International Journal of Embedded Systems and Emerging Technologies

eISSN: 2456-723X Vol. 4: Issue 2

www.journalspub.com

FPGA Implementation of the RC4 Stream Cipher using Artix-7 1

R. Ghayoula1,2,*, A. Smida2, J. Fattahi3, E. Ghayoula3

Unit of Research in High Frequency Electronic Circuits and Systems, Faculty of Mathematical, Physical and Natural Sciences of Tunis, Tunis El Manar University, Tunis – 2092, Tunisia 2 Department of Medical Equipment Technology, College of Applied Medical Sciences, Majmaah University, Majmaah – 11952, Saudi Arabia 3 Laval University, Quebec City, Quebec, Canada

ABSTRACT The RC4 (for Rivest Cipher 4) encryption algorithm appeared in 1987. Its designer is none other than Ronald Rivest, one of the three inventors of the RSA algorithm. This algorithm is distinguished by its great simplicity and speed of encryption. The details of the algorithm were kept secret until a description, probably obtained by reverse engineering, was posted on the Cipherpunks mailing list in 1994. Speed and flexibility of RC4 algorithm are very fast, and due to these features, this stream-cipher is used in various security protocols and standards. A few hardware implementations were previously recommended in the literature with the objective of enhancing the performance, area or both. In this article, Artix-7-based RC4 stream-cipher is used for hardware implementation. Previous designs support fixed length keys, whereas the proposed system has capacity of varying length from 8 to 128 bits. Keywords: Artix-7, cipher, cryptosystem, FPGA, RC4, security *Corresponding Author E-mail: [email protected] INTRODUCTION The RC4 is a variable-length continuous key encryption algorithm developed in 1987 by Ron Rivest for RSA. It has long been kept secret before being published, and is now widely used, especially in the SSL protocol. RC4 is a stream-cipher extensively deployed in software applications; its attributes are simplicity, efficiency and fast outcome – feedback. It is unlike each of AES and DES; it requires less memory, usually utilized as the default cipher for SSL and TLS connections [1-3]. A report from research cell, dedicated to data protection for companies and critical applications on-premise and in the cloud, reveals new attack vulnerabilities on the Transport Layer Security (TLS/SSL) protocol, currently used to protect 30% of SSL transactions. The research team found

that using the RC4 encryption algorithm, "well known for poor encryption," she said, exposed billions of sensitive user data. According to Google statistics, collected from users who agreed to send statistics, 0.13% of HTTPS traffic would still be via RC4 encryption, against 0.08% for the stable channel of Firefox. Mozilla is less stingy in detail and also announces that, on the versions Nightly and Aurora of its navigator, which exploit white lists to authorize the passage to the RC4, it is more than question of 0.025%. Google and Microsoft recommend using a TLS encryption protocol in version 1.2. The new attack can cause SSL-protected data to leak in the order of 1 for 16 million RC4 crypts, which is thousands of potentially compromised secure messages each day. Imperva's investigation demonstrates the

IJESET (2018) 9–14 © JournalsPub 2018. All Rights Reserved

Page 9

FPGA Implementation of the RC4 Stream Cipher using Artix-7

importance of this leak, which allows you to conduct brute force attacks more quickly on passwords, credit card numbers, and cookies. In this paper involves the design of the conventional and fastest known architecture of the RC4 stream cipher and their hardware implementation in FPGA Artix-7. The performance of the design is analyzed based on delay and area. The paper is organized as follows. RC4 algorithm is presented in the second section. Synthesis and implementation is developed in the third section. Finally, the last section makes conclusions RC4 ALGORITHM RC4 is a pseudo-random bit generation algorithm (Figure 4). It allows, from a secret key to obtain a random and unique binary sequence of the same length of the clear text. Then he proceeds to XOR bit by bit to get the encrypted form. Encryption– decryption of block diagram is shown in Figures 1 and 2 simultaneously. The recipient will make an XOR between the received sequence and the original random sequence to find the message in clear. Properties of an OR eXclusive (XOR) • Easy to implement in hardware. • When XOR 2 times, we get the original value [4]. Encryption: Key ⊕ plaintext => encrypted text Decryption: Key ⊕ encrypted text => clear text To Problem: Transmit the Random Sequence Solution: Use a pseudo-random encryption sequence (key stream).

Ghayoula et al.

