-
Notifications
You must be signed in to change notification settings - Fork 2
Cryptographic Algorithms
This page is used to display information in relation to the chosen Cryptographic algorithms to be used for the Reconfigurable Arduino Crypto FPGA Shield project. The project will implement at least 4 different cryptographic algorithms. Including, but not restricted to a symmetric encryption, a asymmetric encryption, a hash algorithm, a random number generator, and a key-exchange algorithms.
The OpenSSL project is a collective effort that seeks to develop a commercial grade, full-featured toolkit implementation of Secure Socket Layer (SSL) [1] and Transport Layer Security (TSL) [2]. The open-source project also offers general purpose cryptographic library, which can be used to further understand the functional behavior of the different cryptographic algorithms. A download of OpenSSL can be obtained by clicking the link.
Basic OpenSSL Functionality:
Listing the available Cypher commands: openssl list -cypher-commands
Encrypting messages contained in a text file (Using test_msg.txt): openssl enc -base64 -in
Example with AES-256: openssl -aes-256-cbc -base64 -in test_msg.txt
Encrypting message contained in a text file and outputting to another text file: openssl enc -base64 -in -out
Example with AES-256: openssl enc -aes-256-cbc -base64 -in test_input.txt -out test_output.txt
Decrypt encrypted message from a text file: openssl enc -aes-256-cbc -d -base64 -in
Example with AES-256: openssl enc -aes-256-cbc -d -base64 -in test_output.txt
[1] SSL stands for Secure Socket Layer protocol developed by Netscape and is the standard Internet protocol for secure communications. It's a type of socket communication and is located between TCP/IP and the upper layer application, requiring no changes to the application layer. The SSL protocol supports the use of a verity of different cryptographic algorithms, or ciphers, for use in operations such as authenticating the server and clients to each other, transmitting certificates, and establishing session keys.
[2] TLS stands for Transport Layer Security protocol which is used for the encapsulation of various higher-level protocols. The TLS handshake protocol, allows the server and client to authenticate each other and the negotiate an encryption algorithm and cryptographic keys before the application protocol transmits or receives its first byte of data. The TLS record protocol provides connection security that has the property of a private and reliable connection.
The Advanced Encryption Standard is a asymmetric encryption used for documents that contain sensitive, but not classified information. The standard specifies the Rijndael algorithm [1] , which is a symmetric block cipher [2] that can process data blocks [3] of 128-bits. The algorithm uses keys [4] of with length of 128, 192, and 256-bits. This produces three different types of the standard AES-128, AES-192, and AES-256. The standard encryption uses AES-128 where both the block and key size are 128-bits. The block size is commonly denoted by Nb and the key size is commonly denoted as Nk. Using AES-128 means that each block is made of 128-bits and therefore Nb is equal to 4. The algorithm uses a specified number of rounds to transform the data for each block. The initial block is added to a expanded key derived from the initial cipher key. Then the next round consists of operations of the S-box [5] , shifts, and a MixColumn. The results is added to the next expanded key and when all of the rounds are finished the final result is an encrypted cipher block.
[1] Chosen algorithm for the National Institute of Standards and Technology(NIST) from multiple submissions. The cryptographic algorithm specified in the AES. The algorithm was created by two Belgian computer scientists, Vincent Rijgmen and Joan Daemem.
[2] A series of transformations that convert plaintext to ciphertext using the Cipher Key.
[3] A sequence of binary bits that comprise the input, output, state, and round key. Can be interpreted as an array of bytes.
[4] A secret key that is used by the key expansion routine to generate a set of round keys.
[5] A lookup table with one-to-one mapping for byte-by-byte substitution and is used to convert plain text to cipher text. The byte values range from 0 to 255.
The Secure Hash Algorithm is part of the Secure Hash Standard that is typically used with other cryptographic algorithms, such as digital signature algorithms [1] , key-hash message authentication codes [2] , and in the generation of random numbers. This standard specifies secure hash algorithms for SHA-1 , SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, and SHA-512/256. All of the algorithms are one-way hash functions [3] that can process a message to produce a condensed representation. If any changes occur to the message then, with a high probability, the result will be a different condensed representation. The algorithms are different in there security strength of the data being hashed. The SHA-1 algorithm can be described in two stages. The preprocessing state which involves padding a message [4] , parsing [5] the padded message into m-bit blocks, and setting initialization values used in the other stage. The other stage is the hash computation stage which generates a message schedule [6] . The generated schedule, along with functions, constants, and word operations are used to generate a series of hash values. The final hash value generate is used to determine the condensed representation of the message. The SHA-1 algorithm generates a 160-bit condensed representation of the message.
[1] The Digital Signature Algorithm was approved in FIPS 186-4. It supports key sizes greater than or equal to 1024 bits specifying four choices for the pair of L and N.
[2] A type of message authentication code involving a cryptographic hash function and a secret cryptographic key.
[3]
[4]
[5]
[6]
National Institute of Standards and Technology, “Announcing the ADVANCED ENCRYPTION STANDARD (AES).” Federal Information Processing Standards Publications, 26-Nov-2001. https://csrc.nist.gov/csrc/media/publications/fips/197/final/documents/fips-197.pdf
D. Selent, “ADVANCED ENCRYPTION STANDARD,” InSight: River Academic Journal, vol. 6, no. Fall 2010, pp. 1–3. https://www2.rivier.edu/journal/ROAJ-Fall-2010/J455-Selent-AES.pdf
National Institute of Standards and Technology, “Secure Hash Standard (SHS).” Federal Information Processing Standards Publications, 11-Feb-2011. https://csrc.nist.gov/CSRC/media/Publications/fips/180/4/archive/2012-03-06/documents/Draft-FIPS180-4_Feb2011.pdf
M S.Bhiogade, “Secure Socket Layer.” InSITE - “Where Parallels Intersect,” Jun-2002. http://www.proceedings.informingscience.org/IS2002Proceedings/papers/Bhiog058Secur.pdf
T. Dierks and E. Rescorla, “The Transport Layer Security (TLS) Protocol Version 1.2.” Internet Engineering Task Force (IETF), Aug-2008. https://tools.ietf.org/html/rfc5246?as_url_id=AAAAAAX9LYfT5FURpjxopIdkL6XefRHxk32j9fhZGZYKeV3QuVtGSz_ZcoD1mio-zicIlyAU0eOVQ6iVVu2ohvDUbb23