FPGA Cryptosystem

Discussion in 'The Projects Forum' started by younge, Nov 21, 2013.

  1. younge

    Thread Starter New Member

    Sep 7, 2011
    8
    0
    Hello all,

    Proposed idea from my research to date:
    Two FPGA encryption modules: Both will have an identical encryption algorithm, key management something I need to research further.
    Bobs has plain text message. He, perhaps through a GUI, sends the file to his FPGA 'cryptosystem' which subsequently encrypts the data. Returns PC as cipher text, he sends data through unsecured network( eg leased line, microwave etc).
    Alice receives message, sends her module > decrypts the message.

    Briefly: I completed Beng electronic engineering and have been working industry 2 years(electronic eng technician). I have returned to college to up skill and as such have been given my final year project. I'm not looking for code, or to be spoon fed, merely looking to draw on peoples experience and opinion! I have completed embedded systems projects involving microcontrollers, microprocessors etc in the past but FPGAs are brand spanking new to me.

    I have agreed with my lecturer, who is happy to leave me 'at it' to stick to: FPGAs, cryptography, communications.
    Again, I will not progress into looking for code etc, just honest opinions and suggestions, thank you for your time, younge Irl.
    P.s I'm not in the NSA :)
     
  2. tshuck

    Well-Known Member

    Oct 18, 2012
    3,531
    675
    This is a purely academic project. Personally, I think that a final project should be practical - you could write a program to encrypt the data on the computer, making your project rather inefficient.

    If, however, you were to encrypt a file from the computer and used the FPGA to transmit that encrypted file directly to another FPGA using a standard industry interface (e.g. ARIN429, MIL-STD-1553, VME, etc.), that, I would say, is qualified of a final project...
     
  3. alexfreed

    Member

    Oct 8, 2012
    72
    10
    I think the project is not bad at all. The good old DES algorithm was invented in the days when computers were slow and the design targeted hardware implementation: bit manipulation is trivial in hardware and requires either a lot of operations or a lot of memory for the tables for a software only implementation. So using an FPGA to do DES is very reasonable. The only "problem" is it's been done many times already. If that's an issue, a different block cipher can be used.
     
  4. THE_RB

    AAC Fanatic!

    Feb 11, 2008
    5,435
    1,305
    The system will still be totally unsecure. The user has to type the text on the PC, which is then sent to FPGA1 to be encrypted.

    But the un-encrypted text can be captured on the originating PC by any key logger or trojan, or even captured in the port handler as the text is being sent out the port to the FPGA.

    The only chance for a secure system is to have the original text entered on the external FPGA device, so PC1 never has any access to the un-encrypted text.

    But then of course when person2 receives the message and decrypts it, will that be displayed on PC2? Same problem exists! You need the only display of the decrypted text to be on external FPGA2 device.
     
  5. alexfreed

    Member

    Oct 8, 2012
    72
    10
    I don't see any mention of a need for complete security. In many cases only the transmitted data needs to be protected. Say e-mail. Or remote backup. Again, as a project to use an FPGA to hardware accelerate a block cipher, this is quite workable.
     
  6. younge

    Thread Starter New Member

    Sep 7, 2011
    8
    0
    Yes, I agree. Putting the entire operation on the FPGAs is defiantly more secure. The users only need worry about ensuring their FPGAs are never compromised in anyway.

    Do you think such a system is possible, running some sort of programme off an FPGA?
    I know development boards, such as Altera De2, come with LCD displays.

    My initial idea was to use two FPGAs connected via USB port, not a development board. (i.e. the users carry these encryption/decryption modules around like flash drives)
     
  7. younge

    Thread Starter New Member

    Sep 7, 2011
    8
    0
    PGP by Phil Zimmerman is interesting. From what I gather, he employed a kind of 'onion effect'. PGP has encryption, digital signatures, hashing etc.

    Both asymmetric and symmetric encryption is used on particular email. I'm not certain which route to take yet. For example AES is everywhere online but I like the idea of doing something different.

    I can either go with
    A) encrypt data and sent it off using email or some other service, by it half and half with PC and FPGA or more concentrated on the FPGA.

    B) concentrate on encrypting packets. (eg TCP, DNP). It would involve the FPGA encrypting/decrypting the packets in real-time at perhaps the data link layer.

    I like the idea of using an FPGA, their fast and I'll learn a lot from it.
    As I say, project is in infant stages, I'm really just looking for something that can actually be implemented (proof of concept really)

    Its my knowledge FPGAs thats leaving me down at the moment but I'm working on that.
     
  8. alexfreed

    Member

    Oct 8, 2012
    72
    10
    Block ciphers (like DES or AES) are fast but require key sharing. In other words before you can send an encrypted message to me we have to share the same secret key, presumably via a different very secure channel. Public key cryptography doesn't require a pre-shared key, but is too slow to use on all the data. So the PGP approach (and other protocols too, like SSH) is to generate a random session key, transmit it to the recipient via the slow public key operation and use this newly shared secret key to quickly encrypt/decrypt the plaintext.
     
  9. THE_RB

    AAC Fanatic!

    Feb 11, 2008
    5,435
    1,305
    OK, but if the raw text is available on the PC, and the PC will then email the encrypted data, then there is no need at all for the FPGA.

    PC's are plenty fast enough to to the encryption of something that fits in an email, and likely to be as fast or faster than the port data transfer/return process with the FPGA. So there is no need or benefit from the external FPGA.
     
  10. alexfreed

    Member

    Oct 8, 2012
    72
    10
    OK, consider remote backup. I want to encrypt a few gigabytes and transfer it over the network for remote backup. It will be stored encrypted. An FPGA can speed up this operation considerably. And such a system does exist and is used for very serious business.

    PCs are fast all right, but some ciphers, like triple DES are slow in software.
    And no, you don't need this for e-mail. But as a project to learn FPGAs it's good.
     
    THE_RB likes this.
  11. younge

    Thread Starter New Member

    Sep 7, 2011
    8
    0
    Thanks guys. Alex, the data backup sounds workable from an embedded systems point of view. Perhaps from PC to FPGA via a fast interface. Then FPGA via Ethernet to a SAN or sever, would that fit the application you mention?
    Altera DE2 development board, and others, have peripherals such as 100Mbps ethernet jacks. This way, I'm also not going back and forth to a PC through an unsecured, slow connection.

    As mentioned by Alex ref the data backup being a useful application, would you agree or have any other suggestions?
    I'm not set on the original idea, its my initial idea, however, as I stated my fpga knowledge isn't great at the moment. I'm confident this will improve as the project progresses.

    I'd like to nail down an idea first that I can focus all my energy on.. (knowing its not a complete waste of time)
     
  12. THE_RB

    AAC Fanatic!

    Feb 11, 2008
    5,435
    1,305
    You are asking for suggestions? From your post #1 it looked like you have been given this project as your final year project.

    If your main goal is to learn FPGA design and get good marks then go with the project you were given. If it is to design something of marketable value then you need to look at existing products which are similar. :)
     
    younge likes this.
Loading...