of Electronics and Communication Govt. College of Engineering, Kannur8
7/29/2019 A Security PDA System Based on Cryptoprocessor
12/19
Seminar report 2007-08 A Security PDA system based on Cryptoprocessor
Fig 2.3.1 Hash Function For SHA-1
Chapter 3
PERFORMANCE RESULTS
This section reports the performance of the proposed crypto-
processor. The crypto-processor was modeled in Verilog-HDL and
VHDL. It was synthesized using Synopsys Design Analyzer based on
the 0.25 m CMOS standard cell library. In Table 1 summarizes the performance comparison of the two crypto-processors.
Dept. of Electronics and Communication Govt. College of Engineering, Kannur9
7/29/2019 A Security PDA System Based on Cryptoprocessor
13/19
Seminar report 2007-08 A Security PDA system based on Cryptoprocessor
Table 3.1 Performance Comparison Of Two Cryptoprocessors at
33MHz 40MHz
The ADSP-2141L is commercial crypto processor from Analog
Device Inc. [11]. The proposed design yield similar performace, but
new crypto algorithms such as ECC, AES and ARIA are added to
enhance the security level. Figure 6 shows the crypto-processor die
photo. We fabricated the crypto-processor chip exploiting a 0.25 m
CMOS standard cell library. The target frequency is 40MHz. Also,
hardware size has about 445K EG. Table 2 summarizes the crypto-
processor features.
Dept. of Electronics and Communication Govt. College of Engineering, Kannur10
7/29/2019 A Security PDA System Based on Cryptoprocessor
14/19
Seminar report 2007-08 A Security PDA system based on Cryptoprocessor
Chapter 4
FEATURES OF THE CRYPTOPROCESSORS
Table 4.1:Features
Figure4.1 Crypto-processor chip photo
Dept. of Electronics and Communication Govt. College of Engineering, Kannur11
7/29/2019 A Security PDA System Based on Cryptoprocessor
15/19
Seminar report 2007-08 A Security PDA system based on Cryptoprocessor
Chapter 5
APPLICATION
We designed a C (crypto)-PDA system including the crypto-processor for a test in mobile environment test. We designed a
security circuit board carrying the crypto-processor. Figure 7 shows
a structure connecting the PDA base board and a security
accelerator.
Fig 5.1 C-PDA Device with proposed cryptoprocessor
The bus controller design aims at high bus usage
among functional modules and the proposed 32 bit CTM bus. Figure
8 shows a structure connecting the PDA board and the functional
units.
Dept. of Electronics and Communication Govt. College of Engineering, Kannur12
7/29/2019 A Security PDA System Based on Cryptoprocessor
16/19
Seminar report 2007-08 A Security PDA system based on Cryptoprocessor
Fig 5.2 Structure of a C-PDA System
The PDA board assumes an AMBA bus. The overall secure
communication system consists of two PDA base boards and a
security accelerator board. The PDA base boards and the security
acceleratorboard communicate by the memory mapped I/O method.
The PDA base board includes a 32bit RISC type ARM920T processor.
This system can exchange data with other system through wireless.
The communication employs the IP-sec protocol. Two CPDA systems
exchanges security keys according to the Diffie-Helman method as
shown in Figure 9. Figure 10 shows a secure video communication
between the two C-PDA systems. The C-PDA (ALICE) encrypts a
movie file with an exchanged key and sends to another C-PDA (BOB)
system though wireless media. Th receiver C-PDA (BOB) decrypts
Dept. of Electronics and Communication Govt. College of Engineering, Kannur13
7/29/2019 A Security PDA System Based on Cryptoprocessor
17/19
Seminar report 2007-08 A Security PDA system based on Cryptoprocessor
the received encrypted movie data with the same key and displays
the original movie on a screen.
Fig 5.3 Key Exchange of two C-PDA System
Fig 5.4 Secure video communication between two C-pdaSystem
Dept. of Electronics and Communication Govt. College of Engineering, Kannur14
7/29/2019 A Security PDA System Based on Cryptoprocessor
18/19
Seminar report 2007-08 A Security PDA system based on Cryptoprocessor
Chapter 6
CONCLUSION
This paper presents a design andimplementation of a crypto-processor for a security system. The
cryptoprocess comprises ECC, AES, ARIA, MD5, SHA-1, and a
random number generator. Proposed design can match ADSP-2141L
in performance. But, new crypto algorithms are added to increase
security level. The onboard algorithms support most secrecy
services on various security applications such as a mobile system, a
network system and storage devices without compromising speedand cost. A C-PDA system accommodating the cryptography
modules was designed for demonstration purposes. The designed
crypto-processor should help the protection of personal information
and sensitive proprietary data from unwanted eavesdroppers.
Dept. of Electronics and Communication Govt. College of Engineering, Kannur15
7/29/2019 A Security PDA System Based on Cryptoprocessor
19/19
Seminar report 2007-08 A Security PDA system based on Cryptoprocessor
Chapter 7
REFERENCES
1. http/www.analog.com/technical library/datasheets.html
2. www.wikipedia.com
http://www.wikipedia.com/http://www.wikipedia.com/