Design and Implementation of Encryption Unit Based on Customized AES Algorithm

Transcription

1 International Journal of Video & Image Processing and Network Security IJVIPNS-IJENS Vol: 11 No: 33 Design and Implementation of Encryption Unit Based on Customized AES Algorithm Nabil Hamdy #1, Khaled Shehata #2, Haitham Eldemerdash #2 #1 Electronics and communication Department, MIU, Cairo, Egypt. #2 Electronics and communication Department, AAST, Cairo, Egypt. Abstract This encryption unit adopts the AES (Advanced Encryption Standard) as the encryption algorithm because it has been extensively challenged, evaluated, and, it is the most popularly used symmetric key algorithm. In this paper, we propose a customized version of the AES block cipher to suit proprietary data encryption applications. We designed the customization of the AES to cover three main AES cryptographic functions, these are: S-box Generation, Mix Column Transformation, and Key Expansion Function. The S- Box generation process results in a new S-Box. The new S-Box is tested to be sure of satisfying the required cryptographic features: algebraic degree, non linearity, propagation criteria, correlation immunity, and balancedness. The customized AES is tested also against statistical randomness properties. The encryption unit is finally designed, implemented, and tested using FPGA technology. Index Terms Advanced Encryption Standard (AES), S-Box generation, S-Box testing, Field programmable gate arrays (FPGA). II. THE CUSTOMIZED ALGORITHM In the customized AES algorithm we keep the same sequence of the standard encryption and decryption procedures shown below in Figure 1 [3], but we introduced major modifications into three main cryptographic functions by generating and testing a brand new S-Box instead of the one described in the standard AES version, and modify the standard primitive polynomial which used for mix column transformation and key expansion function. I. INTRODUCTION Customizing the AES algorithm attracted attention of researchers to provide proprietary security. In this work, we propose a customized version of the AES block cipher to suit proprietary data encryption applications. More over, the customized AES is incorporated in an encryption unit that is implemented using FPGA. The structure of the original AES algorithm is built in four main cryptographic functions [1], [2]. We design the customization of the AES to cover the following three main AES cryptographic functions: (1) S-box Generation. (2) Mix Column Transformation. (3) Key Expansion Function. Using FPGA, the architecture of the encryption unit is composed of four main functional block, these are the loop controller module, the encryption and decryption round module, key expansion function module, and the ram module. In the next sections we discuss the customized algorithm structure and performance testing the building blocks of the architecture of the encryption unit. We also provide the details of the simulation results. The results of statistical randomness tests for the customized algorithm are provided in the appendix. Fig. 1. AES Encryption and Decryption A. The Proposed Design for the New S-box

2 International Journal of Video & Image Processing and Network Security IJVIPNS-IJENS Vol: 11 No: 34 A.1 Generation of the new S-box Substitution is a nonlinear transformation which performs confusion of bits. A nonlinear transformation is essential for every modern encryption algorithm and is proved to be a strong cryptographic primitive against linear and differential cryptanalysis [4]. The first question arises as to the best method of selecting the S-box (SB) entries there is four approaches of S-box design [3],[15]. These methods are Random method, Random with testing method, Human-made method, and Math-made method. We selected the second technique by using (4) algorithm as stream random generation for customized S-boxes; 4 algorithm is variable key size stream cipher with byte oriented operation. 4 algorithm is based on the use of a random permutation of 256 bit state [3], [10]. Variation on the second technique is to use S-boxes with random process, which starts with S-boxes filled with pseudorandom digits from (4) generation and alters the contents using the key. Tables I and Table II represent an example, of new S-box and its inverse, generated by 4 when the key of 4 is: 7FC023A814B5D69E. TABLE I AES-4 S-box TABLE II The Inverse S-box Testing the contents of the new S-box is essential to insure that all required parameters of S-box in AES design are achieved by this design. For testing the S-box parameters we used the S-box Evaluation Software Package [5], which measures the following S-box cryptographic parameters: algebraic degree (AD), non linearity (NL), propagation criteria (PC), correlation immunity (CI), and balancedness (BL) [6]. The output results of these tests on the generated new S-boxes (using the 4) are illustrated in the following Table III: No. TABLE III Test results for 10 samples of new S-Boxes generated by 4 Key Sequence Parameters AD NL PC CI BL ABCDEF C60D3A781BE2F D195AF73E028B46C D1C783EA29BF FCD45EA172AC8FB B5D1428AE73C69F AE73C69F0B5D D391E60CA4257B8F A4257B8FD391E60C FC023A814B5D69E Consequently, we selected the new S-Box that is generated by the key sequence number (10), because it has the highest Algebraic Degree between all tested samples and it has the same Algebraic Degree as Standard AES S-Box which is 7, all the projections of each S-Box are balanced, and the result for propagation criteria and Correlation immunity for the S- Boxes generated by 4 are the same as standard AES S- Box, moreover the nonlinearity is very close to the standard AES S-Box which is 112. B. Standard Shift Rows Transformation Shift Rows Transformation is a linear diffusion process, operating on individual rows. Depending on the row location, offset of left shift varies from zero to three bytes. The forward shift row transformation, called Shift Rows (SR) [3], is depicted in Figure 2. The (SR) is a cyclic shift of each row by different byte offsets. Row 0 is not changed. Row 1 is left rotated by one time. Row 2 is left rotated twice, and row 3 three times. Fig. 2. Standard Shift Row Transformation. A.2 Testing the new S-box

