Embed Size (px)
Citation preview
CHAPTER 1
Introduction:
In order to improve document and border security, the US Department of State has been testing a
pilot program of the first US electronic I-cards. The electronic I-cards contain an integrated chip
embedded in the cover which stores the same data usually contained in the paper I-cards. They
propose to include biometric data such as fingerprint, digital signatures, etc., in the electronic I-
cards. The cipher key objectives of the initiative are to identify the owner, authenticate the
document, and copyright the I-cards [3]. However, there are continuous risks of unauthorized
access and modification to the data contained in the I-cards. To prevent unauthorized access, we
believe that there is an urgent need for development of chip [2]. Intercepting information could
be judicious use of watermarking and encryption at the source end of the biometric process in
hardware like digital secure camera or scanners, Intercepting information moves from the chip to
the reader etc while watermarking is the process whereby a image is embedded with data for the
purpose of copyright protection. Encryption unit is the transformation of data into secret code
with the purpose of protecting the secrecy of the data when sent through an insecure channel.
In the past, several attempts have been made to create the different units of a digital camera with
watermarking capabilities, but few design of the entire digital camera. Only a few of these
designs have also incorporated cryptography in the secure digital camera design. As a result, we
present a design and the architecture of a digital camera system that incorporates watermarking
and encryption.[1]
Objective of the Project:
Two fundamental operations performed by a digital camera are image capturing and storing. The
images are subsequently transmitted in various forms over appropriate media. These images are
always vulnerable to various forms of copyright attacks and ownership issues. Incorporation of
encryption and watermarking together in the digital camera will assist in protecting and
authenticating image files.
Present work introduces architectural development of the entire Encryption Unit and
watermarking Unit for secure camera.
Implementation of AES algorithm for Encryption Unit in verilog.
Synthesis of encryption unit in Xilinx9.2i
Generation of layout on TSMC CMOS 350nm technology in ICFLOW 2007.1
Integration of encryption and watermarking units.
Scope of the Project:
Encryption and Decryption:
To give sensitive data the highest level of security, it should be stored in encrypted form. The
goal of encryption is to make data unintelligible to unauthorized readers and extremely difficult
to decipher when attacked. Encryption operations are performed by using random encryption
keys. The randomness of keys makes encrypted data harder to attack. Keys are used to encrypt
data, but they also perform decryption. This focused on a security solution for protection of data
at rest, specifically protection of data that resides in database. The key used in this algorithm is
obtained by having the hashed value of the original key generated along with the salt value. Also,
the key will be in the rotation mode making quite complex for attacks.
Fig. 1 Encryption unit
Fig. 2 Dycryption unit
Ciphertext
*&%$#@na*
Encryption key
@#$%9*&^
EncryptionPlain text
Mohd nadeem
Ciphertext
*&%$#@na*
Dycryption Plain text
Mohd nadeem
Decryption key
@#$%9*&^
What is AES?
Cryptography plays an important role in the security of data. It enables us to store sensitive
information or transmit it across insecure networks so that unauthorized persons cannot read it.
The urgency for secure ex-change of digital data resulted in large quantities of different
encryption algorithms which can be classified into two groups:
Asymmetric encryption algorithms (with public key algorithms) and
Symmetric encryption algorithms (with private key algorithms) [1].
Symmetric key algorithms are in general much faster to execute electronically than asymmetric
key algorithms. In our case, an external data storage unit in a dependable application has been
designed and different symmetric key algorithms have been considered for data encryption. We
first considered Data Encryption Standard (DES) as possible candidate because the
implementation is relatively simple [2]. Later however this option was rejected due to its
vulnerability. As an alternative, AES algorithm was implemented and the results of the
experimental feasibility study are reported in the paper. The algorithm originates from the
initiative of the National Institute of Standards and Technology (NIST) in 1997 to select a new
symmetric key encryption algorithm. From the initial candidates [3], Rijndael algorithm was
selected as the Advanced Encryption Standard (AES) [4] due to the combination of security,
performance, efficiency, ease of implementation and flexibility. Rijndael is a symmetric byte-
oriented iterated (each iteration is called a round) block cipher that can process data blocks of
128 bits (4 words), using keys with length of 128, 192 and 256 bits. Rijndael is capable of
processing additional block sizes (160, 192 and 244 bits) and key lengths (160 and 244 bits),
however they are not adopted in AES. Our implementation refers to AES algorithm. The
algorithm is composed of three main parts: Cipher, Inverse Cipher and Key Expansion. Cipher
converts data to an unintelligible form called ciphertext while Inverse Cipher converts data back
into its original form called plaintext. Key Expansion generates a Key Schedule that is used in
Cipher and Inverse Cipher procedure. Cipher and Inverse Cipher are composed of specific
number of rounds (Table 1). For the AES algorithm, the number of rounds to be performed
during the execution of the algorithm is dependent on the key length [4].
