FPGA Implementation of An Optimized Key Expansion Module of AES Algorithm For Secure Transmission of Personal ECG Signals
FPGA Implementation of An Optimized Key Expansion Module of AES Algorithm For Secure Transmission of Personal ECG Signals
FPGA Implementation of An Optimized Key Expansion Module of AES Algorithm For Secure Transmission of Personal ECG Signals
DOI 10.1007/s10617-017-9189-5
1 Introduction
We are living in the world, where information is treated as an asset. So whenever an informa-
tion is stored or transmitted over a network from one end to another, there is high probability
of those information gets stolen or altered. This kind of unauthorized access to the infor-
mation over a network must be prevented. The most important tool for providing network
security is cryptography. Confidentiality, Integrity and Authentication are the three important
goals of cryptography. Cryptographic science has been used by the people before 4000 years
itself.
123
T. Manoj Kumar, P. Karthigaikumar
In the last two decades, many cryptographic algorithms have been developed. Among those
algorithms, AES still stands tall providing security against third party unauthorized access
to our information. In 2001 AES was published as Federal Information Processing Standard
in federal register [1]. AES architecture (Rijndael) was jointly invented and processed by
Belgian researchers Joan Daemen and Vincent Rijment [2]. Since AES is the best crypto-
graphic algorithm till now, we have chosen AES algorithm for the secure transmission of
ECG signals [3]. This algorithm can also be applied to several other biomedical signals.
All over the world, patients records are often tend to move from one doctor to other. In some
cases it is necessary to transmit the record across the countries to get the clear interception
of the information in the patient record. In order to reduce the transportation cost, patient’s
reports are being sent over the network to the experts. In such cases, the reports must be
prevented from unauthorized access. There comes the necessity of encryption of patient
information before it being transmitted over the network.
1.1 Motivation
ECG signal varies from person to person, this can be used for biometric identification. If ECG
is used to identify a person, the security of this ECG signal in any storage system is to be
much efficient. Usage of Advanced Encryption Standard Algorithm to secure the information
in the ECG signal is a good idea, since breaking the AES encryption is a very tedious process
because of the non-linearity nature of the AES algorithm [5]. In AES algorithm, the time
consumption to produce the subkeys required to convert plain text into the non-intelligible
cipher text is high. So an improved, faster version of old architecture is developed and the new
architecture is implemented in the FPGA, because hardware implementation provides higher
security than the software implementation [6]. Encryption and decryption of the ECG signal
with the newly designed architecture, does not have any compromise over the security of the
encryption and decryption process, since the non-linear nature of the algorithm is preserved
in the new architecture too. The motivation of the paper is to provide a highly efficient and
fast architecture for AES algorithm for the encryption and decryption of ECG signal.
This paper is organized as follows. In Sect. 2 we discusses the basic steps in AES encryp-
tion/decryption algorithm. Section 3 states the relevant works of different authors related
to this research are reported in the literature. Sect. 4 contains the detail about the proposed
methodology for increasing the speed of the execution of AES algorithm. The implementa-
tion results are discussed in the Sect. 5. The conclusion and the future work are stated in the
last section.
2 Relevant researches
For the past two decades researches on AES algorithm gained more important. Many
researchers have proposed many techniques to improve the speed of the execution of AES
algorithm. Much such architecture is also proved to be efficient in terms of execution speed
or propagation delay.
Chen et al. [7] developed a pair of Lorenz based synchronized circuits for the process for
selection of private key from the ECG signal and is numerically simulated and implemented
successfully.
Reddy et al. [8] presented two different architectures with Pipeline and Sub-Pipeline
techniques. In this paper, pipelined AES is implemented using LUT. Verilog HDL was used
to design the architecture. This design is simulated in Cadence ncsim and Xilinx virtex
123
FPGA implementation of an optimized key...
3 AES algorithm
AES serves as a most important cryptographic algorithm which satisfies the most important
security goals (Confidentiality, Integrity, Availability) for the secure communication over
an unsecure communication channel. Advanced Encryption Standard has different versions,
which are defined by the key lengths. The key lengths which are used for encryption and
decryption of data in AES is associated with the number of rounds used in the AES architecture
as mentioned in Table 1 [16–21]. Size of data block remains same for all the versions of AES,
128 bits. Each rounds of encryption and decryption uses a different subkey generated from
the single main key. Therefore number of keys generated during key expansion is always
one greater than the number of rounds. First main key is used for pre round transformation.
Remaining keys are used for the encryption process, one at each round.
