Implementation of Network Data Encryption Based on MSP430 and Cyclone II

       1 Introduction

　　With the development of information technology and networking, network communication security issues are becoming increasingly prominent. Field Programmable Gate Array (FPGA) is widely used in the field of encryption due to its flexible design and high reliability. The encryption algorithm implemented by hardware does not occupy computer resources. The encryption process is completely isolated from the external bus and has a high data protection capability. The algorithm can be flexibly changed and has strong independence. The encryption machine consists of a single-chip microcomputer, FPGA and El communication interface. The internal algorithm of FPGA is written in VHDL language. The system is suitable for occasions requiring high data security. Its terminals can be computers, bank POS machines, etc., providing security and confidentiality of data transmission.

　　2 Stream encryption and decryption principles and algorithms

　　2.1 Stream encryption and decryption principles

　　A stream cipher consists of two parts: a key and a cryptographic algorithm. The key is generally stored inside the encryption and decryption device and is set before data transmission. The cryptographic algorithm remains unchanged over a long period of time. In a synchronous stream cipher, as long as the sender and receiver have the same key and internal state, they can generate the same key stream.

　　During data transmission, the encryption end and the decryption end use the same initial key. During encryption, the ciphertext is obtained by XORing the ciphertext with the plaintext, and synchronization data is added at regular intervals. During decryption, the ciphertext generated in the synchronization mode is XORed with the ciphertext stream to obtain the plaintext. The synchronization mode uses a 63-bit Gold code. The entire encryption and decryption process and the sent data format are shown in Figure 1. The initial synchronization code is added to the sent ciphertext, and the receiving end uses the three-value characteristic of the Gold code to detect the Gold code to achieve synchronization data. The received data stream and the Gold code are cross-correlated. The correlation result satisfies the three-value characteristic of the Gold code, indicating that the current data stream is the synchronization Gold code added by the sender. The mark is the start of the ciphertext, and then the decryption algorithm is called to decrypt the subsequent ciphertext to restore the transmitted data.

　　2.2 Principle of A5/1 Algorithm

　　A5/1 is a stream cipher encryption algorithm for data transmission in GSM mobile communications. The cipher generated by the A5/1 cipher stream generator is XORed with each bit of the plaintext data frame to obtain a ciphertext sequence. The A5/1 algorithm consists of three linear feedback shift registers R1, R2, and R3 of different lengths, with lengths of 19, 22, and 23 bits respectively, and their feedback characteristic equations are: x18+x17+x16+x13+1, x22+x21+x20+x7+1. The initial key of the algorithm is a 64-bit vector. The cipher stream output bits are the XOR outputs of the three shift registers. The enable of the shift register is controlled by the majority function. The 8th bit of R1, the 10th bit of R2, and the 10th bit of R3 are the majority function data inputs, which determine the shift status of the three shift registers. Among these three data bits, if two or more are 0, the majority function value is 0; if two or more are 1, the majority function value is 1. If the 3 data bits of the majority function input are the same as the majority function value, the corresponding shift register will shift. The hardware implementation principle of A5/1 is shown in Figure 2. The generation of the password stream is divided into two stages. The first stage is to load the register with a 64-bit initial value; the second stage is to generate the password stream according to the clock beat and enable control.

　　2.3 Principle of W7 Algorithm

　　The W7H algorithm is similar to the A5/1 algorithm in terms of structural principle. The W7 algorithm consists of 8 parallel hardware structure modules similar to the A5/1 algorithm. Each module contains 3 linear feedback shift registers and most functions. The difference is that the W7 algorithm uses a 128-bit initial key and the length of the linear feedback shift register is 38, 43, and 47 bits respectively. The 8 parallel modules use the same initial key. However, the input bits of the feedback structure and most functions are different. The outputs of the 8 modules form an 8-bit password stream, which has higher encryption efficiency. Each linear shift register generates 1 bit of data through logical AND from a fixed data bit, and then XORs the data bit with the highest bit output. Finally, the output of the 3 shift registers is XORed and output as the password bit output of this parallel block. Since there are 8 parallel blocks, the total output is 8 bits, that is, 1 byte. During design, it is output once every 8 clock cycles to ensure the consistency of the data rate.

　　3 System Hardware Design

　　The hardware design of this system consists of a single-chip microcomputer, FPGA and E121, as shown in Figure 3. The single-chip microcomputer is used to input the user's initial key; the FPGA is responsible for key stream generation and encryption and decryption; the E1 interface realizes the sending and receiving of data streams, completes the conversion between HDB3 code and TTL level, and realizes full-duplex communication between the communication interface unit and the protocol data processing unit.

　　Since the communication link adopts the E1 standard, the external data link interface 121 designed by the system adopts the E1 interface, and the interface device DS21348 is selected. DS21348 supports E1 and T1 line interface units, and the E1 line interface unit is selected through register settings. DS21348 can be configured in hardware mode to complete the level conversion from HDB3 to TTL, TTL to HDB3, clock synchronization, data signal format conversion and data frame processing. The system can process two data channels in parallel, one for encryption and the other for decryption, to achieve full-duplex communication.

　　Since TI's MSP430 series microprocessor platform has the characteristics of low power consumption and small size, it is suitable for portable applications. Therefore, the single-chip microcomputer adopts the MSP430 series and realizes data communication with the FPGA through the SPI interface. The single-chip microcomputer is connected to a keyboard for inputting the initial key. Considering that the number of bits of the key input by the user cannot be too many, a short key can be set and expanded inside the single-chip microcomputer to the number of bits required by the algorithm, and then transmitted to the FGPA through the single-chip microcomputer SPI interface. The SPI interface has a total of 4 signal lines: serial clock (SCK), master output/slave input (MOSI), master input/slave output (MISO), and slave chip select (SS). The SPI interface can be configured as master or slave mode. The design is configured in master mode. When the single-chip microcomputer transmits commands or data to the FPGA, the SPIO mode is applied. When the chip select signal is pulled low, data is sent at the rising edge of each clock (SCK). There is no need for the FPGA to input data to the single-chip microcomputer, so the MISO data line is not used. The chip select signal SS is connected to the enable of the RAM of the FP-CA to control data reading. After the user inputs the initial key, it is extended and sent to the FPGA through the SPI interface along with the algorithm selection data. The SPI interface timing is shown in Figure 4.