Block Size
Nb words
Key length
Nk words
Number of
rounds Nr
AES – 128-
bits key
4 4 10
AES – 192-
bits key
4 6 12
AES – 256-
bits key
4 8 14
Table – 1
For both its Cipher and Inverse Cipher, the AES algorithm uses a round function that is
composed of four different byte-oriented transformations: SubBytes, ShiftRows, MixColumns
and AddRoundKey.
Inputs and outputs: The input and output for the AES algorithm each consists of sequences of
128 bits. The Cipher Key for the AES algorithm is a sequence of 128, 192 or 256 bits. The basic
unit for processing in the AES algorithm is a byte (a sequence of eight bits), so the input bit
sequence is first transformed into byte sequence. In the next step a two-dimensional array of
bytes (called the State) is built. The State array consists of four rows of bytes, each containing
Nb bytes, where Nb is the block size divided by 32 (number of words). All internal operations
(Cipher and Inverse Cipher) of the AES algorithms are then performed on the State array, after
which its final value is copied to the output (State array is transformed back to the bit sequence).
Cipher: Using round function, which is composed of four different byte-oriented
transformations, the Cipher converts input data (the input data is first copied to the State array) to
an unintelligible form called ciphertext. After an initial Round Key addition, the State array is
transformed by implementing a round function with the final round differing slightly from the
first Nr − 1 rounds. The round function is parameterized using a key schedule that consists of a
one-dimensional array of four-byte words (Round Key) derived using the Key Expansion
routine. All Nr rounds (see Table 1) are identical with the exception of the final round, which
does not include the MixColumns transformation. Key Schedule: The AES algorithm takes the
Cipher Key and performs a Key Expansion routine to generate a Key Schedule. The Key
Expansion generates a total Nb(Nr + 1) words ( Nr + 1 Round Keys).
Inverse Cipher: At the start of the Inverse Cipher, the input (ciphertext) is copied to the State
array. After Round Key addition (the last Round Key is added), the State array is transformed by
implementing a round function, that is composed of three different inverse transformations and
AddRoundKey transformation (Round Keys are applied in the reverse order when decrypting),
with the final round differing slightly from the first Nr – 1 rounds. So this procedure converts
ciphertext back to its original form called plaintext. All Nr rounds are identical with the
exception of the final round, which does not include the Inverse Mix-Columns transformation.
The whole AES algorithm is sketched in Figure 1.
ALGORITHM:
GENERATE STATE ARRAY
Shift row transform
ADD THE FIRST ROUTE KEY
Sub bytes transform(s-box)
Mix column transform
Add the i-th round key
Key schedule Sub bytes
transform(s-box)
Shift row transform
Add the last round key
Plain texti<9
CHAPTER 2
Literature Survey:
1) Implementation of Advanced Encryption Standard Algorithm.
M.Pitchaiah, Philemon Daniel, Praveen. International Journal of Scientific & Engineering Research Volume 3, Issue 3, March -2012
Cryptography is the study of mathematical techniques related to aspects of information security
such as confidentiality, data integrity, entity authentication and data origin authentication. In
data and telecommunications, cryptography is necessary when communicating over any
unreliable medium, which includes any network particularly the internet. In this paper, a 128 bit
AES encryption and Decryption by using Rijndael algorithm (Advanced Encryption Standard
algorithm) is been made into a synthesizable using Verilog code which can be easily
implemented on to FPGA. The algorithm is composed of three main parts: cipher, inverse cipher
and Key Expansion. Cipher converts data to an unintelligible form called plaintext. Key
Expansion generates a Key schedule that is used in cipher and inverse cipher procedure. Cipher
and inverse cipher are composed of special number of rounds. For the AES algorithm, the
number of rounds to be performed during the execution of the algorithm uses a round function
that is composed of four different byte-oriented transformations: Sub Bytes, Shift Rows, Mix
columns and Add Round Key.
2) RISC Based Architecture for Customized Cryptographic Instructions.
Fathima Shireen, Syed Musthak Ahmed, G. Krishnamurthy, International Journal of Engineering Science Invention Volume 2
February. 2013
Security is one of the most important features in data communication. Cryptographic algorithms
are mainly used for this purpose to obtain confidentiality and integrity of data in communication.
Implementing a Cryptographic algorithm on a general purpose processor results in lower
throughput and larger power consumption. In this work, we propose processor architecture to
perform the cryptographic algorithms that also speeds up the encryption and decryption process
of data. This processor will perform the cryptographic operations like general instructions in
GPP. The processor architecture is designed using Verilog HDL, with the data size of the
processor of 32 bits.
3) A VLSI Architecture for Visible Watermarking in a Secure Still Digital Camera (S2DC) Design.
