ENHANCING DATA ENCRYPTION STANDARD

ABSTRACT

This project enhances Data Encryption Standard (DES) immunity to Cryptanalysis attack
using time-variable key technique. In this scheme, the plain text is ciphered to different
cipher texts by time. In the conventional DES, the plaintext is encrypted to cipher text by
the key with a length of 64 bits, in which 56 bits are used for encryption, and others are
employed for parity test. Encryption and decryption use the same algorithm as well as the
key. It is no longer a question to attack the 56-bit key with the development of computer
technology. The attackers can hack into DES within 20 hours through exhaustive key
search. The proposed algorithm works by changing the main key value according to the
output of a pseudorandom number generator that enables us to increase the randomness
of key variation. This provides more security against cryptanalysis attack by changing the
key every time it is used, so hackers will face difficulty to hack into the proposed scheme
because of the time-variant behavior. A LPC2148 ARM microcontroller was selected as
the target for implementation with the embedded C as the software programming
language. The result is a plaintext transmitted through a HyperTerminal and the
encrypted text received from the ARM board by using DES using pseudorandom number
generator approach.
 CHAPTER ONE

INTRODUCTION

1.1 BACKGROUND

In recent years, a lot of applications based on internet have emerged, such as on-line

shopping, stock trading, internet banking and electronic bill payment etc. Such

transactions, over wire or wireless public networks demand end-to-end secure

connections, data authentication, accountability and confidentiality, integrity and

availability.

Security in networking is based on Cryptography (a word with Greek origins, means

“secret writing”), the science and art of transforming messages to make them secure and

immune to attack. Encryption is one of the principal means to guarantee security of

sensitive information. Encryption algorithm performs various substitutions and

transformations on the plaintext (original message before encryption) and transforms it

into cipher text (scrambled message after encryption).

Encryption algorithms are classified into two groups: Symmetric-key (also called secret-

key) and Asymmetric-key (also called public-key) encryption.

Symmetric key encryption is a form of cryptosystem in which encryption and decryption

are performed using the same key. It is also known as conventional encryption.

Asymmetric encryption is a form of cryptosystem in which encryption and decryption are

performed using the different keys – one a public key and one a private key. It is also

known as public-key encryption.

A Key is a numeric or alpha numeric text or may be a special symbol. The Key is used at

the time encryption takes place on the Plain Text and at the time decryption takes place

on the Cipher Text. The selection of key in Cryptography is very important since the

security of encryption algorithm depends directly on it. The strength of the encryption

algorithm relies on the secrecy of the key, length of the key, the initialization vector, and

how they all work together.

Symmetric-key encryption can use either stream ciphers or block ciphers. Stream ciphers

encrypt the digits (typically bytes) of a message one at a time. Block ciphers take a

number of bits and encrypt them as a single unit, padding the plaintext so that it is a

multiple of the block size.

Asymmetric encryption techniques are about 1000 times slower than Symmetric

encryption which makes it impractical when trying to encrypt large amounts of data. Also

to get the same security strength as symmetric, asymmetric must use a stronger key than

symmetric encryption technique.

This project is on one of the many cryptographic methods called Data Encryption

Standard algorithm which is the first publicly available cryptographic algorithm that has

been endorsed by the U.S. government. The Data Encryption Standard (DES) is a block

cipher that was selected by the National Bureau of Standards as an official Federal

Information Processing Standard (FIPS) for the United States and which has

subsequently enjoyed widespread use internationally. It is based on a symmetric-key

algorithm that uses a 64-bit key.

1.2 STATEMENT OF PROBLEM

DES can be used in IPSec (Internet Protocol Security) protocols, ATM cell encryption,

and the Secure Socket Layer etc. The plaintext is encrypted to cipher text by the key with

a length of 64 bits, in which 56 bits are used for encryption, and others are employed for

parity test. Encryption and decryption use the same algorithm as well as the key. It is no

longer a question to attack the 56-bit key with the development of computer technology.

The attackers can hack into DES within 20 hours through exhaustive key search.

There are many attacks and methods recorded till now that exploits the weaknesses of

DES, which made it an insecure block cipher. Despite the growing concerns about its

vulnerability, DES is still widely used by financial services and other industries

worldwide to protect sensitive on-line applications.