Plain text Key

Encryption Algorithm

Cipher text

Fig. 1. Encryption block diagram.

Cipher text Key Stream

Decryption Algorithm

Plain text

Fig. 2. Decryption block diagram [5, 6]. Assuming that A = plain text or data B = key stream Input: Clear text data, secret code Outcome: Coded text data 1) Get the data to be encoded and the chosen secret code. 2) Create two string arrays. 3) Initiate one array with numbers (0-255). 4) Fill the other array with the chosen secret code. 5) Randomize the first array depending on the array of the secret code. 6) Randomize the first array within itself to generate the final secret code stream. 7) XOR the final secret code stream with the data to be encrypted to give ciphertext. [7]

Initialization of S

/* Initialization */ for i = 0 to 255 do S[i] = i; T[i] = K[i mod keylen];

Next, we use T to deliver the underlying change of S. This includes beginning with and experiencing to, and for each, swapping with another byte in as indicated by a plan directed by

RC4 can produce random bits continuously from a given state table. If the recipient can reconstruct the given state table, he/she can regenerate the random sequence and decipher the message. IJESET (2018) 9–14 © JournalsPub 2018. All Rights Reserved

/* Initial Permutation of S */ j = 0; for i = 0 to 255 do j = (j + S[i] + T[i]) mod 256; Swap (S[i], S[j]);

Page 10

International Journal of Embedded Systems and Emerging Technologies

eISSN: 2456-723X Vol. 4: Issue 2

www.journalspub.com j

i

1

0

2

S[i]+S[j]

i

253 254

j

255

S S[i]

S[j]

S[i]+S[j]

K

Fig. 3. Coupling in receiving mode. /* Stream Generation */ i, j = 0; while (true) i = (i + 1) mod 256; j = (j + S[i]) mod 256; Swap (S[i], S[j]); t = (S[i] + S[j]) mod 256; k = S[t]; Start

Start

i=j=0

i=j=n=0

S[i]=i i=i+1

j=j+S[i] i=i+1

yes

i≤255

swap(S[i],S[j]) t=S[i]+S[j] Cipheringkey=S[t] n=n+1

j=(j+S[i])+k[i %255] swap(S[i],S[j]) i=i+1

i≤255

yes

no End

yes

n

eISSN: 2456-723X Vol. 4: Issue 2

www.journalspub.com

FPGA Implementation of the RC4 Stream Cipher using Artix-7 1

R. Ghayoula1,2,*, A. Smida2, J. Fattahi3, E. Ghayoula3

Unit of Research in High Frequency Electronic Circuits and Systems, Faculty of Mathematical, Physical and Natural Sciences of Tunis, Tunis El Manar University, Tunis – 2092, Tunisia 2 Department of Medical Equipment Technology, College of Applied Medical Sciences, Majmaah University, Majmaah – 11952, Saudi Arabia 3 Laval University, Quebec City, Quebec, Canada

ABSTRACT The RC4 (for Rivest Cipher 4) encryption algorithm appeared in 1987. Its designer is none other than Ronald Rivest, one of the three inventors of the RSA algorithm. This algorithm is distinguished by its great simplicity and speed of encryption. The details of the algorithm were kept secret until a description, probably obtained by reverse engineering, was posted on the Cipherpunks mailing list in 1994. Speed and flexibility of RC4 algorithm are very fast, and due to these features, this stream-cipher is used in various security protocols and standards. A few hardware implementations were previously recommended in the literature with the objective of enhancing the performance, area or both. In this article, Artix-7-based RC4 stream-cipher is used for hardware implementation. Previous designs support fixed length keys, whereas the proposed system has capacity of varying length from 8 to 128 bits. Keywords: Artix-7, cipher, cryptosystem, FPGA, RC4, security *Corresponding Author E-mail: [email protected] INTRODUCTION The RC4 is a variable-length continuous key encryption algorithm developed in 1987 by Ron Rivest for RSA. It has long been kept secret before being published, and is now widely used, especially in the SSL protocol. RC4 is a stream-cipher extensively deployed in software applications; its attributes are simplicity, efficiency and fast outcome – feedback. It is unlike each of AES and DES; it requires less memory, usually utilized as the default cipher for SSL and TLS connections [1-3]. A report from research cell, dedicated to data protection for companies and critical applications on-premise and in the cloud, reveals new attack vulnerabilities on the Transport Layer Security (TLS/SSL) protocol, currently used to protect 30% of SSL transactions. The research team found

