Advanced Encryption Standard - Triple Data Encryption Standard

1
Advanced Encryption Standard -Triple Data
Encryption Standard
2
Classes of Cryptographic Algorithms

• Asymmetric (public-private) key algorithms
• Digital Signatures (DSS, PSS)
• Key encryption
• Symmetric (secret) key algorithms
• Data confidentiality
• Part of key encryption
• Message Authentication Code (MAC)
• CBC-MAC
• Keyed Hashes (HMAC)
• Pseudorandom (deterministic) number generators

AES and TDES are symmetric key algorithms
3
Asymmetric Key Algorithms
Attacker
User A
User B
Encrypt
Decrypt
CipherText
PlainText
PlainText
Public Key KpubB
Private Key KprivB
Asymmetric Key Generator
Major Issues Keys Generation / Private Key
Storage
4
Asymmetric Key Algorithms Examples

• RSA (Rivest-Shamir-Adleman)
• ElGamal
• PSEC
• Rabin

RSA is the most used asymmetric key algorithm
5
Symmetric Key Algorithms
Attacker
User A
User B
Encrypt
Decrypt
CipherText
PlainText
PlainText
Trusted Way
Secret Key Ksecret
Secret Key Ksecret
Major Issue Key Exchange / Key Storage
6
Symmetric Key Algorithms Examples

• Stream Cipher not really used
• One-time-pad
• Block Cipher
• DES Data Encryption Standard
• Triple DES or 3DES
• AES Advanced Encryption Standard
• MISTY1, IDEA, Camellia, SHACAL-2

7
Symmetric vs. Asymmetric

• Symmetric algorithm 100 to 1000 times faster than
  asymmetric one
• Symmetric key 10 times shorter than asymmetric
  key
• Public Key must be authenticated
• Asymmetric Key Generator robustness
• Exchange and storage of the secret/private keys

8
Asymmetric Exchange of Symmetric Key
User A
User B
Encrypted Message
Symmetric Encryption
Symmetric Decryption
Message
Message
Signed Encrypted Key Ksecret
Asymmetric Encryption Signature
Asymmetric Decryption Signature
Ksecret
Ksecret
KpubA
KprivB
KpubB
KprivA
9
DES TDES

• DES
• Defined in ANSI X3.92
• Approved as a Federal Information Processing
  Standard (FIPS 46)
• Key Size 64 bits (only 56 bits used) - Block
  Size 64 bits
• Now considered to be insecure
• Triple DES (TDES)
• Defined in ANSI X9.71
• Key Size 192 bits - Block Size 64 bits
• Seven TDES Modes in ANSI X9.52
• Four DES/TDES Modes in FIPS 81 ECB,CBC,OFB,CFB
• Two or Three distinct keys

Our TDES supports the Four Modes of Operation
described in FIPS 81
10
AES

• Need for a more efficient and secured algorithm
• AES is Rindjael (Rijmen Daemen) with 128-bit
  data block only
• Key Size 128, 192, and 256 bits
• Approved as a Federal Standard (FIPS 197)
• Five Standard Modes of Operation specified in the
  NIST Special Publication 800-38A.

Our AES is based on 128-bit Keys (AES128) Our AES
supports the Five Modes of Operation described in
NIST 800-38A
11
Applications using AES

• AES (256-bit) is used to encrypt 900 MHz and 2.4
  GHz data communications on MaxStream Radio Modems
• AES is used to encrypt video games on the Sony
  PSP
• AES is an encryption algorithm used by the IEEE
  802.11i (WPA2) standard.
• AES in CBC mode is the default cipher used in
  OpenSSH protocol 2 connections.
• AES is employed in WinRAR when encryption is
  used.
• AES is used by Apple's(TM) later OS's using
  128-bit encryption
• AES is used by Winzip 9.0.

12
AES TDESEmbedded Controllers
13
TDES / AES Controller Features

• 64-bit / 128-bit Cryptographic Key
• Two-key or Three-key Algorithms supported
• 12-clock / 50-clock Cycles Encryption/Decryption
  Processing Time
• Support the Standard Modes of Operation
• Electronic Code Book (ECB)
• Cipher Block Chaining (CBC)
• Cipher Feedback (CFB) 8-, 16-, 32- and 64-bit
  128-bit Data Sizes
• Output Feedback (OFB)
• Counter (CTR)
• Last Output Data Mode Allowing Optimized Message
  Authentication Code (MAC) Generation
• Hardware Counter Measures against Differential
  Power Analysis Attacks
• PDC support

TDES Specific / AES Specific
14
AES / TDES

• PMC has to be programmed 1st for AES/TDES to
  work Clock Enabling
• Set the PMC_PCER (Peripheral Clock Enable
  Register).
• No PIOs have to be programmed.
• AES Key Size is 128-bit only.
• TDES Supported Modes ECB, CBC, OFB, CFB8, CFB16,
  CFB32 CFB64
• AES Supported Modes TDES Modes CFB128 CTR