This project introduces a strategy to obtain time-variable key. This strategy changes the

main key value according to the output of a pseudorandom number generator that enables

us to increase the randomness of key variation. The key changes every time it in use, so

hackers will face difficulty to attack the proposed schemes.

1.3 AIM AND OBJECTIVES

The aim of this project is to enhance Data Encryption Standard (DES) algorithm by
employing a time-variable key technique to increase its immunity to Cryptanalysis attack.
Other objectives are:

1. To define the basic structure of DES

2. To describe the details of building elements of DES

3. To describe the round keys generation process

4. To describe the pseudorandom number generation process

5. To implementation DES Algorithm Using Arm Microcontroller

6. To describe the implementation of DES with embedded C as the software

programming language.

1.4 SCOPE/LIMITATIONS OF PROJECT

This project (Data Encryption Standard) is designed to function in all places around the

world, including Nigeria, where private information is needed to be shared over the

internet or private networks.

 A LPC2148 ARM microcontroller was selected as the target for implementation.

 Triton IDE tool for programming with embedded C language is used to define

functions for the various steps in DES.

 Peripheral function for interfacing Hex keypad and 16x2 LCD display with ARM

were also used along with UART function for interfacing HyperTerminal of

Desktop PC with ARM LPC2148 with a Baud rate of 38400.

 Mode of encryption and decryption was selected as Electronic Code Book (ECB).

A prototype of a concept using modern cryptography is to be developed within this

project.
1.5 CHAPTER ORGANIZATION

The presentation of this chapter is divided into five chapters:-

Chapter one is the introduction of this project work. It emphasizes the background for

this project. The statement of problem, aims and objectives, scope and limitation of the

work are discussed in this chapter.

Chapter two is the literature review of the work. The structure and the building elements

of DES are analyzed. The weaknesses of DES, attacks on DES, previous work on DES

and the structure of a LPC2148 ARM microcontroller is also discussed.

Chapter three is the methodology used. Here an overview of DES algorithm, DES using

time variable key, implementation of DES using embedded C, and implementation DES

Algorithm Using Arm Microcontroller is discussed.

Chapter four is the result of the work. The system test environment and requirement is

discussed in this chapter.

Chapter five is the discussion, summary and conclusion of this project work.

Recommendation, contribution to knowledge and the references used are stated in this

chapter.
 CHAPTER TWO

LITERATURE REVIEW

In recent years network security has become an important issue. Information is being

received and misused by adversaries by means of facilitating attacks at various levels in

the communication. Encryption has come up as a solution, and plays an important role in

information security system.

Many techniques are needed to protect the shared data. Firstly the data which is to be

transmitted from sender to receiver in the network must be encrypted using the

encryption algorithm in cryptography. Secondly, by using decryption technique the

receiver can view the original data. [1]

The most widely used encryption scheme is based on the Data Encryption Standard

(DES) adopted in 1977 by the National Bureau of Standards, now the National Institute

of Standards and Technology (NIST), as Federal Information Processing Standard 46

(FIPS PUB 46). The algorithm itself is referred to as the Data Encryption Algorithm

(DEA). For DES, data are encrypted in 64-bit blocks using a 56-bit key. The algorithm

transforms 64-bit input in a series of steps into a 64-bit output. With a key length of 56

bits, there are 256 possible keys, which is approximately 7.2 x 1016 keys. [2]

DES was the result of a research project set up by International Business Machines (IBM)

Corporation in the late 1960’s which resulted in a cipher known as LUCIFER. In the

early 1970’s it was decided to commercialise LUCIFER and a number of significant

changes were introduced. IBM was not the only one involved in these changes as they
sought technical advice from the National Security Agency (NSA) (other outside

consultants were involved but it is likely that the NSA were the major contributors from a

technical point of view). The altered version of LUCIFER was put forward as a proposal

for the new national encryption standard requested by the National Bureau of Standards

(NBS). It was finally adopted in 1977 as the Data Encryption Standard - DES (FIPS PUB

46). [2]

DES relies upon the encryption techniques of confusion and diffusion. Confusion is

accomplished through substitution. Specially chosen sections of data are substituted for

corresponding sections from the original data. The choice of the substituted data is based

upon the key and the original plaintext. [3] The S-boxes do the real mixing (confusion).

