Mobile hard disk data encryption and decryption system based on MEMS and FPGA

With the rapid growth of information, information security has received increasing attention. A complete data encryption and decryption system should have a secure and reliable password authentication mechanism and encryption and decryption algorithm. This paper designs an efficient data encryption and decryption system for USB interface based on MEMS strong link, USB controller and FPGA, using AES encryption algorithm. After the ordinary IDE hard disk is mounted on the system, it becomes an extremely secure encrypted USB mobile hard disk, and its average data throughput is close to that of ordinary USB flash drives, reaching 10MB/s.

1. System structure layout

The system consists of Cypress CY7C68013 USB2.0 controller, Altera EP2C35 FPGA and MEMS strong link. Figure 1 describes the hardware layout of the whole system.

The MEMS strong link is responsible for verifying the password entered by the user. The CY7C68013 USB controller contains an enhanced 51 core, which can not only efficiently handle USB protocol transactions, but also is the control center of the entire system. The EP2C35 FPGA is connected to the GPIF interface of the USB control chip at one end and to the IDE hard disk at the other end. It is responsible for distinguishing the control signal, the data signal for reading and writing the hard disk register, and the data signal for reading and writing the hard disk sector from the IDE bus, and then only encrypts the data written to the hard disk sector and decrypts the data read from the hard disk sector.

2. MEMS strong link

The ratchet of the MEMS strong chain can catch the ratchet wheel, so that it can be accurately positioned to a fixed position. The ratchet is equipped with an electromagnetic drive motor, which enables it to have error code identification and self-reset functions, so it can be used for information security and realize the function of password lock. The code identification mechanism is driven by two sets of electromagnetic micro-stepping motors to drive the anti-interference gear sets A and B, and the anti-interference code wheel set mechanically solidifies the password. When the anti-interference gear set is correctly decoded, the code teeth do not contact each other; when an error code occurs, the code teeth interfere with each other and the anti-interference gear set is stuck. Using a photoelectric coupling mechanism, the photoelectric energy is coupled when the 24-bit password is correctly received, and the system is turned on. Figure 2 is a structural diagram of the MSMS strong chain.

3. Physical key and password authentication

The physical key is relative to the logical key. The logical key usually exists in the ROM area inside the chip in binary form and is easy to be cracked. The physical key is solidified inside the mechanical structure. The key contained in the reverse meshing gear set authentication mechanism used in this design belongs to the physical key. Its structure is quite implicit, and it is difficult for non-professionals to deduce its password even if they know the authentication mechanism.

When password authentication begins, the USB controller transmits the 24-bit binary password to be verified received from the PC to the strong chain in the form of pulses. The motor of the strong chain drives the code wheel according to the pulses. If the password is correct, the anti-interference gear* moves through a circle without friction and returns to its original position; as long as there is a wrong password, the anti-interference gear* is stuck at that position. The USB controller makes a judgment based on the feedback signal of the strong chain. If the verification is passed, the system is enumerated as a removable disk and the correct password is passed to the FPGA as the key of the AES encryption algorithm; otherwise, the verification failure information is returned to the PC. [page]

4. Implementation of ATA protocol controller

From the moment the password authentication is passed and enumeration begins, the USB controller gains access to the hard disk. According to the ATA protocol, for IDE hard disks that support Ultra DMA transmission, the operations are classified into two types: reading and writing hard disk interface registers and performing Ultra DMA batch sectors on hard disk sectors. In order to encrypt and decrypt hard disk data, we insert FPGA into the IDE bus connecting the GPIF interface and the hard disk interface, so that all control signals and data signals must pass through the FPGA and be monitored and controlled by the FPGA.

The FPGA must implement a finite state machine that can perform protocol analysis on the signal and distinguish the sector data that needs to be encrypted, that is, the data that appears on the data bus during the Ultra DMA transmission. In the PIO state, the FPGA keeps all signals straight, so the operation of reading and writing the hard disk interface register is not affected in any way, but the state machine monitors the write operation to the hard disk interface register. Once the command code for writing to the command register is found to be a DMA read (0xC8 or 0x25) or DMA write (0xCA or 0x35) command, the finite state machine enters the DMA state.

Because the data will be delayed by about 200ns when passing through the encryption and decryption module, if the control signal is still passed directly, it will definitely not meet the timing requirements of the DMA transfer protocol. Therefore, the ideal solution is to delay the control signal by a corresponding time.