3 International Journal of Video & Image Processing and Network Security IJVIPNS-IJENS Vol: 11 No: 35 The inverse shift row transformation, called Inv Shift Rows, performs the circular shifts in the opposite direction [3], for each of the second, third and fourth rows with a one-byte circular right shift for the second row, and so on. C. Proposed Mix Column Transformation Mix Column Transformation is Matrix multiplication over GF (2^8). Column vector is multiplied with a fixed matrix where the bytes are treated as polynomials rather than numbers [7], [8], the standard polynomial of the AES; A (x) is given as: A (x) = {03} x3 + {} x2 + {} x + {02} (1) Mix Column operates on the State of the data to be encrypted column by column. Each column is considered as a polynomial over GF (2^8) which is given by: M (x) = X 8 + X 4 + X 3 + X + 1 (2) multiplication of a value by x (i.e., by {02}) can be implemented as a 1-bit left shift followed by a conditional bitwise XOR with {1B} for standard polynomial if the leftmost bit of the original value (prior to the shift) is 1 [3]. Proposed MixColumn transformation: Consider the customized polynomial B(x) is given as: B (x) = {02} x 3 + {03} x 2 + {} x + {} (3) This polynomial has self-inverse with respect to (x 4 +1) [14]. The transformation based on this polynomial is the following proposed MixColumn transformation in a matrix form, this is written as: b'0, C b1', C = b'2, C 03 b'3, C b0, C 03 b1, C 02 b2, C b3, C These variations are designed over the Galois field GF (2^8) generated by the selected irreducible primitive polynomial that tested by Matlab 7 package tool to check its permittivity and irreducibility, this polynomial N(x) is: N (x) = X 8 + X 4 + X 3 + X (5) And it is multiplied with modified polynomial B(x) modulo (X 4 +1), a conditional bitwise XOR with {1D} for customized polynomial if the leftmost bit of the original value is 1.The new Mix Column transformation has self-inverse and uses the coefficients, 02, and 03. Multiplication by these coefficients involves at most a shift and an XOR. (4) Therefore proposed Mix column transformation is invertible and constructed with the polynomial D (x) which given by: D (x) = {0D} x 3 + {09} x 2 + {0E} x + {0B} (6) D. Proposed Key Expansion Function The AES key expansion algorithm takes as input a 4 words (16 bytes) key and produces a linear array of 44 words (176 bytes). This is sufficient to provide a 4 words round key for the initial Add Round Key stage and each of the 10 rounds of the cipher. The round constant is a word in which the three rightmost bytes are always 0. Thus the effect of an XOR of a word with Rcon is to perform an XOR on the leftmost byte of the word. The round constant is different for each round and is defined as Rcon (j) = ( (j), 0, 0, 0), with (1) = 1 [3]. (j) = 2 (j - 1) (7) Rcon for customized AES given by the newly proposed irreducible polynomials with multiplication defined over the field GF (2^8): N (x) = X 8 + X 4 + X 3 + X (8) The values of Rcon (9) and Rcon (10) are changed from its standard values according the variations of irreducible polynomial [2].Table IV gives the Rcon values in hexadecimal related to standard and customized polynomials. Rcon (J) Standard Polynomial Customized Polynomial (1) (2) (3) E. Software Simulation TABLE IV Rcon values (4) (5) (6) (7) (8) (9) (10) B D 3A The customized algorithm was implemented in Microsoft visual basic 6.0 as software simulation for verifying the encryption and decryption process. The graphical user interface (GUI) helps the user to select between encryption and decryption process easily, and also file processing by clarifying the source and destination paths and also file length. There are two text boxes for both AES seed key and S-box initialization which is 4 seed key. Software interface can deal with any type of files formats (text, picture, audio and video) as shown in Figure 3.