that using the RC4 encryption algorithm, "well known for poor encryption," she said, exposed billions of sensitive user data. According to Google statistics, collected from users who agreed to send statistics, 0.13% of HTTPS traffic would still be via RC4 encryption, against 0.08% for the stable channel of Firefox. Mozilla is less stingy in detail and also announces that, on the versions Nightly and Aurora of its navigator, which exploit white lists to authorize the passage to the RC4, it is more than question of 0.025%. Google and Microsoft recommend using a TLS encryption protocol in version 1.2. The new attack can cause SSL-protected data to leak in the order of 1 for 16 million RC4 crypts, which is thousands of potentially compromised secure messages each day. Imperva's investigation demonstrates the

IJESET (2018) 9–14 © JournalsPub 2018. All Rights Reserved

Page 9

FPGA Implementation of the RC4 Stream Cipher using Artix-7

importance of this leak, which allows you to conduct brute force attacks more quickly on passwords, credit card numbers, and cookies. In this paper involves the design of the conventional and fastest known architecture of the RC4 stream cipher and their hardware implementation in FPGA Artix-7. The performance of the design is analyzed based on delay and area. The paper is organized as follows. RC4 algorithm is presented in the second section. Synthesis and implementation is developed in the third section. Finally, the last section makes conclusions RC4 ALGORITHM RC4 is a pseudo-random bit generation algorithm (Figure 4). It allows, from a secret key to obtain a random and unique binary sequence of the same length of the clear text. Then he proceeds to XOR bit by bit to get the encrypted form. Encryption– decryption of block diagram is shown in Figures 1 and 2 simultaneously. The recipient will make an XOR between the received sequence and the original random sequence to find the message in clear. Properties of an OR eXclusive (XOR) • Easy to implement in hardware. • When XOR 2 times, we get the original value [4]. Encryption: Key ⊕ plaintext => encrypted text Decryption: Key ⊕ encrypted text => clear text To Problem: Transmit the Random Sequence Solution: Use a pseudo-random encryption sequence (key stream).

Ghayoula et al.

Plain text Key

Encryption Algorithm

Cipher text

Fig. 1. Encryption block diagram.

Cipher text Key Stream

Decryption Algorithm

Plain text

Fig. 2. Decryption block diagram [5, 6]. Assuming that A = plain text or data B = key stream Input: Clear text data, secret code Outcome: Coded text data 1) Get the data to be encoded and the chosen secret code. 2) Create two string arrays. 3) Initiate one array with numbers (0-255). 4) Fill the other array with the chosen secret code. 5) Randomize the first array depending on the array of the secret code. 6) Randomize the first array within itself to generate the final secret code stream. 7) XOR the final secret code stream with the data to be encrypted to give ciphertext. [7]

Initialization of S

/* Initialization */ for i = 0 to 255 do S[i] = i; T[i] = K[i mod keylen];

Next, we use T to deliver the underlying change of S. This includes beginning with and experiencing to, and for each, swapping with another byte in as indicated by a plan directed by

RC4 can produce random bits continuously from a given state table. If the recipient can reconstruct the given state table, he/she can regenerate the random sequence and decipher the message. IJESET (2018) 9–14 © JournalsPub 2018. All Rights Reserved

/* Initial Permutation of S */ j = 0; for i = 0 to 255 do j = (j + S[i] + T[i]) mod 256; Swap (S[i], S[j]);

Page 10

International Journal of Embedded Systems and Emerging Technologies

eISSN: 2456-723X Vol. 4: Issue 2

www.journalspub.com j

i

1

0

2

S[i]+S[j]

i

253 254

j

255

S S[i]

S[j]

S[i]+S[j]

K

Fig. 3. Coupling in receiving mode. /* Stream Generation */ i, j = 0; while (true) i = (i + 1) mod 256; j = (j + S[i]) mod 256; Swap (S[i], S[j]); t = (S[i] + S[j]) mod 256; k = S[t]; Start

Start

i=j=0

i=j=n=0

S[i]=i i=i+1

j=j+S[i] i=i+1

yes

i≤255

swap(S[i],S[j]) t=S[i]+S[j] Cipheringkey=S[t] n=n+1

j=(j+S[i])+k[i %255] swap(S[i],S[j]) i=i+1

i≤255

yes

no End

yes

n