Table 1 Different versions of AES version Rounds (Nr) Key sizes No of key (Nr+1)
AEs algorithm
AES—128 10 128 11
AES—192 12 192 13
AES—256 14 256 15
123
T. Manoj Kumar, P. Karthigaikumar
AES is a symmetric block cipher algorithm which encrypts the 128 bit plain text into 128 bit
cipher text using a secret key. The same algorithm can be used to get the original 128 bit plain
text back from the 128 bit encrypted cipher text with the exact same key used for encryption
[22]. It is very easy to understand the process and steps involved in AES encryption and
decryption. Except last round, all the other rounds have the following four operation. Mix
column operation is avoided in the last round [23–25].
For encryption and decryption process have the following steps
1. Sub bytes/Inv Sub bytes
2. Shift Rows/Inv Shift Rows
3. Mix columns/Inv Mix columns
4. Add round key
Sub bytes/ Inv Sub bytes
Byte substitution is a non-linear process in the AES algorithm. It is the only non-linear
process in this cryptographic algorithm. Actual confusion process of encryption takes place
by this byte substitution process. Each byte in the plain text is considered as a polynomial in
the GF(28 ) and is transformed in to another byte by matrix multiplication followed by affine
transformation.
Shift Rows/ Inv Shift Rows
Here rows in the state array are shifted cyclically. Second, third and fourth rows are shifted left
by one, two, three times respectively, whereas first row remains unchanged. For Decryption
operation, rows are shifted towards right.
Mix columns/ Inv Mix columns
Like shift row operation, In Mix column step, operation takes place at the column level.
Several techniques have been proposed for this operation. But the simpler operation is matrix
multiplication
For Mix column operation
⎡ ⎤ ⎡ ⎤ ⎡ ⎤
S1 02 03 01 01 S1
⎢ S2 ⎥ ⎢ 01 02 03 01 ⎥ ⎢ S2 ⎥
⎢ ⎥ =⎢ ⎥ ⎢ ⎥
⎣S 3⎦ ⎣ 01 01 02 03 ⎦ ⎣ S3 ⎦
S4 03 01 01 02 S4
For Inv Mix column operation
⎡ ⎤ ⎡ ⎤ ⎡ ⎤
S1 0e 0b 0d 09 S1
⎢ S2 ⎥ ⎢ 09 0e 0b 0d ⎥ ⎢ S2 ⎥
⎢ ⎥ = ⎢ ⎥ ⎢ ⎥
⎣S 3⎦ ⎣ 0d 09 0e 0b ⎦ ⎣ S3 ⎦
S4 0b 0d 09 0e S4
Add round key
It is the most important operation in the encryption process, since all the previous rounds
are invertible. The operation in add round key is the matrix addition of the plain text with
the key to get cipher text. Addition operation is performed as modulo 2 addition [26]. Add
round key operation proceeds with one column of the state matrix obtained as the output of
Mix column operation.
All the above operations are performed for different number of iterations based on the
key length used in the algorithm. Based on the number of rounds, subkeys are also derived
123
FPGA implementation of an optimized key...
from the main key. The subkeys generated from the main key is added with the output of
mix column operation at the add round key process [27]. Generation of subkeys from main
key is the key expansion process and it is also most important, since there should not be any
relevance between the subkeys. Key expansion process in the AES algorithm is a non-linear
process which follows a mathematical procedure to derive different keys from a single key.
Many researchers have developed different architecture for this key expansion process, which
shows the improvement in the security of the keys obtained. In this proposed architecture,
we have reduced the time consumption to generate subkeys from the main key.
In the Key expansion process, four words can be obtained from the initial main key,
Wo , W1 , W2 , W3 . Mathematical operations are being performed in the above four words
to derive the round keys, word by word [28]. Key expansion algorithm creates a total of
4(Nr + 1) words. From Fig. 1, it is clear that each word created purely depends on the word
at the left and the word at the top if it i = 4. If i = 4, then the current word also depends
on a temporary word, which is the result of subword and rotword on Wi−1 and XORing the
result with Rcon. Where Nr = number of rounds and i = word number in key.
Temporary word = Subword (Rotword(Wi−1 )) ⊕ Rcon
Rotword routine is same as that of Shift row routine but here it is applied to only one row
[29–31]. Similarly Subword is same as that of Sub byte routine. Value of Rcon differs for
each round and it is shown in Table 1.
4 Proposed architecture
In the existing architecture, each word in the current subkey depends on the previous subkey.
Therefore all the subkeys are generated in sequential manner, one after the other. Generation
of last subkey takes place after the completion of the generation of all previous subkeys.
This process consumes lots of time to generate all the subkeys from main key, since all the
subkeys cannot be determined simultaneously.For example each word on the second subkey
is fully dependent upon the words generated in the first subkey. So to generate second subkey,
generation of first key must be completed. Likewise last subkey can be generated only after
123
T. Manoj Kumar, P. Karthigaikumar
the ninth subkey’s generation got completed. This is the major drawback of the conventional
architecture of Key expansion process in AES algorithm. If the subkeys are available within
the short duration, then AES algorithm can be implemented with pipelined architecture which
will eventually reduce the area and time consumption of entire encryption and decryption
process of AES algorithm (Table 2).
