 Open Access
 Total Downloads : 1050
 Authors : V.Jeevan Kanth, P.Bujji Babu
 Paper ID : IJERTV1IS9410
 Volume & Issue : Volume 01, Issue 09 (November 2012)
 Published (First Online): 02122012
 ISSN (Online) : 22780181
 Publisher Name : IJERT
 License: This work is licensed under a Creative Commons Attribution 4.0 International License
Design and Implementation of the HighEnd SAFER + Encryption Algorithm
V.Jeevan kanth P.Bujji babu
M.Tech. Student Assistant Professor
Abstract
In this paper, a VLSI design and implementation for the highend SAFER+ encryption algorithm is presented. The combination of security, and high speed implementation, makes SAFER+ a very good choice for wireless systems. The SAFER+ algorithm is a basic component in the authentication Bluetooth mechanism. The relation between the algorithm properties and the VLSI architecture are described. Performance of the algorithm is evaluated based on the data throughput, frequency and security level. The results show that the modified SAFER plus algorithm has enhanced security compared to the existing algorithms.
Key words: Secure And Fast Encryption Routine, Pseudo Hadamard Transform, Encryption and description, Bluetooth.

Introduction
Wireless communication technology has advanced at a very fast pace during the last years, creating new applications and opportunities. In addition, the number of computing and telecommunications devices is increasing. Special attention has to be given in order to connect efficiently these devices. In the past, cable and infrared light connectivity methods were used. The cable solution is complicated since it requires special connectors, cables and space. This produces a lot of malfunctions and connectivity problems. The infrared solution requires line of sight. In order to solve these problems a new technology, named Bluetooth, has been developed. With this communication system, users are able to connect a wide range of computing and telecommunication devices easily and simply with out need for connecting cables. Unlike wireless LANs such as 802.11b, it was designed to be low power, operate over a short range, and support both
data and voice services. It enables peertopeer communications among many types of handheld and mobile devices. Furthermore, it provides a conceptually simple communication model and lets these devices exchange information and work together to benefit the user.

Bluetooth Technology
Bluetooth is a technology for short range wireless data and real time twoway voice transfer providing data rates up to 3 Mb/s. It operates at
2.4 GHz frequency in the free ISMband (Industrial, Scientific, and Medical) using frequency hopping Bluetooth can be used to connect almost any kind of device to another device. Typical range of Bluetooth communication varies from 10 to 100 meters indoors. Bluetooth technology and associated devices are susceptible to general wireless networking threats, such as denial of service attacks, eavesdropping, maninthemiddle attacks, message modification, and resource misappropriation. They are also threatened by more specific Bluetoothrelated attacks that target known vulnerabilities in Bluetooth implementations and specifications. Attacks against improperly secured Bluetooth implementations can provide attackers with unauthorized access to sensitive information and unauthorized usage of Bluetooth devices and other systems or networks to which the devices are connected.
There are several security algorithms available to ensure the security in wireless network devices. Some of the major methods are AES, DES, Triple DES, IDEA, BLOWFISH,
SAFER+,ECDH etc. The SAFER+ algorithm is based on the existing SAFER family of ciphers. Although SAFER+ is the most widely used algorithm, it seems to have some vulnerabilities. This proves that proposed SAFER+ algorithm has better data throughput and frequency than the existing algorithms.

Description of SAFER + Algorithm
The SAFER+ (Secure And Fast Encryption Routine) algorithm is based on the existing SAFER family of ciphers, which comprises the ciphers SAFER K64, SAFER K128, SAFER SK128. They
have been developed by James L. Massey at the ETH Zurich. SAFER+ (as is also the case with all prior ciphers in the SAFER family) is neither a Feistel cipher nor a substitutionpermutation cipher. There is no fundamental reason to alternate between substitutions and permutations to create good confusion and diffusion. All algorithms are byte oriented block encryption algorithms, which are characterized by the following two properties. First, they use a nonorthodox linear transformation, which, is called PseudoHadamardTransformation (PHT) for the desired diffusion, and second, they use additive constant factors (Bias vectors) in the scheduling for weak keys avoidance.
SAFER + is an iterated cipher in the sense that encryption is performed by applying the same transformation repeatedly for r rounds, then applying an output transformation; r =6 is recommended but larger values of r can be used if desired for even greater security. Each round uses two 16byte (128 bit) sub keys determined by a key schedule from the secret 16byte userselected key. The output transformation uses another 16byte sub key determined by the key schedule. One unusual feature of SAFER + is that, in contrast to most recently proposed iterated block ciphers, encryption and decryption are slightly different (i.e., they differ by more than just the reversal of the key schedule).
Cryptographic strength of SAFER+ on most effective general attacks against ciphers are Differential cryptanalysis and Linear Cryptanalysis.