4 International Journal of Video & Image Processing and Network Security IJVIPNS-IJENS Vol: 11 No: 36 9) Lempel-Ziv Compression Test. 10) Approximate Entropy Test. 11) Cumulative Sums Test. 12) Random Excursions Variant Test. 13) Random Excursions Test. 14) Non Overlapping Template Matching Test. 15) OVERLAPPING TEMPLATE MATCHING TEST. III. FPGA DESIGN AHITECTURE Fig. 3. Software Simulation Interface F. Statistical Randomness Tests For testing the algorithm output (the ciphertext) a specialized software package called "The Exhaustive Statistical Test Package is used. This test package exists at "The Communications and Encryption Lab" in "Science and Technology Center of Excellence (STCE)" of the Ministry of Military Production. The snapshots from these test results are included in appendix A. The following Table V provides the conclusive results from all statistical randomness tests which were performed on 28 plaintext files with different formats (text, picture, audio and video). These tests help detecting any deviation from the assumed randomness property of ciphertexts generated by the customized AES. In this section, we provide a detailed description of our proposed FPGA architecture for the Customized AES Algorithm [9], [11]. The design consists of four main units; the first unit is loop controller module which responsible for controlling the encryption and decryption processes by receiving an external interrupt and mode select signals which are used to control the data processing during the round operations in the second module, the second unit is AES Encryption & Decryption Round module this module performs the encryption and decryption operations during the round functions by receiving data, round keys, and control signals from other modules. It consists of four main components, four mix column units to perform mix column function, 32 Rom units which contain S-box and inverse S- box values. Four inverse mix column units to perform inverse operation of mix column function and the last component is the add _round _key to make XOR operation of data and round key. No. of Tested Files Overall No. Of Tests TABLE V Conclusion Test Results No. of Tests (Passed) No. of Tests (Failed) Result (%) This is done by taking samples out of encryption unit and subjecting it to the following statistical tests: 1) Frequency Test. 2) Serial Test. 3) Poker Test. 4) Runs Test. 5) Longest Run of Ones Test. 6) Binary Matrix Rank Test. 7) Auto-correlation Test. 8) Maurer's Universal Test. Fig. 4. Top Level of a Customized Unit The third main unit is Key Expansion Function module which used to generate the sub-keys (round keys) from the original seed key (128 bits) based on the AES key expansion algorithm. It produces a linear array of 44 words (176 bytes) [3] by expanding the four words (16 bytes) key input. Key Expansion Function module consists of three components, the

5 International Journal of Video & Image Processing and Network Security IJVIPNS-IJENS Vol: 11 No: 37 key controller unit which is used for fully controlling the round keys generation function, 4 units of Rom unit which contain S-box values, the third component is Rcon unit which used to make XOR operation between round constant and substituted word. The last main unit is Ram module; it is responsible for generating the output sequence of (128) output round key. All the four basic units are illustrated in Figure 4. All modules are designed using VHDL design Entry.The used tools is FPGA advantage 5.2 from Mentor Graphics [12]. IV. SIMULATION The simulation tool, used to verify the validity of the design, is the ModelSim SE PLUS 5.5e which is a downstream tool in the FPGA advantage 5.2 package. The simulation result of the top design of AES encryption process is shown in Figure 5. The data with length of 128-bit is received on port (aes_ip) in AES controller module and then encrypted using the (seed_key) Fig. 6. Simulation of the decryption process with its sub rounds keys to get the ciphered data output 128- bit denoted as (round_out). The figure shows the main 5 control signals produced by the loop controller module and key controller module. The enc_dec signal is used for mode selection between encryption and decryption process, both (ip_intr) and (key_intr) interrupt signals are used to apply input data and seed key data, (key_rdy) and (output_rdy) that give the information that both key generation in key expansion function and encryption operation are completed. Figure 6, shows the simulation waveforms for decryption process to be confirm that the plain data will be recovered again from ciphered data. From simulation results we find that the key expansion process finished and generated all round keys in (112 m sec) and also the encryption process take (8300 n sec) till the cipher output is ready. For decryption process, the overall operation takes (20200 n sec). The clock speed used is 50 MHz this mean that the design clock duration is 50 n sec [13]. From Figure 6 we observe that the value of enc_dec control signal changed according to the process selection between encryption and decryption operations. Key Interrupt Input Interrupt Key Ready Seed Key Fig. 5: Simulation of the encryption process Reset Mode Select Enc/Dec Output Ready Plain Data Clock Cipher Data Mode Select Enc/Dec Seed Key Plain Data Cipher Data

