Implementation of Network Data Encryption Based on CycloneII and MSP430

1 Introduction

With the development of information technology and networking, network communication security issues are becoming increasingly prominent. Field Programmable Gate Array (FPGA) is widely used in the field of encryption due to its flexible design and high reliability. The encryption algorithm implemented by hardware does not occupy computer resources. The encryption process is completely isolated from the external bus and has a high data protection capability. The algorithm can be flexibly changed and has strong independence. The encryption machine consists of a single-chip microcomputer, FPGA and El communication interface. The internal algorithm of FPGA is written in VHDL language. The system is suitable for occasions requiring high data security. Its terminals can be computers, bank POS machines, etc., providing security and confidentiality of data transmission.

2 Stream encryption and decryption principles and algorithms

2.1 Stream encryption and decryption principles

A stream cipher consists of two parts: a key and a cryptographic algorithm. The key is generally stored inside the encryption and decryption device and is set before data transmission. The cryptographic algorithm remains unchanged over a long period of time. In a synchronous stream cipher, as long as the sender and receiver have the same key and internal state, they can generate the same key stream.

During data transmission, the encryption end and the decryption end use the same initial key. During encryption, the ciphertext is obtained by XORing the ciphertext with the plaintext, and synchronization data is added at regular intervals. During decryption, the ciphertext generated in the synchronization mode is XORed with the ciphertext stream to obtain the plaintext. The synchronization mode uses a 63-bit Gold code. The entire encryption and decryption process and the sent data format are shown in Figure 1. The initial synchronization code is added to the sent ciphertext, and the receiving end uses the three-value characteristic of the Gold code to detect the Gold code to achieve synchronization data. The received data stream and the Gold code are cross-correlated. The correlation result satisfies the three-value characteristic of the Gold code, indicating that the current data stream is the synchronization Gold code added by the sender. The mark is the start of the ciphertext, and then the decryption algorithm is called to decrypt the subsequent ciphertext to restore the transmitted data.

2.2 Principle of A5/1 Algorithm

A5/1 is a stream cipher encryption algorithm for data transmission in GSM mobile communications. The cipher generated by the A5/1 cipher stream generator is XORed with each bit of the plaintext data frame to obtain a ciphertext sequence. The A5/1 algorithm consists of three linear feedback shift registers R1, R2, and R3 of different lengths, with lengths of 19, 22, and 23 bits respectively, and their feedback characteristic equations are: x18+x17+x16+x13+1, x22+x21+x20+x7+1. The initial key of the algorithm is a 64-bit vector. The cipher stream output bit is the XOR output of the three shift registers. The enable of the shift register is controlled by the majority function. The 8th bit of R1, the 10th bit of R2, and the 10th bit of R3 are the majority function data inputs, which determine the shift status of the three shift registers. Among these three data bits, if two or more are 0, the majority function value is 0; if two or more are 1, the majority function value is 1. If the 3 data bits of the majority function input are the same as the majority function value, the corresponding shift register will shift. The hardware implementation principle of A5/1 is shown in Figure 2. The generation of the password stream is divided into two stages. The first stage is to load the register with a 64-bit initial value; the second stage is to generate the password stream according to the clock beat and enable control.

2.3 Principle of W7 Algorithm

The W7H algorithm is similar to the A5/1 algorithm in terms of structural principle. The W7 algorithm consists of 8 parallel hardware structure modules similar to the A5/1 algorithm. Each module contains 3 linear feedback shift registers and most functions. The difference is that the W7 algorithm uses a 128-bit initial key and the length of the linear feedback shift register is 38, 43, and 47 bits respectively. The 8 parallel modules use the same initial key. However, the input bits of the feedback structure and most functions are different. The outputs of the 8 modules form an 8-bit password stream, which has higher encryption efficiency. Each linear shift register generates 1 bit of data through logical AND from a fixed data bit, and then XORs the data bit with the highest bit output. Finally, the output of the 3 shift registers is XORed as the password bit output of this parallel block. Since there are 8 parallel blocks, the total output is 8 bits, that is, 1 byte. During design, it is output once every 8 clock cycles to ensure the consistency of the data rate. [page]

3 System Hardware Design

The hardware design of this system consists of a single-chip microcomputer, FPGA and E121, as shown in Figure 3. The single-chip microcomputer is used to input the user's initial key; the FPGA is responsible for key stream generation and encryption and decryption; the E1 interface realizes the sending and receiving of data streams, completes the conversion between HDB3 code and TTL level, and realizes full-duplex communication between the communication interface unit and the protocol data processing unit.