DES uses 8 S-boxes, each with a 6-bit input and a 4-bit output. [4]

Figure 2.1: S-boxes

Figure 2.2: S-box rule

Diffusion is accomplished through permutation. The data is permuted by rearranging the

order of the various sections. These permutations, like the substitutions, are based upon

the key and the original plaintext. [3]

Figure 2.3: Initial and final permutation steps in DES

The substitutions and permutations are specified by the DES algorithm. Chosen sections

of the key and the data are manipulated mathematically and then used as the input to a

look-up table. In DES, these tables are called the S-boxes and the P-boxes, for the

substitution tables and the permutation tables, respectively.

Table 2.1: Substitution Table for DES

 Table 2.2: Permutation Table for DES

Usually the S- and P-boxes are combined so that the substitution and following

permutation for each round can be done with a single look-up. In order to calculate the

inputs to the S- and P-box arrays, portions of the data are XORed with portions of the

key. One of the 32-bit halves of the 64-bit data and the 56-bit key are used. Because the

key is longer than the data half, the 32-bit data half is sent through an expansion

permutation which rearranges its bits, repeating certain bits, to form a 48-bit product.

Similarly the 56-bit key undergoes a compression permutation which rearranges its bits,

discarding certain bits, to form a 48-bit product. The S and P-box look-ups and the

calculations upon the key and data which generate the inputs to these table look-ups

constitute a single round of DES. [3]

This same process of S- and P-box substitution and permutation is repeated sixteen times,

forming the sixteen rounds of the DES algorithm. There are also initial and final

permutations which occur before and after the sixteen rounds. These initial and final

permutations exist for historical reasons dealing with implementation on hardware and do

not improve the security of the algorithm. For this reason they are sometimes left out of

implementations of DES.

Figure 2.4: Single Round of DES Algorithm

2.1 KEY GENERATION

The round-key generator creates sixteen 48-bit keys out of a 56-bit cipher key. However,

the cipher key is normally given as a 64-bit key in which 8 extra bits are the parity bits,

which are dropped before the actual key-generation process, as indicated by the lack of

shading in Table 3.4a. The key is first subjected to a permutation governed by a table

labeled Permuted Choice One (Table 3.4b). The resulting 56-bit key is then treated as two

28-bit quantities, labeled Co and Do. At each round (figure …), Ci - 1 and Di - 1 are
separately subjected to a circular left shift or (rotation) of 1 or 2 bits, as governed by

Table 3.4d.These shifted values serve as input to the next round. They also serve as input

to the part labeled Permuted Choice Two (Table 3.4c), which produces a 48-bit output

that serves as input to the function.

Table 2.3: DES Key Schedule Calculation

2.2 THE STRENGTH OF DES

Since its adoption as a federal standard, there have been lingering concerns about the

level of security provided by DES. These concerns, by and large, fall into two areas: key

size and the nature of the algorithm. [1]

Critics have used a strong magnifier to analyze DES. Tests have been done to measure

the strength of some desired properties in a block cipher. Two desired properties of a

block cipher are the avalanche effect and the completeness.

2.2.1 The Use of 56-Bit Keys

With a key length of 56 bits, there are 256 possible keys, which is approximately

7.2 x 1016 keys. Thus, on the face of it, a brute-force attack appears impractical.

Assuming that, on average, half the key space has to be searched, a single machine

performing one DES encryption per microsecond would take more than a thousand years.