To reduce this time consumption, we are proposing a new architecture . With the help of this
architecture, time consumption can be significantly reduced. Operation in the Key expansion
process takes places word by word. Each word in the subsequent subkey will always depend
on a word on the previous subkey. Interdependency between the subkeys is also necessary
to make the confusion and diffusion process in deep. Therefore interdependency between
subkeys should also be maintained to some extent, to make sure that it is less possible to
track the main key with the subkey generated.
The concept in the new proposed architecture is splitting the entire architecture into two
blocks and execute them in parallel. Temporary word generated at each step of generation
of new subkey is also dependent on the last word of previous subkey. Care must be taken
while splitting the entire architecture in two separate blocks. In the new architecture too, the
process of generation of temporary words remains same as that of existing arrchitecture. It
involves the byte substitution, Shift word operation and modulo 2 addition with the constant
value.
This constant value used for the addition which is same as that of constant used in existing
architecture. In this, interdependency to previous key is preserved in each block and there is
no interdependency between blocks.
In case of AES-128, we need 10 subkeys to be used in 10 iterations of encryption process.
Therefore for AES-128 architecture, the first 5 subkeys generation can be grouped into one
block and remaining 5 subkeys generation can be grouped into another block. First subkey
is generated from the main key. Second, third, fourth and fifth subkeys are generated from
the previous subkeys as in the conventional architecture. In the existing architecture sixth
subkey is also generated from the previous subkey (fifth subkey).
In the new architecture as shown in Fig. 2, we are once again using the main key to generate the
sixth key instead of fifth subkey. Because of this modification in the architecture, sixth subkey
will be generated at the same time when the first subkey gets generated. Seventh, eighth, ninth
and tenth subkeys are fully dependent on sixth, seventh, eighth and ninth subkey respectively.
Seventh, eighth, ninth and tenth subkeys are also available at the same time when second,
third fourth and fifth subkey gets generated. Both blocks can generate subkeys in parallel,
since both the blocks starts generating subkeys from the main original key.
Considering the security of this proposed architecture, all the operations in the existing
architecture is implemented in the new architecture too. Therefore there will not be much
compromise in implementing new architecture.
123
FPGA implementation of an optimized key...
The proposed new architecture for AES—128 is first simulated and verified whether all the
subkeys are generated without any error. After verification, the new architecture for key
123
T. Manoj Kumar, P. Karthigaikumar
123
FPGA implementation of an optimized key...
Exisng Proposed
the existing architecture. The reason for choosing FPGA to check our design is that FPGA
is a reconfigurable device and it yields better results as that of original devices where the
proposed architecture is to be implemented. Table 3 shows the time taken by existing and
proposed architecture to generate all ten subkeys. From Fig. 5 it is clear that the time taken
to generate all the ten subkeys by the new architecture is very less when compared to the
existing architecture. New architecture shows improvement of about 49.09% in speed. This
improvement in speed of generating all subkeys is due to the parallel architecture. Both the
blocks operate at the same time and generate subkeys in parallel. Interdependency of sixth
subkey is removed in the new architecture. The process which is used for generating first five
subkey is repeated for second set of five subkeys with different inputs. Since both the blocks
can be operated at same time, time taken to generate the entire subkeys is very much less
when compared with the time taken by conventional architecture.
Area occupied by both the architecture remains same. No of slices and LUTs needed for
the both the architecture remains same. Even the port required for the existing and proposed
architecture remains same. So there occurs no variation in area occupied by both the archi-
tecture. Also there is no variation in total power consumption between existing and new
architectures. Therefore with same area and same amount of power supply, with new archi-
tecture we can generate the required number of subkeys at faster rate. Similar results can be
achieved for AES—192 and AES—256 also.
Encryption and decryption of ECG signal
This new key expansion architecture is included in the AES architecture and this improved
version is used for both the encryption and decryption of Electro cardiogram Signal. This
comes as the part of image encryption and decryption process [32].
In this, each pixel value of single frame of ECG signal is considered as data (8 bits) to be
encrypted. With the help of MATLAB we can convert the pixel value into bytes [33]. Then
these byte values are considered as input for the AES algorithm. After encryption, cipher text
values are converted into image pixel value once again by using MATLAB. Then the process
is repeated for each and every pixel value of the image.
Figure 6 shows a frame of an ECG signal that has to be transmitted or stored without any
unauthorized access. Figure 7 is the encrypted frame of the ECG signal. It is obtained by
converting the output bytes of AES encryption algorithm to the pixel value of the image.
