eSAFE - EE 552 Project Presentation

Download Report

Transcript eSAFE - EE 552 Project Presentation

eSAFE - EE 552 Project Presentation
Paul “The Overload” Somogyi
Stephen “Network Magic” Caplan
Kevin “Encrypt This!” Hackett
Javan “Wired” Gargus
Is Your Data Safe?
• Networks are a shared medium
– LANs: ethernet data is sent to all computers
– Internet: data passes through many routers
• Anyone can “listen” to data, obtaining:
– Passwords
– E-mail
– Sensitive Documents
• Encryption scrambles your data so that “listeners”
cannot understand it
eSAFE - Ethernet Encryption
• eSAFE encrypts at the ethernet level - LAN
• Each computer requiring secure communication
connects to the network through an eSAFE device
that:
– encrypts all data going to the network
– decrypts all data from the network
• eSAFE/IP encrypts at the IP level - Internet
– secure communication to and from specific hosts and
networks
eSAFE System Hierarchy
LUT
Access
bf_enc
Blowfish
Blowfish
Control
LUT
Generator
Ethernet
Ethernet
Receive
Buffer
10...
Progressive
Blowfish
Send
Buffer
CRC
10...
CRC
Send
Buffer
Progressive
Blowfish
Receive
Buffer
eSAFE System Hierarchy
LUT
Access
bf_enc
Blowfish
Blowfish
Control
LUT
Generator
Ethernet
Ethernet
Receive
Buffer
Progressive
Blowfish
Send
Buffer
CRC
CRC
Send
Buffer
Progressive
Blowfish
Receive
Buffer
Ethernet Interface Block Diagram
FPGA
Receive
Interface
Ethernet
Tranciever
National
DP83910A
Transmit
Interface
20.000
MHz Clock
CRC Generator
Ethernet Receiver
• Signaling
– PLL clocking
– Manchester Encoding - 2 transitions per bit
• Frame Input
Preamble
7 bytes
Start Delimitor
10101011
Source Addr
6 bytes
– preamble detection
–
–
–
–
determine frame length
flag data to be encrypted
collisions
TCP/IP extension
Dest Addr
6 bytes
Length
2 bytes
Data
0 to 1500
Pad
0 to 46
Checksum
4 bytes
Ethernet Transmitter
• Store and Forward versus Cut-through
• 64 bit buffer for preamble
• Transmits headers, data, and appends a CRC
checksum
• CRC Generator
– Linear feedback shift register
eSAFE System Hierarchy
LUT
Access
bf_enc
Blowfish
Blowfish
Control
LUT
Generator
Ethernet
Ethernet
Receive
Buffer
Progressive
Blowfish
Send
Buffer
CRC
CRC
Send
Buffer
Progressive
Blowfish
Receive
Buffer
Blowfish Algorithm
• Key Expansion
– divides a key (up to 448-bits) into subkeys
(4168 bytes)
– these subkeys are pre-computed into a p-array
and four s-boxes
• P-array: P1, P2 , … , P18.
• S-boxes: S1,0, S1,1, … ,S1,255
•
S2,0, S2,1, … ,S2,255
•
S3,0, S3,1, … ,S3,255
•
S4,0, S4,1, … ,S4,255
Blowfish Algorithm
• Data Encryption
Begin
Swap xL and xR
x/2 = xL & xR
xL = xL XOR Pi
xR = F(xL) XOR xR
Swap xL and xR
Yes
xR = xR XOR P17
xL = xL XOR P18
Recombine xL and xR
i < 16
End
No
eSAFE System Hierarchy
LUT
Access
bf_enc
Blowfish
Blowfish
Control
LUT
Generator
Ethernet
Ethernet
Receive
Buffer
Progressive
Blowfish
Send
Buffer
CRC
CRC
Send
Buffer
Progressive
Blowfish
Receive
Buffer
Progressive Encryptor
• Blowfish algorithm can only encrypt 64-bit blocks
of data
– ethernet frames are not necessarily multiples of 64 bits
• Solution: Use progressive XOR encryption with
byte resolution
11001100 00110011 10101010 01010101 11001100 00110011 10101010 01010101
10101010
01100110 11001100
11111111 10101010
00000000 10011001
11001100 10101010
01100110 11001100
11111111 10101010
00000000 10011001
11001100
eSAFE System Hierarchy
LUT
Access
bf_enc
Blowfish
Blowfish
Control
LUT
Generator
Ethernet
Ethernet
Receive
Buffer
Progressive
Blowfish
Send
Buffer
CRC
CRC
Send
Buffer
Progressive
Blowfish
Receive
Buffer
LUT Generator
• Generates the lookup table for the Blowfish
algorithm
– initializes lookup table with a fixed value from ROM
– XORs the P-array entries with the 64-bit key
– performs 521 iterations of Blowfish to generate the
table entries; one for every P-array and S-box value
• Problem: many memory accesses and long
generation time are required
• Solution: a shadow table is used to hold the
partially generated lookup table
Prototype Results
• To date:
– eSAFE is still under development
– We have encountered a number of hurtles interfacing to
the ethernet that have delayed our product launch
– A limited private screening is tentatively scheduled for
early December
eSAFE - EE 552 Project Presentation
Paul “The Overload” Somogyi
Stephen “Network Magic” Caplan
Kevin “Encrypt This!” Hackett
Javan “Wired” Gargus