[1]

2.2.2 The Nature of the DES Algorithm

Another concern is the possibility that cryptanalysis is possible by exploiting the

characteristics of the DES algorithm. The focus of concern has been on the eight

substitution tables, or S-boxes, that are used in each iteration. Because the design criteria

for these boxes, and indeed for the entire algorithm, were not made public, there is a

suspicion that the boxes were constructed in such a way that cryptanalysis is possible for

an opponent who knows the weaknesses in the S-boxes. This assertion is tantalizing, and

over the years a number of regularities and unexpected behaviors of the S-boxes have

been discovered. Despite this, no one has so far succeeded in discovering the supposed

fatal weaknesses in the S-boxes. [1]

2.2.3 Avalanche Effect

Avalanche effect means a small change in the plaintext (or key) should create a

significant change in the ciphertext. DES has been proved to be strong with regard to this

property. [4]

2.2.4 Completeness Effect

Completeness effect means that each bit of the ciphertext needs to depend on many bits

on the plaintext. The diffusion and confusion produced by D-boxes and S-boxes in DES

show a very strong completeness effect. [4]

2.2.5 Timing Attack

A timing attack is one in which information about the key or the plaintext is obtained by

observing how long it takes a given implementation to perform decryptions on various

ciphertexts. A timing attack exploits the fact that an encryption or decryption algorithm

often takes slightly different amounts of time on different inputs. Although this is an

interesting line of attack, it so far appears unlikely that this technique will ever be

successful against DES or more powerful symmetric ciphers such as triple DES and AES

DES finally and definitively proved insecure in July 1998, when the Electronic Frontier

Foundation (EFF) announced that it had broken a DES encryption using a special-

purpose “DES cracker” machine. The attack took less than three days. The EFF has

published a detailed description of the machine, enabling others to build their own

cracker. [2]
2.3 DES WEAKNESSES

During the last few years critics have found some weaknesses in DES. At least three

weaknesses are mentioned in the literature for S-boxes.

1. In S-box 4, the last three output bits can be derived in the same way as the first

output bit by complementing some of the input bits.

2. Two specifically chosen inputs to an S-box array can create the same output.

3. It is possible to obtain the same output in a single round by changing bits in

only three neighboring S-boxes.

One mystery and one weakness were found in the design of D-boxes:

1. It is not clear why the designers of DES used the initial and final permutations;

these have no security benefits.

2. In the expansion permutation (inside the function), the first and fourth bits of

every 4-bit series are repeated.

Several weaknesses have also been found in the cipher key. Critics believe that the most

serious weakness of DES is in its key size (56 bits). To do a brute-force attack on a given

ciphertext block, the adversary needs to check 256 keys. With available technology, it is

possible to check one million keys per second. This means that we need more than two

thousand years to do brute-force attacks on DES using only a computer with one

processor. If we can make a computer with one million chips (parallel processing), then

we can test the whole key domain in approximately 20 hours. When DES was introduced,

the cost of such a computer was over several million dollars, but the cost has dropped

rapidly. A special computer was built in 1998 that found the key in 112 hours.
2.4 ATTACKS ON DES

DES, as the first important block cipher, has gone through much scrutiny. There are

many attacks and methods recorded till now that exploits the weaknesses of DES, which

made it an insecure block cipher. The following are examples of attacks on DES.

2.4.1 A Brute Force Attack

A brute force attack systematically attempts every possible key. It is most often used in a

known plaintext or ciphertext-only attack. Given a finite key length and sufficient time, a

brute force attack is always successful. Encryption algorithms can become susceptible to

brute force attacks over time as CPU speeds increase. [3]

2.4.2 Meet-in-Middle Attack

Meet-in-middle attacks can be used against cryptographic algorithms that use multiple

keys for encryption. An example of a successful meet-in-middle attack is the attack

versus Double DES. The meet-in-middle attack is a known plaintext attack; the

cryptanalyst has access to both the plaintext and resulting ciphertext. In this example,

assume the plaintext is "Cat," and the resulting double DES ciphertext is "BzX." The

cryptanalyst wants to recover the two keys (called Key1 and Key2) used for encryption.

