AES1. Ultra-Compact Advanced Encryption Standard Core. General Description. Base Core Features. Symbol. Applications



Similar documents
AES (Rijndael) IP-Cores

The Encryption Technology of Automatic Teller Machine Networks

Network Security. Chapter 3 Symmetric Cryptography. Symmetric Encryption. Modes of Encryption. Symmetric Block Ciphers - Modes of Encryption ECB (1)

IronKey Data Encryption Methods

Pavithra.S, Vaishnavi.M, Vinothini.M, Umadevi.V

FPGA IMPLEMENTATION OF AN AES PROCESSOR

Implementation of Full -Parallelism AES Encryption and Decryption

IJESRT. [Padama, 2(5): May, 2013] ISSN:

Northrop Grumman M5 Network Security SCS Linux Kernel Cryptographic Services. FIPS Security Policy Version

SDLC Controller. Documentation. Design File Formats. Verification

SecureDoc Disk Encryption Cryptographic Engine

Lecture 4 Data Encryption Standard (DES)

Network Security - ISA 656 Introduction to Cryptography

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

Secret File Sharing Techniques using AES algorithm. C. Navya Latha Garima Agarwal Anila Kumar GVN

1 Data Encryption Algorithm

Horst Görtz Institute for IT-Security

Design and Verification of Area-Optimized AES Based on FPGA Using Verilog HDL

EXAM questions for the course TTM Information Security May Part 1

Automatic Encryption With V7R1 Townsend Security

AES Cipher Modes with EFM32

Data Encryption WHITE PAPER ON. Prepared by Mohammed Samiuddin.

Triathlon of Lightweight Block Ciphers for the Internet of Things

Secure Network Communications FIPS Non Proprietary Security Policy

Introduction. Where Is The Threat? Encryption Methods for Protecting Data. BOSaNOVA, Inc. Phone: Web:

International Association of Scientific Innovation and Research (IASIR) (An Association Unifying the Sciences, Engineering, and Applied Research)

A PPENDIX H RITERIA FOR AES E VALUATION C RITERIA FOR

How To Attack A Block Cipher With A Key Key (Dk) And A Key (K) On A 2Dns) On An Ipa (Ipa) On The Ipa 2Ds (Ipb) On Pcode)

Symantec Corporation Symantec Enterprise Vault Cryptographic Module Software Version:

SeChat: An AES Encrypted Chat

ESP-CV Custom Design Formal Equivalence Checking Based on Symbolic Simulation

The implementation and performance/cost/power analysis of the network security accelerator on SoC applications

ETSI TS V1.2.1 ( )

AN3270 Application note

The Advanced Encryption Standard (AES)

VASCO Data Security International, Inc. DIGIPASS GO-7. FIPS Non-Proprietary Cryptographic Module Security Policy

IT Networks & Security CERT Luncheon Series: Cryptography

SSL Firewalls

Product Development Flow Including Model- Based Design and System-Level Functional Verification

Software Hardware Binding with Quiddikey

Functional diagram: Secure encrypted data. totally encrypted. XOR encryption. RFID token. fingerprint reader. 128 bit AES in ECB mode Security HDD

Cryptography and Network Security

Area Optimized and Pipelined FPGA Implementation of AES Encryption and Decryption

Accellion Secure File Transfer Cryptographic Module Security Policy Document Version 1.0. Accellion, Inc.

Evaluating The Performance of Symmetric Encryption Algorithms

Blaze Vault Online Backup. Whitepaper Data Security

A HARDWARE IMPLEMENTATION OF THE ADVANCED ENCRYPTION STANDARD (AES) ALGORITHM USING SYSTEMVERILOG

Implementation and Design of AES S-Box on FPGA

Side Channel Analysis and Embedded Systems Impact and Countermeasures

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

How To Encrypt With A 64 Bit Block Cipher

CSci 530 Midterm Exam. Fall 2012

AVR1318: Using the XMEGA built-in AES accelerator. 8-bit Microcontrollers. Application Note. Features. 1 Introduction

Kaseya US Sales, LLC Virtual System Administrator Cryptographic Module Software Version: 1.0

Quartus II Software Design Series : Foundation. Digitale Signalverarbeitung mit FPGA. Digitale Signalverarbeitung mit FPGA (DSF) Quartus II 1

Fast Implementations of AES on Various Platforms

Alliance AES Encryption for IBM i Solution Brief

A Comparative Study Of Two Symmetric Encryption Algorithms Across Different Platforms.

Keywords Web Service, security, DES, cryptography.