Architecture of SAFER + Algorithm
The architecture for the implementation of the SAFER+ algorithm consists of the two main components as shown in the figure 4.1, the data encryption path and the key scheduling. The plain text passes through the r rounds of encryption where r is determined by the key length chosen for the encryption. In our implementation we are using key size is 128 bits, so the no of rounds becomes eight. Two 16byte round sub keys are used within the each round of encryption. These round sub keys are determined from the userselected key according to a key scheduling. Finally the last round sub key 2r+1 is to Mixed XOR/Byte Addition with the r rounds of encryption. This addition constitutes the output
transformation for safer+ encryption. The encrypted text is a cipher text.
The input for the decryption of the safer+ is the cipher text block of 16bytes.The decryption begins with the input transformation that undoes the output transform in the encryption process. This block then process through the r rounds of decryption, round1 of which undoes the round of encryption, round r undoes the encryption of round1 of encryption to produce the original plaintext. The round sub keys used for decryption used same as encryption but applied in reverse order.
Fig 4.1. SAFER + Block Diagram Hardware Implementation

SAFER + Encryption Single Round
In this proposed design the whole single round of the SAFER+ algorithm is implemented. In order to run the whole SAFER+ algorithm eight loops of the single round implementation are needed
.The single round implementation is chosen because the required system throughput can be achieved and in the same time the covered area is minimized. This block takes two 128 bit keys and 128bit plain text as inputs and output will be 128cipher.
A Safer+ single round has four subunits:
The mixed XOR/addition subunit, which combines data with the appropriate round sub key K2r1.
The nonlinear layer (use of the nonlinear functions e and l). The e function is implemented as y
= 45x in GF (257), except that 45128 = 0. The l function is implemented as y = log45(x) in GF (257), except that log45 (0) = 128.
The mixedaddition/XOR subunit, which combines data with the round sub key K2r
The four linear PseudoHadamard Transformation layers, connected through an Armenian Shuffle
The implementation of the nonlinear layer using a datamapping component that produces the X1 and X2 bytes is done. These bytes are the input of the nonlinear functions e and l. During one round, we execute e and l eight times. This design significantly reduces the required silicon area. Each function is implemented using 256 bytes of ROM.
Fig 4.2. SAFER + Single Round

MODULAR ADDITION
Safer+ algorithm involves four layers of 8 bit modular additions. Modular adders and bitwise exor are interleaved alternatively in each of the four layers. This modular addition is performed over GF (256). Illustration of modular addition blocks interleaved with bitwise exor blocks have been shown in figure 4.2.

BIT EXOR
Bitwise exor blocks are also used in the single round of safer+ algorithm in combination with modular addition blocks. This has been illustrated in figure 4.2.

Exponential and Logarithm in Nonlinear layer
Substitution box layer introduces non linearity to the safer+ algorithm which is an essential feature in any of the security algorithms. Substitution box contains e and l nonlinear functions and have been defined as follows.
Total eight e and l blocks are required for the algorithm. The choice of exptab (.) and logtab (.) as the mutually inverse nonlinear functions within the nonlinear layer of a round of SAFER+ was motivated by several factors. First of all, these are welldefined mathematical functions and their use obviates the suspicious of intentional weakness that might be raised if mutually inverse nonlinear functions defined only by random looking tables were chosen. The element 45 is a primitive element of this field, i.e., its first 256 powers generate all 256 nonzero field elements. The Data Demapping unit performs the reverse function of the Data Mapping.
e is implemented as y1=45^x1 in GF(257)…(1)
l is implemented as x1=log45(y1) in GF (257)..(2)
With the exceptions that in e block implementation taking y1=0 when the x1=128 in eq(1).In lblock implementation taking x1=128 when the y1=0 in eq(2). Because the l and e block functions are reverse to each other. In the encryption one particular block is applied to the e block, the same block is applied to the lblock in the process of a decryption. In order to get the same plaintext.