The cryptanalyst first conducts a brute force attack on Key1 using all 256 different Single-

DES keys to encrypt the plaintext of "Cat" and saves each key and the resulting

intermediate ciphertext in a table. The analyst then brute forces Key2, decrypting "BzX"

up to 256 times. [3]

2.4.3 Linear Cryptanalysis

Linear cryptanalysis is a known plaintext attack that requires access to large amounts of

plaintext and ciphertext pairs encrypted with an unknown key. It focuses on statistical

analysis against one round of decryption on large amounts of ciphertext. The cryptanalyst

decrypts each ciphertext using all possible subkeys for one round of encryption and

studies the resulting intermediate ciphertext to seek the least random result. A subkey that

produces the least random intermediate cipher for all ciphertexts becomes a candidate key

(the most likely subkey). [3]

DES is more vulnerable to linear cryptanalysis than to differential cryptanalysis, probably

because this type of attack was not known to the designers of DES. S-boxes are not very

resistant to linear cryptanalysis. It has been shown that DES can be broken using 243

pairs of known plaintexts. However, from the practical point of view, finding so many

pairs is very unlikely. [4]

2.4.4 Differential Cryptanalysis

Differential cryptanalysis is a chosen plaintext attack that seeks to discover a relationship

between ciphertexts produced by two related plaintexts. It focuses on statistical analysis

of two inputs and two outputs of a cryptographic algorithm.

It has been revealed that the designers of DES already knew about this type of attack and

designed S-boxes and chose 16 as the number of rounds to make DES specifically

resistant to this type of attack. Today, it has been shown that DES can be broken using

differential cryptanalysis if we have 247 chosen plaintexts or 255 known plaintexts.

Although this looks more efficient than a brute-force attack, finding 247 chosen

plaintexts or 255 know plaintexts is impractical. Therefore, we can say that DES is

resistant to differential cryptanalysis. It has also been shown that increasing the number

of rounds to 20 require more than 264 chosen plaintexts for this attack, which is

impossible because the possible number of plaintext blocks in DES is only 264.

2.5 DES MODE OF OPERATION

The DES algorithm turns a 64-bit message block M into a 64-bit cipher block C. If each

64-bit block is encrypted individually, then the mode of encryption is called Electronic

Code Book (ECB) mode. There are other modes of DES encryption as shown in the table.

Table 2.4: Block Cipher Modes of Operation

2.6 PREVIOUS WORK ON DES

In many research works DES was modified in many field of its encryption/ decryption

model to make it better. First, Double-DES (2DES) was proposed to encrypt the same

data block (64 bit) twice using two different keys or same key. Then, Triple-DES (3DES)

was proposed to increase the length of the key which uses 3 keys and also Generalized-

DES was proposed to obtain faster algorithm but these were still vulnerable to attacks.

Using a time variable key makes DES a less vulnerable to these attacks. [5]

Similar project work in this area also includes

1. Enhanced Data Encryption Standard using Variable Size Key (128N Bits) and 96

Bit Sub key. [6]

2. Enhancing DES Using Local Languages. [7]

3. FPGA Implementation of the Pipelined Data Encryption Standard (DES) Based

on Variable Time Data Permutation. [11]

This project proposes a new algorithm to enhance DES by changing the main key value

according to the output of a pseudorandom number generator that enables us to increase

the randomness of key variation. This provides more security against cryptanalysis

attack. [5]

In a computer system, which is a logical machine which behaves in a predictable way, it

can be hard to find a good source of randomness. The pseudorandom generator provides

random data calculated from an internal state and then updates the internal state. The

generator is seeded with the real random data periodically to make it hard to determine

the internal state. The choice of a proper PRNG is an important design consideration, it is
important to find a cryptographically strong PRNG, with an uncorrelated and uniform

spectrum. Equally important is finding a good system specific source of entropy (that is,

how many bits of acquired random data are truly random). [8]

Despite the growing concerns about its vulnerability, DES is still widely used by

financial services and other industries worldwide to protect sensitive on-line applications.

An ARM LPC2148 microprocessor was selected for implementing this project because of

its ISP (In-System Programming) feature [9], along with embedded C because it offers

high flexibility for up gradation of algorithm, with low cost design which will suit the

need of innovative embedded application.

2.7 ARM LPC2148 PROCESSOR

ARM (Advanced RISC Machines) is a family of RISC (Reduced Instruction Set

Computing) architectures. ARM's Global Technology Partner Network is the largest in

the industry, spanning from semiconductor manufacturers to distributors.

Although ARM does not manufacture processors itself, ARM licenses its cores to semi-

conductor manufacturers to be integrated into ASIC (Application Specific Integrated

Circuits) standards and then the company in using test chips manufactured by its partners

to measure and validate the functionality of the core.

