USB Key design based on MC9S08JS16 and AES

With the development of the Internet and e-commerce, network information security issues are particularly important. Data confidentiality transformation or information encryption has become the most practical and reliable method to protect computer information. Various encryption technologies such as software self-checking, password encryption, key disk and other soft encryption technologies and expansion cards, parallel port software encryption dogs and other hard encryption technologies have emerged, and USB interface keys (USB Key) are favored due to their unique advantages and high security.

USB Key is a small storage device that is directly connected to the computer through the USB (Universal Serial Bus) interface, has password verification function, and is reliable and high-speed. The USB Key is designed to be compact and exquisite, and easy to carry. Because it is a USB interface device, the USB Key works through the power provided by the USB port and does not require an additional power supply. The USB Key's own memory is used to store some personal information or certificates. The USB Key's internal cryptographic algorithm can provide a secure channel for data transmission, and is suitable for security protection products for stand-alone or network applications.

1 System Working Principle and Hardware Design

The USB Key (Ukey for short) is connected to the PC through the USB interface. The user can send commands to the Ukey through the client located in the PC. The Ukey implements data encryption through the algorithm in the internal firmware and then returns the encrypted data to the client. Its working principle is shown in Figure 1. The design uses the 8-bit USB microcontroller (MCU) MC9S08JS16. The MC9S08JS16 MCU has a built-in full-speed USB2.0 controller and integrates a USB transceiver, and contains up to 16 KB of Flash and 512 B of RAM.

The user can use the dedicated 3.3 V regulator on the chip or connect an external 3.3 V power supply to the VUSB3.3 pin to provide power for the USB transceiver and the pull-up resistor. Here, the 3.3 V regulator on the chip is used to provide power for the USB transceiver (the USBVREN bit in the USBCTL0 register must be enabled). The hardware connection diagram is shown in Figure 2.

The USB module requires two clock sources, a 24 MHz bus clock and a 48 MHz reference clock. The 48 MHz clock source is directly generated by MCGOUT. To obtain a 48 MHz clock rate, the MCG (universal clock generator) must be properly configured as PLL-enabled external occupied mode PEE (PLL Engaged External) and an external crystal oscillator. The USB module of the MC9S08JS16 selects an internal pull-up resistor (enables the USBPU bit in the USBCTL0 register). The USB host detects the connection of the USB device and determines the device speed by detecting the pull-up resistor.

2 System Software Design

2.1 USB device initialization

Figure 3 is a flowchart of USB module initialization. The firmware code initializes the USB module to prepare it to connect to the USB host. By setting the RESET bit of the USBCTL0 register, the USB module and all registers are reset to the default state, and the USB RAM and BD (buffer descriptor) registers are initialized. In particular, for the BD of endpoint 0, the EPAD register is set to indicate the storage of the endpoint register in the USB RAM. In order to receive the DATA0 data packet, the status and control registers are set to (DTS=1, OWN=1, DATAO/1=0). Enable endpoint 0, and configure the USB module according to the hardware design, enable the pull-up resistor, 3.3 V regulator and PHY. Open the USB module and USB interrupt, and the device is set to the connection state.

2.2 AES encryption algorithm

The system uses the 128-bit Advanced Encryption Standard AES (Riindael) algorithm for data encryption. AES (Advanced Encxyption Standard) is a specification used by the National Institute of Standards and Technology of the United States to encrypt electronic data. It is used to replace the existing DES algorithm. As a new generation of data encryption standard, AES brings together the advantages of strong security, high performance, high efficiency, ease of use and flexibility. It is expected to become a recognized method for encrypting digital information including finance, telecommunications and government.

The AES algorithm is based on permutation and substitution. Permutation is the rearrangement of data, while substitution is the replacement of one unit of data with another. The AES encryption routine starts by copying the 16-byte input array into a 4x4 byte matrix called State. The AES algorithm encryption process is shown in Figure 4.