Chapter 23. Database Security. Security Issues. Database Security

Cryptographic Rights Management of FPGA Intellectual Property Cores

Implementation Details

VON BRAUN LABS. Issue #1 WE PROVIDE COMPLETE SOLUTIONS ULTRA LOW POWER STATE MACHINE SOLUTIONS VON BRAUN LABS. State Machine Technology

How To Understand And Understand The History Of Cryptography

VMware, Inc. VMware Java JCE (Java Cryptographic Extension) Module

What is a System on a Chip?

Enhancing Advanced Encryption Standard S-Box Generation Based on Round Key

Performance Evaluation of AES using Hardware and Software Codesign

NEAR FIELD COMMUNICATION

AN IMPLEMENTATION OF HYBRID ENCRYPTION-DECRYPTION (RSA WITH AES AND SHA256) FOR USE IN DATA EXCHANGE BETWEEN CLIENT APPLICATIONS AND WEB SERVICES

Cryptography and Network Security Block Cipher

Introduction to Digital System Design

Block encryption. CS-4920: Lecture 7 Secret key cryptography. Determining the plaintext ciphertext mapping. CS4920-Lecture 7 4/1/2015

Enabling Security in ProASIC 3 FPGAs with Hardware and Software Features

A Study of New Trends in Blowfish Algorithm

ELECTENG702 Advanced Embedded Systems. Improving AES128 software for Altera Nios II processor using custom instructions

Digitale Signalverarbeitung mit FPGA (DSF) Soft Core Prozessor NIOS II Stand Mai Jens Onno Krah

Experiment # 9. Clock generator circuits & Counters. Eng. Waleed Y. Mousa

A Methodology and the Tool for Testing SpaceWire Routing Switches Session: SpaceWire test and verification

Architectures and Platforms

Network Security. Security. Security Services. Crytographic algorithms. privacy authenticity Message integrity. Public key (RSA) Message digest (MD5)

Security Policy for Oracle Advanced Security Option Cryptographic Module

13135 Lee Jackson Memorial Hwy., Suite 220 Fairfax, VA United States of America

Modes of Operation of Block Ciphers

AStudyofEncryptionAlgorithmsAESDESandRSAforSecurity

Encryption VIDEO COMMUNICATION SYSTEM-TECHNICAL DOCUMENTATION

CS Computer Security Third topic: Crypto Support Sys

Network Security. Modes of Operation. Steven M. Bellovin February 3,

7a. System-on-chip design and prototyping platforms

40G MACsec Encryption in an FPGA

AES Power Attack Based on Induced Cache Miss and Countermeasure

Talk announcement please consider attending!

Security Policy: Key Management Facility Crypto Card (KMF CC)

A Standards-based Approach to IP Protection for HDLs

RAPID PROTOTYPING OF DIGITAL SYSTEMS Second Edition

Transcription:

General Description The AES core implements Rijndael encoding and decoding in compliance with the NIST Advanced Encryption Standard. Basic core is very small (start at 800 Actel tiles). Enhanced versions are available that support encryption and decryption for various cipher modes (ECB, CBC, OFB, CFB, CTR), as well as different datapath widths for size/performance tradeoff. The core includes the key expansion logic and optional countermeasures against the power analysis attacks. The design is fully synchronous and available in both source and netlist form. Test bench includes vectors from FIPS-197 and the original Rijndael submission. AESAVS tests are also available. AES Core is supplied as portable Verilog (VHDL version available) thus allowing customers to carry out an internal code review to ensure its security. Symbol Base Core Features Encrypts using the AES Rijndael Block Cipher Algorithm Satisfies Federal Information Processing Standard (FIPS) Publication 197 from the US National Institute of Standards and Technology (NIST) Processes 128-bit data blocks with 8, 16, 32, 64 or 128-bit wide data interface Employs key size of 128,192 and 256 bit. Includes the key expansion function Supports basic modes of AES defined in SP800-38A: ECB, CBC, CFB, OFB and CTR Completely self-contained: does not require external memory Optional countermeasures against SPA and DPA attacks Available as fully functional and synthesizable Verilog, or as a netlist for popular programmable devices and ASIC libraries Deliverables include test benches PT[ ] CT[ ] KEY[ ] AES1 CEN LOAD READY Applications Secure wireless communications, including 802.11i, 802.15.3, 802.15.4 (ZigBee), MBOA, 802.16e Electronic financial transactions Content protection, digital rights management (DRM), set-top boxes Secure video surveillance systems Encrypted data storage Secure RFID Secure Smart Cards IP Cores, Inc. April 2005. Updated June 2010 Page 1

