In our modern day world, with the invention of computers, networks and the internet, we are faced with a situation where our private information is available digitally in many forms and in many more places than most of us know. In such cases, cryptography plays a major part to hide information. This paper explains one such cryptographic method called as Data Encryption Standard algorithm which is the first publicly available cryptographic algorithm that has been endorsed by the U.S. government. The Data Encryption Standard (DES) is a block cipher that was selected by the National Bureau of Standards as an official Federal Information Processing Standard (FIPS) for the United States and which has subsequently enjoyed widespread use internationally. It is based on a symmetric-key algorithm that uses a 64-bit key. DES consequently came under intense academic scrutiny which motivated the modern understanding of block ciphers and their cryptanalysis.
In the technical work, I am going to implement DES algorithm for transmission and reception of textual data. The data transmission can be wired (serial communication) or wireless (RF based transmitter receiver/ Bluetooth). For demonstration purpose, we have used ARM microcontrollers which constitute transmitter and receiver block to carry out encryption and decryption respectively.
Keywords- Algorithms, Data security, Encryption, Embedded software, Microcontrollers
Introduction (Heading 1)
This paper explains DES algorithm and the scheme of implementation in detail. In the technical work done, two ARM microcontrollers that are used as transmitter and receiver and they also act as encryption block and decryption block respectively. The text to be encrypted called as plaintext and the encryption key are given using a personal workstation like computer or any such system. This information is provided for encryption to ARM processor encryption block. The plaintext is converted into cyphertext by DES algorithm and transmitted using serial communication to receiver system. The communication media, as said in the introduction, can be wireless or wired (as in this case.) The receiver system decrypts the data using same key and transmits it to display media , a personal computer in this case. It is must that the key should be transferred on secured channel.
Before applying the encryption algorithm, the data being transmitted can be shown by analyzing serial communication between transmitter and receiver. After applying the algorithm, though the data can be seen, can not be interpreted. Also wrong key will not retrieve correct message. The results prove that DES is good option for small scale applications where data encryption is necessary.
The document explains hardware and software design schemes, demonstration procedure and applications of the project.
DES described in brief
To implement DES algorithm, 64-bit text input and 64-bit wide encryption key are taken from the user. Then there are 16 stages of processing carried out on this data. The plaintext is divided into two 32-bit halves and processed alternately. The function f mixes Right part and Key. Its output is then XORed with Left part. The Right part is replaced as Left Part and output of previous stage is considered as Right part. This criss crossing is called as Feistel scheme. The Feistel structure ensures that decryption and encryption are very similar processes - the only difference is that the subkeys are applied in the reverse order when decrypting. That is, subkey 16 is used in round 1, subkey 15 is used in round 2, etc., ending with subkey 1 being used in round 16. Fig. 1 explains this process.
The function f()
The f function mixes the bits of the R portion using the subkey for the current round. First the 32-bit R value is expanded to 48 bits using a permutation E. That value is then exclusive-or'ed with the subkey. The 48 bits are then divided into eight 6-bit chunks, each of which is fed into a S-Box that mixes the bits and produces a 4-bit output. Those 4-bit outputs are combined into a 32-bit value, and permuted once again to produce the f-function output. Please check Fig. 2 for details.
DES uses 56-bit wide subkey(64-bit including parity bits). These are permuted and divided into two halves called C and D. For each round, C and D are each shifted left circularly one or two bits (the number of bits depending on the round). The 48-bit subkey is then selected from current C and D. Please see Fig. 3 for details.
Figures and Tables
Comparison of different data encryption algorithms
Figure. 1. Details of steps to carry out DES algorithm. The criss-crossing is called as Feistel scheme
Figure. 2. Details of function f(): How function f() mixes plain text and encryption key
Figure. 3. Details of subkey generation process. This key is used in each round for encryption.
Figure. 4. Design details for 3.3V regulated power supply using LM317
Fig. 5. Form designed using Visual Basic to input plaintext and Key.
Software for microcontroller
The DES algorithm is being implemented using Embedded C language being most suitable for current application.
Initially both the UART ports are initialized with baud rate of 9600. Then the data received on each port is analyzed for either encryption or decryption.
If the length of input bytes is not 64-bit wide, then padding 0s are appended. As per DES algorithm, steps are followed to encrypt or decrypt the data.
Software to input the data and to observe the output
The plain text and key are taken from user using a PC in this case. A form in designed in Microsoft Visual Basic is used for the same.
In the transmitter part, the form allows to choose the COM port for communication. It provides text boxes to enter plain text and key. After the communication starts, it also shows the subkeys generated in intermediate rounds.
In the receiver part, the form shows the data received on the COM port. When user enters key to decrypt, then only it shows decrypted message. Otherwise simple data can be observed which can not be interpreted. Please refer Fig. 5 for details.
Encryption Block Hardware Design
The power supply requirements are different for different blocks. The ARM controllers work with 3.3 V while other part of design needs 5 V. The bridge rectifier converts AC output from transformer to DC. Voltage regulator IC in series with bridge rectifier provides 5 V supply where as LM317 gives desirable 3.3 V. Please refer Fig.4 for more details.
A switch is provided to select either programming mode or Run mode for the microcontroller.
Since the port pins are a bit scattered, readers are advised to use connectors as per requirement.
Decryption Block Hardware Design
The power supply requirements are same as that of encryption block. Serial port 0 connects the encryption block to decryption block. Serial port 1 is treated as input port to get decryption key .
Design formula for 3.3 V power supply
To design for 3.3V regulated Power Supply using LM317, following formula is used-
By putting R1= 240 ohms( as per datasheet) and I(adj)=50 microA, R2= 390 ohm.
Following steps should be followed to check the functionality-
Program both encryption and decryption blocks by putting them in 'ISP' mode. Then both must be in RUN mode.
Serial port 0 for both the blocks should be connected to each other while port 1 to 2 different PCs.
The plain text should be entered from 1 PC and the encryption key.
Same key must be provided to see decrypted message.
As said in previous sections the transmission of encrypted data can be using RF or Blue tooth or Serial( as in this case). Users are advised to check other possibilities.
Applications of Technical Work
There are multiple applications of the project out of which few are enlisted here. Please note that there might be hardware and software changes needed for each application referred here and direct use of the present work may not be advisable.
Secure internet (ssl)- Secure Sockets Layer-a protocol developed by Netscape for transmitting private documents via the Internet. SSL uses a cryptographic system that uses two keys to encrypt data − a public key known to everyone and a private or secret key known only to the recipient of the message. Both Netscape Navigator and Internet Explorer support SSL, and can use the protocol to obtain confidential user information, such as credit card numbers.
Electronic financial transactions- online transactions, user identification
Remote access servers- The remote access server allows users to gain access to files and print services on the LAN from a remote location. For example, a user who dials into a network from home using an analog modem or an ISDN connection will dial into a remote access server. Once the user is authenticated he can access shared drives and printers as if he were physically connected to the office LAN.
Cable modems- A modem designed to operate over cable TV lines. Because the coaxial cable used by cable TV provides much greater bandwidth than telephone lines, a cable modem can be used to achieve extremely fast access to the World Wide Web. It offers speed up to 2Mbps
Secure video surveillance
Encrypted data storage.
The author gratefully acknowledges the contributions of Prof. J.G. Rana for his work on the original version of this document.