The main loop of AES performs four different operations on the State matrix, which are called SubBytes (byte substitution), ShiftRows (row shift transformation), MixColumns (column mixing transformation) and AddRoundKey (round key addition) in the specification. The AES encryption algorithm uses a key schedule generated by the seed key byte array, which is called the key expansion routine (KeyExpans-ion) in the AES specification.

The following is a brief analysis of the AES (128 bits key) encryption process:

The SubBytes routine is a substitution operation that replaces each byte in the State matrix with a new byte determined by Sbox, which is an initialized 16x16 matrix. For example, if the value of State[0,1] is 0xXY, it is replaced by the value of Sbox[X,Y] in the Sbox table.

ShifiRows is a permute operation that rotates the bytes in the State matrix to the left. Row 0 of State is rotated 0 positions to the left, row 1 of State is rotated 1 position to the left, row 2 of State is rotated 2 positions to the left, and row 3 is rotated 3 positions to the left.

MixColumns is a column mixing transformation process in which each column of the state is treated as a polynomial in the finite field GF(28) and is replaced by a fixed polynomial.

, GF stands for Galois Field, which is expressed in matrix form as follows:

Each element in the product matrix is the sum of the products of the i-th row element in the coefficient matrix and the j-th column element State[j] in the State matrix. Both addition and multiplication here are defined over the finite field GF(28); addition is bitwise XOR, and multiplication follows the polynomial multiplication rule over GF(28).

AddRoundKey round key addition process, the elements in the State matrix are obtained by bitwise XOR with a round key.
KeyExpansion key expansion routine, used to generate the key schedule table W[]. The routine uses two subroutines RotWord and SubWord and a round constant table Rcon. RotWord will receive a 4-byte array and rotate them left by 1 bit. The SubWord routine uses the replacement Sbox to replace a given row of the key schedule table byte by byte. The loop of this process is:

2.3 Optimization of AES encryption algorithm

From the matrix function of formula (1), we can see that in the software implementation process, we only need to focus on how to implement the multiplication and addition of the State matrix elements with 0x01, 0x02, and 0x03 in GF(28). Multiplication with 0x01 in GF(28) is equivalent to multiplication with 1 in ordinary arithmetic and the result is the same. Any value multiplied by 0x01 is equal to itself; when multiplying with 0x02, as long as the multiplied value is less than 0x80, the result of the multiplication is the value shifted left by one bit. If the multiplied value is greater than or equal to 0x80, the result of the multiplication is shifted left by one bit and then XORed with the value 0x1b, which prevents "domain overflow" and keeps the product of the multiplication within the range; when multiplying with 0x03, it can be decomposed into the sum of powers of 2, that is, 0x03=0x02+0x01. To optimize the program, use the table lookup method to multiply the 16x16 Sbox table with 0x01, 0x02, and 0x03 to generate three 256-byte tables corresponding to Sbox: XtimeSbox[256]=Sbox[256], Xtime2Sbox[256], and Xtime3Sbox[256]. Store the generated tables in the code area. The MixColumns process and SubByte operation can be completed by the following program:

3 USB Key Performance Test

Considering the MCU performance, the four 256-byte data tables required for the encryption algorithm initialization are stored in the Code area, and the 128-bit-AES extended key ExpendedKey = 4xNbx(Nr+1) = 4×4×(10+1) = 176 is stored in the data area. Under the premise of ensuring the code space and operation speed, after optimization, the final AES encryption program occupies 3701 bytes of program storage units and 277 bytes of RAM.

The following are the results of two sets of 128-bit data encryption tests:


4 Conclusion

Compared with general disk media, UKev data is only stored in UKeY, which can prevent illegal copying, ensure the uniqueness of the data, and facilitate its use in public places.

The UKey designed in this solution can encrypt a small amount of data in a short time, and is suitable for occasions with small data requirements. It has high security and is easy to carry. It has irreplaceable advantages over other products in e-commerce and various PC-based security applications.