The LPC2148 are based on a 16/32 bit ARM7TDMI-S™ CPU with real-time emulation

and embedded trace support, together with 128/512 kilobytes of embedded high speed

flash memory. A 128-bit wide memory interface and unique accelerator architecture

enable 32-bit code execution at maximum clock rate.

For critical code size applications, the alternative 16-bit Thumb Mode reduces code by

more than 30% with minimal performance penalty. With their compact 64 pin package,

low power consumption, various 32-bit timers, 4- channel 10-bit ADC, USB

PORT,PWM channels and 46 GPIO lines with up to 9 external interrupt pins these

microcontrollers are particularly suitable for industrial control, medical systems, access

control and point-of-sale.

With a wide range of serial communications interfaces, they are also very well suited for

communication gateways, protocol converters and embedded soft modems as well as

many other general-purpose applications.[10]

Figure 2.5: LPC2148 Pins

2.7.1 ARM7TDMI Processor Core [10]

The ARM7TDMI has a core based on the fourth version of the ARM architecture (Von

Neumann architecture). This implementation uses a three stage pipeline - a standard

fetch-decode-execute organization. It features a unified cache, Current low-end ARM

core for applications like digital mobile phones, as well as the Thumb extension

permitting 32-bit and 16-bit operation.

TDMI stands for:

T: Thumb, 16-bit compressed instruction set

D: on-chip Debug support, enabling the processor to halt in response to a debug request

M: enhanced Multiplier, yield a full 64-bit result, high performance

I: Embedded ICE hardware

Figure 2.6: ARM7 TDMI Processor Core

 CHAPTER 3

METHODOLOGY

3.1 OVERVIEW OF DES ALGORITHM

DES is a block cipher that takes 64-bit input and 64-bit key. A 64-bit output is produced.

The effective key length is 56 bits because every 8 bit is used as parity checking bit. [5]

The DES algorithm consists of 16 rounds as shown in Figure 3.1. The encryption is

carried out as shown below.

1. The plaintext is broken into blocks of 64-bit in length.

2. A message block of 64-bit firstly goes through an Initial Permutation (IP) and

then it is divided to two parts of 32 bits blocks (R0||L0) Right Plain Text (RPT)

and Left Plain Text (LPT).

3. It is processed through DES function as shown in Figure 3.2, in which 32 bit RPT

is expanded to 48 bits to be processed through XOR function with the round key.

The XOR output is converted from 48 bits to 32 bits through Substitution boxes

(S-boxes). The S boxes output is XORed with the 32 bit LPT (L0) and the output

is the RPT (R0) to the next round.

That is, the ith round of the algorithm transforms an input Li-1||Ri-1 to the output

Li||Ri using an 56bit key, k. where

Li = Ri – 1, Ri = Li - 1 ⊕ f (Ri - 1, ki)

And ki is the subkey for the ith round, where 1< i < 16.
 4. After Round 16, L16 and R16 are swapped, so that the decryption algorithm has the

same structure as the encryption algorithm.

The RPT bits of the previous round are the LPT of the next round except in the

last round, where the swap at the end of the round is skipped as illustrated below.

R16 = R15

L16 = L15 ⊕ f (R15, k16)

5. Finally, the block is gone through the Inverse Initial Permutation (IP-1) and then

output. The output of IP−1 is the 64-bit ciphertext.

The decryption of the algorithm does not differ from the encryption. The very same

algorithm is used, with the only difference being that we use the subkeys in reverse order.

56 Bit key
is mapped
into 48 bit
keys

k1 – k16

Figure 3.1: DES Algorithm

 f(Ri – 1, ki)

Figure 3.2: DES Function

Both the data and key are operated on in parallel as shown in figure 2.4 and 3.1; however

the operations are quite different. The 56 bit key is split into two 28 bit halves Ci and Di

(C and D being chosen so as not to be confused with L and R). The value of the key used

in any round is simply a left cyclic shift and a permuted contraction of that used in the

previous round. Mathematically, this can be written as

Ci = Lcsi(Ci−1), Di = Lcsi(Di−1)

ki = PC2(Ci, Di)

Where Lcsi is the left cyclic shift for round i, Ci and Di are the outputs after the shifts,

PC2(.) is a function which permutes and compresses a 56 bit number into a 48 bit number

and Ki is the actual key used in round i. The number of shifts is either one or two and is

determined by the round number i. For i = {1, 2, 9, 16} the number of shifts is one and

for every other round it is two (table 2.3d).