It is difficult to determine the delay, and it is not necessary. The method we adopted is to design three main modules: data receiving module, data processing module and data sending module, which are connected into a processing pipeline. This can not only fully control the data flow in a timely manner, but also maintain a high data throughput. As shown in Figure 3. The task of the data receiving module is to correctly receive and cache the read sector data sent by the hard disk or the write sector data sent by the USB controller; the task of the data processing module is to encrypt or decrypt the sector data; the task of the data sending module is to send out the processed result data.

Since the data flow is bidirectional, there is a data receiving and sending pipeline in each direction. In a DMA transfer, only one pipeline is working and they temporarily obtain the control of the IDE bus.

Without loss of generality, let's discuss the whole process of executing DMA read command. First, write the DMA read command code 0xC8 (or 0x25) to the command register of the hard disk in the PIO state. After that, the state machine enters the DMA read state, and the bus switches to the DMA read data receiving module and the DMA read data sending module. The DMA read data receiving module performs handshake confirmation with the hard disk and starts the UDMA read transmission. After that, whenever the hard disk DMA strobe signal (DMA synchronization signal) jumps, the 16-bit hard disk data bus is sampled and the CRC reception check is updated; every 8 samples are integrated into a 128-bit parallel data and provided to the AES decryption module, which takes the 128-bit data to start a new round of AES decryption iteration operation, and outputs the 128-bit decrypted data processed in the previous round, and splits it into 8 16-bit parallel data, which are successively stored in a 16-bit wide FIFO. At the same time, the DMA read data sending module queries the FIFO for data, and starts to read from it continuously, and puts it on the 16-bit data bus to provide it to the USB controller. Every time data is put, the DMA strobe level is flipped so that the GPIF interface of the USB controller can synchronously receive data and update the CRC send check at the same time.

When the hard disk sends all the specified amount of encrypted data to the FPGA, it will receive the CRC reception check feedback from the FPGA. If it is consistent with the CRC check inside the hard disk, the hard disk believes that the DMA read command is executed correctly.

When the FPGA sends all processed decrypted data to the USB controller, it will also receive CRC check feedback from the USB controller. If it is consistent with the CRC sent check inside the FPGA, it can be considered that a complete DMA read command including decryption has been executed correctly.

The global control state machine in Figure 3 is responsible for the control and coordination of the entire system. It monitors the PIO write command in real time and switches the IDE bus control to the encryption pipeline or decryption pipeline at the appropriate time. When the encryption and decryption pipeline completes a DMA transfer command, the bus control will be returned to the global control state machine. [page]

5. Implementation of AES encryption module

The design principle of AES can be found in reference [1]. The following is a brief introduction to the algorithm process. AES is an iterative block cipher. Each round of iteration is called a round transformation, which includes a mixing and three substitutions:

(1) Byte substitution (SubBytes): Use S-boxes to perform nonlinear transformations on each byte of the state.

(2) ShiftRow: For each row of the state, shift the row by different displacement amounts.

(3) MixColumn: Apply column mixing to each column in the state in parallel, and omit this step in the last round.

(4) AddRoundKey: XOR with the extended key. The encryption algorithm process is shown in Figure 4.

Correspondingly, the decryption algorithm uses the extended key in reverse order, and the round transformations are InvSubByte, InvShiftRow, and InvMixColumn, respectively, and the data flow is slightly different.

The AES encryption operation module we designed uses 128 bits as a group, and it takes 11 clock cycles to complete the operation of a group. In the first clock cycle, the key expansion module outputs the first extended password, which is the initial password itself; at the same time, the initial transformation module uses this extended password to perform AddRoundKey operation on the 128-bit plaintext.

From the 2nd to the 11th clock cycle, the key expansion module generates 10 extended passwords in sequence. At the same time, the round transformation module uses these extended passwords to perform 10 rounds of round transformation on the input ciphertext, in which the last round lacks the column mixing operation, and then outputs the final ciphertext, ending a group operation.

6. Data throughput analysis

The data transfer rate of Ultra DMA in mode 2 is 33.33MB/s. Since the global clock frequency of FPGA is 100MHz, it takes 110ns to encrypt and decrypt a 128-bit packet. In addition, the input and output stages of the data each take one clock cycle, which takes a total of 130ns. Therefore, the data processing rate of the encryption and decryption module is about 61.54MB/s, which can fully meet the requirements of real-time processing.

7. Conclusion

This paper proposes a secure and efficient USB mobile hard disk data encryption and decryption system. The application of MEMS strong chain has opened up a new direction for system physical authentication; the FPGA implementation of the Ultra DMA protocol interface has greatly improved the hard disk read and write throughput, while the processing rate of the AES encryption and decryption module can fully meet the Ultra DMA transmission bandwidth. The organic collaboration of the two enables an efficient hardware encryption and decryption pipeline to be realized.