15
Operation Modes (1)

• ECB Mode

• CBC Mode

• OFB, CFB, CTR Modes

16
Operation Modes (2)
Mode Register (AES_MR - TDES_MR)
12
16
0
OPMOD
CIPHER
CFBS

• CIPHER 1 Encryption / CIPHER 0 Decryption
• OPMOD Operation Mode ECB, CBC, OFB, CFB, CTR
• CFBS CFB Data Size 8-, 16-, 32-, 64-, 128-bit

TDES Specific / AES Specific
17
DES / TDES Specific Modes
TDES Only
Mode Register (TDES_MR)
1
4
TDESMOD
KEYMOD

• TDES 1 TDES Mode / TDES 0 DES Mode
• KEYMOD
• 0 Three-key algorithm
• Key1 ! Key2 ! Key3 ? Total Key Size 192bits
• 1 Two-key algorithm
• Key1 Key3 ? Total Key Size 128bits

DES Mode and TDES 2-Key mode are now considerated
unsafe
18
Start Modes
Mode Register
Control Register
Status Register
8
0
0
START
SMOD
DATRDY

• SMOD Manual, Automatic or PDC Mode

• Manual Mode Sequence
• Write the 64-bit / 128-bit key in the Key
  Registers
• Write the initialization vector (or counter) in
  the Initialization Vector Registers (except for
  ECB mode)
• Write the data to be encrypted/decrypted in the
  authorized Input Data Registers
• Set the START bit in the Control register to
  begin the encryption/decryption process
• Wait for DATRDY flag

TDES Specific / AES Specific
19
Start Modes (2)
Mode Register
Control Register
Status Register
8
1
1
START
SMOD
DATRDY

• Auto Mode Sequence
• Write the 64-bit / 128-bit key in the Key
  Registers
• Write the initialization vector (or counter) in
  the Initialization Vector Registers (except for
  ECB mode)
• Write the data to be encrypted/decrypted in the
  authorized Input Data Registers
• The last write in the Input Data Registers begins
  the encryption/decryption process.
• Wait for DATRDY flag

TDES Specific / AES Specific
20
Start Modes (3)
Mode Register
Status Register
8
1
SMOD
ENDRX

• PDC Mode Sequence
• Write the 64-bit / 128-bit key in the Key
  Registers
• Write the initialization vector (or counter) in
  the Initialization Vector Registers (except for
  ECB mode)
• Set the Transmit Pointer Register (TPR) to the
  address where the data buffer to encrypt/decrypt
  is stored and the Receive Pointer Register (RPR)
  where it must be encrypted/decrypted.
• Set the Transmit and the Receive Counter
  Registers (TCR and RCR) to the same value. This
  value must be a multiple of the data transfer
  type size
• Enable the PDC in transmission and reception to
  start the processing
• Wait for ENDRX (or RXBUFF) flag.

TDES Specific / AES Specific
PDC Transmit Receive Buffers can be identical !
21
Transfer Speed
x2.5
x1.7
x4
x32
x2.5
X4.2
No Countermeasures Enabled !
22
Processing Delay
AES Only
Mode Register
4
PROCDLY

• PROCDLY
• Processing Time Definition
• Number of clock cycles that the AES needs to
  perform one encryption/decryption with no
  countermeasures activated.
• PROCDLY0 ? In PDC Mode ARM CPU Free Time ? PDC
  Time !!!

Processing Time (12 PROCDLY 1)
Best AES performance is achieved with PROCDLY
equal to 0
23
Last Output Data Mode
Mode Register
Status Register
15
2
0
LOD
ENDTX
DATRDY

• LOD Mode
• Allows to generate cryptographic checksums
  (CBC-MAC for example)
• Retrieve only the last data of several
  encryption/decryption processes
• Output Data only available in the Output Data
  Registers for all Modes
• For PDC Mode no need to define a Receive Buffer
  (Only a Transmit Buffer)

In PDC Mode Wait for ENDTX then DATRDY !
24
Start Modes vs LOD Mode
25
Security Features (1)
Status Register
12
8
URAD
URAT

• Unspecified Register Access
• Several kinds of unspecified register accesses
  can be detected
• Input Data Register written during the data
  processing in PDC mode
• Output Data Register read during data processing
• Mode Register written during data processing
• Write-only register read access
• Output Data Register read during sub-keys
  generation
• Mode Register written during sub-keys generation
• URAD Detection of a unspecified register access
• URAT Type of unspecified access

TDES Specific / AES Specific
26
Security Features (2)
AES Only
Control Register
Mode Register
16
24
20
LOADSEED
CKEY
CTYPE

• Hardware Countermeasures Features
• Allows to protect data against various attacks
  (DPA for example)
• Best protection achieved with all countermeasures
  enabled
• Best transfer speed achieved with all
  countermeasures disabled
• Countermeasures nature must remain secret (not
  documented)
• Use an embedded random number generator
• Countermeasures Programming
• Countermeasure Type (CTYPE) Countermeasure Key
  (CKEY) Write Only fields
• Loads a new seed in the RNG by writing the
  LOADSEED bit in the Control Register

All Countermeasures are disabled at reset
27
Glossary
28
ECB Electronic Codebook
29
CBC Cipher Block Chaining
30
OFB Output Feedback
31
CFB Cipher Feedback
32
CTR Counter