3.2 DES USING TIME VARIABLE KEY

In order to obtain time-variant behavior that increases the security of DES, the new

scheme for key generation has been used as shown in Figure 3.3.

64 bit Key
Clock
Rotate Key By
Counter
N

PC 1

Left Shift Left Shift

PC 2
Left Shift Left Shift
PC 2

Left Shift Left Shift

PC 2

Figure 3.3: Key Variation based on Counter

For any counter value, the main key is rotated using this value. For example, when the

counter value is 2 (N=2), the main key is rotated two times to achieve a new key that will

be used in encryption process. As a result of this, for the same plain text, there are

different cipher texts because of the time variant behavior. The counter value is encrypted

and then transmitted with the ciphered data to guide the receiver to use the intended key.

The disadvantage of this scheme is that the counter sequence is repeated after time, so we

have to develop a randomness property in key variation.

 Figure 3.4: Pseudorandom number generator

Figure 3.4 describes a pseudorandom number generator which is based on Linear

Feedback Shift Register (LFSR). This type is also known as a hybrid type because it

depends on feedback property and variable input that is varied with the clock. The start

value that will be in the register is called a seed. Every clock cycle the rotation process is

achieved through the XOR function. Using a pseudorandom number generator to control

key variation increases the randomness of key variation thereby enhancing security of the

algorithm.
PC_2
PC_2
PC_2

Figure 3.5: Key Variation based on Pseudorandom Number Generators

Figure 3.5 describes the key variation based on pseudorandom number generation using

Linear Feedback Shift Register (LFSR).

3.3 IMPLEMENTATION OF DES USING EMBEDDED C

This new schemes was implemented using Philips LPC2148 microcontrollers which are

based on a 32/16 bit ARM7TDMI-S CPU with real-time emulation and embedded trace

support, that combines the microcontroller with embedded high speed flash memory of

512 kB .

Using Triton IDE tool for programming with embedded C language, the DES algorithm

was implemented by defining functions for various steps in DES; also look up table

approach was preferred to have a table for the expansion and for each permutation. The

selection functions ("Sboxes"S1 ... S8) were implemented as eight two-dimensional

lookup tables.

The important functions and its operation used in the program are shown in appendix A.

Additional functions were also used for plaintext to hex, hex to binary, binary to hex, and

hex to plain text conversion.

Peripheral function for interfacing Hex keypad and 16x2 LCD display with ARM were

also used along with UART function for interfacing HyperTerminal of Desktop PC with

ARM LPC2148 with a Baud rate of 38400. Mode of encryption and decryption was

selected as Electronic Code Book (ECB).

3.4 CIRCUIT DIAGRAM

Figure 3.6: Circuit Diagram

 CHAPTER FOUR

RESULTS

4.1 SYSTEM TEST ENVIRONMENT AND REQUIREMENTS

In the Implementation plain text can be taken from HyperTerminal as well as hex

keypad interfaced to the ARM development board. The result from HyperTerminal input

is shown below.

Figure 4.1: Experimental setup for programming LPC 2148 board

Figure 4.2: ARM LPC2148 board

 Figure 4.3: Triton IDE software

Figure 4.4: Burning time varying key DES HEX file to ARM microcontroller

Figure 4.1, 4.2 and 4.3 displays the images of the setup and IDE used for the

implementation. Figure 4.4 displays the HEX file burning procedure to the ARM in ISP

mode using Philips flash Utility tool.

Following figures shows the result of the implementation. HyperTerminal was used to

transmit the plaintext to the ARM development board using UART at 38400 baud rate.