Since the communication link adopts the E1 standard, the external data link interface 121 designed by the system adopts the E1 interface, and the interface device DS21348 is selected. DS21348 supports E1 and T1 line interface units, and the E1 line interface unit is selected through register settings. DS21348 can be configured in hardware mode to complete the level conversion from HDB3 to TTL, TTL to HDB3, clock synchronization, data signal format conversion and data frame processing. The system can process two data channels in parallel, one for encryption and the other for decryption, to achieve full-duplex communication.

Since TI's MSP430 series microprocessor platform has the characteristics of low power consumption and small size, it is suitable for portable applications. Therefore, the single-chip microcomputer adopts the MSP430 series and realizes data communication with the FPGA through the SPI interface. The single-chip microcomputer is connected to a keyboard for inputting the initial key. Considering that the number of bits of the key input by the user cannot be too many, a short key can be set and expanded inside the single-chip microcomputer to the number of bits required by the algorithm, and then transmitted to the FGPA through the single-chip microcomputer SPI interface. The SPI interface has a total of 4 signal lines: serial clock (SCK), master output/slave input (MOSI), master input/slave output (MISO), and slave chip select (SS). The SPI interface can be configured as master or slave mode. The design is configured in master mode. When the single-chip microcomputer transmits commands or data to the FPGA, the SPIO mode is applied. When the chip select signal is pulled low, data is sent at the rising edge of each clock (SCK). There is no need for the FPGA to input data to the single-chip microcomputer, so the MISO data line is not used. The chip select signal SS is connected to the enable of the RAM of the FP-CA to control data reading. After the user inputs the initial key, it is extended and sent to the FPGA through the SPI interface along with the algorithm selection data. The SPI interface timing is shown in Figure 4.

The FPGA uses the EP20F256C6 from the CycloneII series. This device is a low-cost architecture FPGA that can provide up to 18,752 logic units, 152 user IOs, and 239,616 bits of storage. The density is more than three times that of the CycloneI FPGA, which fully meets the needs of system design. The logic resources inside the CycloneII FPGA can realize complex applications. The CycloneII device uses a low-cost serial configuration device, which can provide a maximum of 64 Mbit of nash memory. Therefore, the use of EP20F256C6 can efficiently complete the system core algorithm and effectively save costs. Its internal algorithm is implemented by VHDL language programming. The main program modules are: encryption and decryption algorithm module (A5/1 and W7), data storage module, synchronization generation module, and synchronization detection module. Encryption and decryption each have a set of independent module sets. The VHDL code of the A5/1 algorithm module is as follows:

[page]

The module control of FPGA consists of two independent state machines for processing encryption algorithm and decryption algorithm. The state transition is shown in Figure 5.

After the system is powered on and initialized, the user inputs the initial key and algorithm selection data into the microcontroller, and sends it to the FPGA through the SPI interface. After receiving the key, the FPGA transmits the initial key to the algorithm module. After the algorithm module is initialized, it generates a synchronous Gold code and waits for data. When the data to be encrypted is valid, the encryption algorithm is started; when the data is invalid, it enters the waiting data state again. Correspondingly, the decryption module first detects the initial synchronous Gold code. After detection, when the data to be decrypted is valid, the decryption algorithm is started; when the data to be decrypted is invalid, it enters the waiting data state again. This goes back and forth to complete the encryption and decryption process of the data. During the key transmission process, since the initial key bits required by the two algorithms are different, when the w7 algorithm is used, the initial key needs to be expanded twice after being sent to the FPGA to reach the required number of bits.

4 Simulation and Analysis

Quartus II 8.0 software was used to simulate the FPGA function. 4 865 logic units and 1 024 bits of on-chip storage were shared. The maximum operating frequency obtained by timing analysis was 95.79 MHz. The encrypted timing of the simulation is shown in Figure 6.

5 Conclusion

Through debugging and verification of the entire design, the results meet the design requirements. The entire system has high security and confidentiality, and can provide a hardware-based encryption method for network applications that require communication security. The encryption algorithm design based on FPGA has high flexibility. If a more advanced encryption algorithm is used, the security and confidentiality of the system can be further improved.