Pin Description Name Type Description Input Core clock signal CEN Input Synchronous enable signal. When LOW the core ignores all its inputs and all its outputs must be ignored. Input When goes HIGH, a cryptographic operation is started LOAD Output Input data request signal READY Output Output data ready and valid 8-bit Data Interface KEY[7:0] Input Encryption Key PT[7:0] Input Input Plain Text Data CT[7:0] Output Output Cipher Text Data 16-bit Data Interface KEY[15:0] Input Encryption Key PT[15:0] Input Input Plain Text Data CT[15:0] Output Output Cipher Text Data 32-bit Data Interface KEY[31:0] Input Encryption Key PT[31:0] Input Input Plain Text Data CT[31:0] Output Output Cipher Text Data Function Description An AES encryption operation transforms a 128-bit block into a block of the same size. The encryption key size is 128 bit. The key is expanded during cryptographic operations. The block performs AES encryption as defined by NIST in FIPS-197 and AESAVS validation suite. IP Cores, Inc. April 2005. Updated June 2010 Page 2

Operation A rising input on the port triggers the beginning of a cryptographic operation on the data PT, using the KEY as key. The core then raises the LOAD signal requesting the data block. It then starts to process the state according to the AES algorithm. The timing diagram below shows how the data is fed to the core at the start. LOAD KEY[7:0] PT[7:0] K0 K1 K2 K13 K14 K15 PT0 PT1 PT2 PT13 PT14 PT15 Key and data input at the start of encryption Both the data and the key are input serially, 8, 16 or 32 bits at the time. The diagram above shows the case where the input data is 8 bit When all the rounds are completed, the READY signal is raised and the encrypted data starts to flow out. This is shown in the timing diagram below. READY CT[7:0] CT0 CT1 CT2 CT13 CT14 CT15 Cipher text output It is possible to start a new cryptographic operation as soon as the data from the previous one is output. A cryptographic operation can be aborted at any time by lowering the signal for at least one clock cycle. The core is fully pipelined. Keeping the signal HIGH causes the new cryptographic operation to start simultaneously with ending of previous one; in this case LOAD and READY signals are generated by the core simultaneously. Loading of the new plain text data and key is combined with outputting cipher text data from IP Cores, Inc. April 2005. Updated June 2010 Page 3

the previous operation. This is shown in the timing diagram below. LOAD KEY[7: 0] K0 K1 K2 K13 K14 K15 PT[7:0] PT0 PT1 PT2 PT13 PT14 PT15 READY CT[7:0] CT0 CT1 PT2 CT13 CT14 CT15 Cipher text from a previous operation is being output while new plaintext is input New key can be used for each cryptographic operation. The absence of gaps allows sustaining the throughput listed in the table below. Datapath Width, bit 8 16 32 64 Cycles 160 80 40 20 Bit per clock cycle 0.8 1.6 3.2 6.4 Throughput as a function of datapath width for 128-bit key IP Cores, Inc. April 2005. Updated June 2010 Page 4

Implementation Details Representative area/resources figures for 8-bit datapath ECB mode are shown below. Technology Actel ProAsic-3 Area / Resources 864 tiles Available Versions The AES core is available in ECB, CFB, CBC, OFB and CTR modes, and for different datapath widths. Decryption option is also available. Power Attack Countermeasures A power attack countermeasure option DPA is available to protect the core from simple power analysis (SPA) and differential power analysis (DPA) attacks. This option is available to Actel customers on selected Actel FPGA devices without a separate license from Cryptography Research, Inc. IP Cores, Inc. April 2005. Updated June 2010 Page 5

Export Permits US Bureau of Industry and Security has assigned the export control classification number 5E002 to the core. The core is eligible for the license exception ENC under section 740.17(A) and (B)(1) of the export administration regulations. See the IP Cores, Inc. licensing basics page, http://ipcores.com/exportinformation.htm, for links to US government sites and more details. Deliverables HDL Source Licenses Synthesizable Verilog RTL source code Testbench (self-checking) Test vectors Expected results Netlist Licenses Post-synthesis EDIF Testbench (self-checking) Test vectors Expected results User Documentation Contact Information IP Cores, Inc. 3731 Middlefield Rd. Palo Alto, CA 94303, USA Phone: +1 (650) 815-7996 E-mail: info@ipcores.com IP Cores, Inc. April 2005. Updated June 2010 Page 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information