Figure 4.5 displays the plaintext transmitted through the HyperTerminal and the

encrypted text received from the ARM board by using DES using pseudorandom number

generator approach. The plaintext is 128 bit wide, so DES required two ECB execution,

though the plaintext was repeated twice ABCDEFGH & ABCDEFGH but their equivalent

encrypted cipher was not repeated which confirms the variable key approach of our

implementation.

Figure 4.5: Pseudorandom variable key approach encrypted output

Figure 4.6 shows the decryption of same ciphertext using synchronous pseudorandom

number generation approach which is output to LCD displayed. The decrypted text was

same as input plaintext, which showed successful implementation of variable key

technique.
 Figure 4.6: Decrypted data output on 16x2 LCD

The counter approach of variable key was also implemented on same board successfully.

When counting the total clock cycles required for encryption of 64 bit data it was

observed that time required for counter approach was more as compared to the random

number generator approach. Also the randomness in counter approach was less as

compared to LSFR linear shift register random number generator.

 CHAPTER FIVE

DISCUSION/SUMMARRY/CONCLUSION

After successfully implementation we can encrypt or decrypt any file (text/ picture/

audio/ video) in secure way by using time variable key which makes data more secure

against attacks like Bruit force attack, linear cryptanalysis/differential crypt analysis etc.

In this project, two designs for DES encryption/decryption algorithm are implemented on

ARM LPC2148 hardware in combination with part of software using embedded C. Our

two designs depend on time-variable key concept. We used two methods to obtain time-

variable key.

The first one uses the counter to change the key and the second uses the hybrid

pseudorandom number generator to increase the randomness of key variation. For the

same plaintext and key, the ciphered text is varied with time. As a result of this, the

security of the algorithm has been increased. The security provided second approach was

more because of more randomness in its key generation as compared to first method. But

the speed of encryption was more for first method was more.
 RECOMMENDATIONS

Although the project worked as designed, there is still room for further improvement as

no work is said to be perfect until an improvement is said to be done on it. For further

work on the project I recommend the following

1. This project can also be performed on much more advanced processor BCM2835

(ARM11) with more ease.

2. A remote Zigbee communication device can also be added to transmit and receive

data wirelessly.

3. Proload can be used if LPC2000 flash utility is not available. Proload is software

which accepts only hex files.

4. Keil compiler can also be used in place of a Triton IDE.

CONTRIBUTION TO KNOWLEDGE

This study has been able to contribute to knowledge by introducing a strategy to securely

transfer data or information over wired or wireless public networks. This improves data

authentication, accountability, confidentiality and integrity. Also this work introduced a

system whereby Data Encryption Algorithm can be implemented on a microcontroller

with real-time emulation and embedded trace support that combines the microcontroller

with embedded high speed flash memory.

 APPENDIX A

The following are some of the important functions used in the program. Each function is

commented with its operation.

#include <LPC21xx.h>

#include<board.h>

/*Header files supporting ARM Microcontroller*/

void des_parity_key_permutation(int *, int *);

/*for removal of parity bit from 64 bit key to form 56 bit key*/

void des_make_half(int *, int *, int *);

/* splits 56 bit key into two 28 bit parts*/

void des_single_shift(int *, int *);

/* shifts 28 bit key part by single bit position*/

void des_double_shift(int *, int *);

/* shifts 28 bit key part by 2 bit position*/

void Pc_2(int *,int *,int *);

/* concatenates two 28 bit key parts to single 56 bit key for subkey generation*/

void des_permutation_48(int *,int *);

/* key compression permutation from 56 bit to 48 bit*/

void des_permutation_64(int *,int *,int *);

/*Initial permutation of 64 bit plaintext and splitting it in LPT & RPT*/

void des_round(int *,int *,int *,int *,int *);

/*DES function on LPT, RPT plaintext and subkey to give LPT & RPT for next DES

round*/
Void des_ permut_48(int *,int *);

/*Expansion of 32 bit RPT to 48 bits*/

void common_permutation(int *,int *);

/*Final/Inverse permutation*/

void des_counter_initialization(int *,int *)

/*initialize counter*/;

void des_counter_shiftingnumber(int *,int *);

/*reads number form counter to decide shift in encryption key*/

void des_randomnumber_generation(int *,int *);

/*reads random number form linear shift register to decide shift in encryption key*/