S. P. Mohanty, Member, IEEE, Nagarajan Ranganathan, Fellow, IEEE, and Ravi K. Namballa (IEEE, VOL.13, NO.8, AUGUST2008)
Watermarking is the process that embeds data called a watermark, a tag, or a label into a
multimedia object, such as images, video, or text, for their copyright protection. According to
human perception, the digital watermarks can either be visible or invisible. A visible watermark
is a secondary translucent image overlaid into the primary image and appears visible to a viewer
on a careful inspection. The invisible watermark is embedded in such a way that the modification
made to the pixel value is perceptually not noticed, and it can be recovered only with an
appropriate decoding mechanism. This paper presents new very large scale integration (VLSI)
architecture for implementing two visible digital image watermarking schemes. The proposed
architecture is designed to aim at easy integration into any existing digital camera framework. To
the author’s knowledge, this is the first VLSI architecture for implementing visible watermarking
schemes. A prototype chip consisting of 28 469 gates is implemented using 0.35- m technology,
which consumes 6.9-mW power while operating at 292 MHz.
4) Data Protection Algorithm Using AES.
Anitha, P. and Palanisamy, V. International Journal of Current Research Vol. 33, Issue, 6, pp.291-294, June, 2011
The paper aims at providing a solution for secure storage of the records in a database.
The solution should be prone to less security attacks and should take the optimal time for
storage. The algorithm used is AES of stream cipher category. The input and the key can be of
variable length. Regarding the key for the algorithm, it is the hashed value of the original key
along with the Salt value. Since stream cipher, we will encrypt byte by byte using the key. We
have a Permutation box (p-box) and Substitution box (s-box) logic to make the algorithm quite
complex and to avoid the security breaches. The Key will be in the rotation mode based on a
simple logic being implemented in the algorithm thus making it quite complex for attacks. Thus,
the records are stored in the encrypted format in the database.
5) Comparative Analysis of AES and DES security Algorithms.
Sumitra. International Journal of Scientific and Research Publications, Volume 3, Issue 1, January 2013.
In recent years network security has become an important issue. Cryptography has been used to
secure data and control access by sharing a private cryptographic key over different devices.
Cryptography renders the message unintelligible to outsider by various transformations Data
Cryptography is the scrambling of the content of data like text, i mage, audio and video to make
it unreadable or unintelligible during transmission. Its main goal is to keep the data secure from
unauthorized access.
6) High-Speed VLSI Architectures for the AES Algorithm.
Xinmiao Zhang, Student Member, IEEE, and Keshab K. Parhi, Fellow, IEEE. VLSI SYSTEMS, VOL. 12, NO. 9, SEPTEMBER 2004
This paper presents novel high-speed architectures for the hardware implementation of the
Advanced Encryption Standard (AES) algorithm. Unlike previous works which rely on Look up
tables to implement the SubBytes and InvSubBytes trans-formations of the AES algorithm, the
proposed design employs combinational logic only. As a direct consequence, the unbreakable
delay incurred by look-up tables in the conventional approaches is eliminated, and the advantage
of subpipelining can be further explored. Furthermore, composite field arithmetic is employed to
reduce the area requirements, and different implementations for the inversion in subfield
GF(24)are compared. In addition, efficient key expansion architecture suitable for the
subpipelined round units is also presented. Using the proposed architecture, a fully subpipelined
encryptor with 7 substages in each round unit can achieve a throughput of 21.56 Gbps on a
Xilinx XCV1000 e-8bg560 device in non-feedback modes, which is faster and is 79% more
efficient in terms of equivalent throughput/slice than the fastest previous FPGA implementation
known to date.
7) An Overview of Cryptanalysis Research for the Advanced Encryption Standard.
Alan Kaminsky, Michael Kurdziel, Stanisław Radziszowski
Since its release in November 2001, the Advanced Encryption Standard (NIST FIPS-197) has
been the subject of extensive cryptanalysis research. The importance of this research has
intensified since AES was named, in 2003, by NSA as a Type-1 Suite B Encryption Algorithm
(CNSSP-15). As such, AES is now authorized to protect classified and unclassified national
security systems and information. This paper provides an overview of current cryptanalysis
research on the AES cryptographic algorithm. Discussion is provided on the impact by each
technique to the strength of the algorithm in national security applications. The paper is
concluded with an attempt at a forecast of the usable life of AES in these applications.
8) Hardware Implementation of AES Algorithm
Marko Mali ,Franc Novak ,Anton Biasizzo. ELECTRICAL ENGINEERING, VOL. 56, NO. 9-10, 2005,
The paper presents a hardware implementation of the AES algorithm developed for an external
data storage unit in a dependable application. The algorithm was implemented in FPGA using
the development board Celoxica RC1000 and development suite Celoxica DK. The purpose of
this prototype version was to test the correctness of the implemented algorithm and to gain
experience in optimisation of algorithm structure for the prospective embedded implementation
in the target application