6 International Journal of Video & Image Processing and Network Security IJVIPNS-IJENS Vol: 11 No: 38 V. CONCLUSION Implementation of new encryption unit based on customized AES Algorithm is introduced. This customization depends on variations of three main functions in the standard AES. The customized S-Box is generated using the random output of the 4 algorithm, testing the new S-Box is carried out to insure that the new S-boxes contents satisfy the required cryptographic features ; Nonlinearity, Algebraic Degree, Correlation immunity, Propagation criteria, and Balancedness. The proposed Mix Column Transformation and Key Expansion function was implemented using different primitive polynomial. The proposed encryption unit is implemented using FPGA. The ciphered output was tested using exhaustive statistical test package, and other National Institute of Standards and Technology (NIST) tests [2]. Using customized algorithm increase the complexity and also makes the differential and linear cryptanalysis more difficult Fig. 9. Final Result of Serial Test APPENDIX Snapshots from Randomness Test Results: Fig. 10. Final Result of Cumulative Sums Test Fig. 7. Final Result of Frequency Test Fig. 8. Final Result of Runs Test Fig. 11. Final Result of Auto Correlation Test

7 International Journal of Video & Image Processing and Network Security IJVIPNS-IJENS Vol: 11 No: 39 Fig. 12. Final Result of Poker Test Fig. 15. Final Result of Approximate Entropy Test Fig. 13. Final Result of Maurer s Test Fig. 16. Final Result of Random Excursions Variant Test Fig. 14. Final Result of Lempel-Ziv Compression Test Fig. 17. Final Result of NonOverlapping Template Test

8 International Journal of Video & Image Processing and Network Security IJVIPNS-IJENS Vol: 11 No: 40 REFERENCES [1] J. Daemen, V. Rijmen, AES proposal: Rijndael Document version 2, [2] National Institute of Standards and Technology (NIST), Advanced Encryption Standard (AES), Federal Information Processing Standards Publications (FIPS) PUBS #197, 20. [3] William Stallings, "Cryptography and Network Security Principles and Practices", Fourth Edition, [4] Kazys KAZLAUSKAS, Jaunius KAZLAUSKAS "Key- Dependent S-Box Generation in AES Block Cipher System", paper [5] Adham Elhosary, Evaluation software package on platform Linux Ubuntu, Kernel used in "Wireless Computer Communication Network", a Ph.D. Dissertation, Registered at MTC, 2008, (in Progress). [6] Claude Carlet, "Boolean Functions for Cryptography and Error Correcting Codes, University of Paris, France, [7] V.CH.Venkaiah, K, Srinathanan Bruhadeshwar, Variations to S-box and MixColumn Transformations of AES", international institute of information technology, paper [8] Hua Li,Zac Friggstad, "An Efficient Architecture for the AES Mix Columns Operation",Department of Mathematics and Computer Science University of Lethbridge. Canada, [9] Douglas L. Perry, "VHDL: Programming by Example", Fourth Edition, [10] Bruce Schneier, Applied Cryptography, Second Edition,1996. [11] Volnei A. Pedroni, Circuit Design with VHDL Fourth Edition, [12] Clive Max Maxfield, The Design Warrior s Guide to FPGAs [13] Xilinx, Spartan-3 Starter Kit Board User Guide V1.0, [14] Brian Carter, Ari Kassin, and Tanja Magoc, Advanced Encryption Standard, [15] Eltayeb Salih Abuelyman, and Mohamed Ahmed El- Affendi"An Optimized Real Time Generation of S-Box Inverses Using Arithmetic Modulo Powers of Two", IJCSNS International Journal of Computer Science and Network Security, VOL.7 No.12, December 2007