PseudoHadamard Transform (PHT)
PHT stands for Pseudo Hadamard Transform. If the two input bytes to a 2PHT are (in1, in2), where in1 is the most significant byte, then the two output bytes are (out1, out2). The design of PHT element is shown in Fig.4.3. The PHT Implementation Multiplication by 2 can be achieved by one bit left wired shift.
PHT (in1, in2) = (2in1+ in2, in1+ in2).
The outputs of the PHT,
out1 = 2in1+ in2 out2 = in1+ in2
Fig 4.3 Design of Pseudo Hadamard Transform
The PHT boxes defined as
The four linear PHT layers connected through the permutations. The permutation boxes show how input byte indices are mapped into the output byte indices. Thus, position 0 (leftmost) is mapped on position 8; position 1 is mapped on position 11, etc.



Key Scheduling
The 2r+1 16byte SAFER+ round sub keys required for the r rounds and for the output transformation of encryption (which are the same as those required for the input transformation and the r rounds of decryption ) are produced from the input key according to a key. The key scheduling is shown in the figure 5.1
Calculation of biases for key schedules:
The key schedules of SAFER+ make use of 16byte bias words to randomize the round sub keys produced .The required number of bias words is the same as the number 2r+1 of round sub keys, i.e., this number is 17,25 or 33 depending on whether the userselected key length is 128 bits,192 bits or 256 bits respectively. The first bias word, however, is a dummy word that is never used but is convenient to have defined for programming purposes.
Let Bi denote the ith bias word and let Bi,j denote the jth byte of this ith bias word. For bias words B2, B3B17, which are used in all the key schedules and are the only bias words needed for a
128bit userselected key, the bias bytes are computed in the following manner:
Bi, j =
where Bi,j is represented as 0 in case this expression gives a value of 256 and) where this expression applies for i=2,3,..17 and j=1,2,.16.The bias words B18,B19,.B33, of which only the first eight are needed for a 192bit user selected key but all sixteen of which are needed for a 256bit userselected key, are computed in the following manner.
Figure 5.1. SAFER+ key schedule for 128 bit key
Conclusion
In this project, implementation of Safer+ algorithm (which is most important algorithm in Bluetooth security architecture) has been carried out successfully has been done. This project has helped me to become familiar with Verilog HDL, simulation tools, Modelsim and various synthesis tools. The whole design was captured entirely in the IEEE Verilog. VLSI implementation of the SAFER+ algorithm has been observed to work with a high throughput. The efficiency of the algorithm is evaluated by the analysis of parameters like encryption time, encryption frequency, and data throughput and security level. On comparison, the modified SAFER plus algorithm proved to be better for implementation in Bluetooth devices than the existing algorithms.
REFERENCES

Specification of the Bluetooth System, Specification Volume1, Version 1.1, February 22, 2001.

J.L. Massey, G. H. Khachatrian, M. K. Kuregian, Nomination of SAFER+ as Candidate Algorithm for the Advance Encryption Standard, First Advanced Encryption Standard Candidate Conference, Ventura, CA, August 20 22, 1998.

J. L. Massey, On the Optimality of SAFER+ Diffusion, Second Advanced Encryption Standard Candidate Conference (AES2), Rome, Italy, March 2223, on line available at http://csrc.nist.gov/encryption/aes/round1/conf2/aes2conf.h tm.

J. L. Massey, SAFER K64: A ByteOriented Block Ciphering Algorithm, Fast Software Encryption, Proceedings of the Cambridge Security Workshop, Cambridge, U.K, 1998, pp. 117.

Paraskevas Kitsos, Nicolas Sklavos, Kyriakos Papadomanolakis, and Odysseas Koufopavlou Hardware Implementation of Bluetooth Security IEEE CS and IEEE Communications Society, 2003

P. Kitsos, N. Sklavos and O. Koufopavlou HARDWARE IMPLEMENTATION OF THE SAFER+ ENCRYPTION ALGORITHM FOR THE BLUETOOTH SYSTEM Proceedings of IEEE International Symposium on Circuits & Systems (ISCAS'02), Vol. IV, pp. 878 881, USA, May 2629, 2002

Xilinx, San Jose, California, USA, Virtex, 2.5 V Field Programmable Gate Arrays, 2001, www.xilinx.com

D.Sharmila1, R.Neelaveni2
A Proposed SAFER Plus Security algorithm using Fast
Walsh Hadamard transform for Bluetooth Technology International Journal of Wireless & Mobile Networks (IJWMN), Vol 1, N0 2, November 2009