This encrypted signal can be transmitted or stored in a medium. Signal to be transmitted in
secure manner is obtained at the receiver side.
123
T. Manoj Kumar, P. Karthigaikumar
From the above result, it is clear that the proposed architecture has shown great improvement
in terms of the speed of generating subkeys. In the new architecture too, both diffusion and
confusion of words are preserved since there is no alteration in the involvement of sbox oper-
ations. Therefore there is no greater compromise in the security of the ECG signal encrypted
using the subkeys generated by this new proposed architecture. New proposed architecture
shows improvement of about 49.09% of the time consumed to generate the subkeys. While
considering area occupied by the proposed architecture, there is no much of alteration since
the number of transistors involved in implementing both the architecture remains unaltered.
Likewise power consumption also remains in both existing and proposed architecture. Fur-
ther time consumption can be reduced by implementing the pipelined architecture in the
word substitution process in generating temporary word. Security of the algorithm can be
improved by providing byte transition operation in the temporary word.
123
FPGA implementation of an optimized key...
References
1. National Institute of Standards and Technology (2001) Advanced Encryption Standard (AES). Federal
Information Processing Standards Publications—FIPS 197. http://csrc.nist.gov/publications/fips/fips197/
fips-197.pdf, November 2001
2. Daemen J, Rijmen V (2002) The design of Rijndael. Springer, Berlin
3. Stallings W (2011) Cryptography and network security, 5th edn. Pearson Education Inc and Dorling
Kindersley Publishing Inc, MIT
4. Karthigaikumar P, Rasheed S (2011) Simulation of image encryption using AES algorithm. In: IJCA
special issue on “computational science-new dimensions & perspectives” NCCSE, pp 166–172
5. Jarold KN, Karthigaikumar P, Sivamangai NM, Sandhya R, Asok, SB (2013) Hardware implementation
of DNA based cryptography. In: 2013 IEEE conference on information & communication technologies
(ICT), pp 696–700
6. Chodowiec P, Gaj K (2003) Very compact FPGA implementation of the AES Algorithm. In: Proceedings
of cryptographic hardware and embedded system workshop, pp 319–333
7. Chen C-K, Lin C-L, Lin S-L, Chiang C-T (2015) Data encryption and transmission based on personal
ECG signals. Int J Sensor Netw Data Commun 4(2):1–13
8. Reddy SK, Saktivel R, Paneeth P (2011) VLSI implementation of AES crypto processor for high through-
put. Int J Adv Eng Sci Technol 6(1):22–26
9. Mangard S (2002) A simple power-analysis (SPA) attack on implementations of the AES key expansion.
Inf Secur Cryptol 2587(1):343–358
10. Chen C-N, Yen S-M (2003) Differential fault analysis on AES key schedule and some countermeasures.
Inf Secu Priv 2727(1):118–129
11. Hammad I, El-Sankary K, El-Masry E (2012) High speed AES encryptor with efficient merging tech-
niques. IEEE Embed Syst Lett 2(3):67–71
12. Yoo SM, Kotturi D, Pan DW, Blizzard J (2005) An AES crypto chip using a high speed parallel pipelined
architecture. Microprocess Microsyst 29(1):317–326
13. Jyrwa B, Paily R (2009) An area-throughput efficient FPGA implementation of block cipher AES
algorithm. In: International conference on advances in computing, control and telecommunication tech-
nologies, 2009, pp 328–332
14. Good T, Benaissa M (2006) Very small FPGA application-specific instruction processor for AES. IEEE
Trans Circuits Syst I Regul Pap 53:1477–1486
15. Verbauwhede IM, Schaumont PR, Kuo H (2003) Deign and performance testing of a 2.29 Gb/s Rijndael
processor. IEEE J Solid State Circuit 38:569–572
16. Satoh A, Morioka S, Takano K, Munetoh S (2001) A compact Rijndael hardware architecture with S-Box
optimization. Springer, Berlin
17. Karthigaikumar P, Christy NA, Mangai NMS (2015) PSP CO2 : an efficient hardware architecture for
AES algorithm for high throughput. Wirel Personal Commun 85(1):305–323
18. Yuhua W, Yanjun L, Yukun Z (2007) FPGA-based implementation and study of AES-128 algorithm.
Microcomput Inf 6(1):5–10
19. Christy NA, Karthigaikumar P (2012) FPGA implementation of AES algorithm using composite field
arithmetic. In: IEEE International conference devices, circuits and systems, March 2012, pp 713–717
20. Mali M, Novak F, Biasizzo A (2005) Hardware implementation of AES algorithm. J Electr Eng 56(9–
10):265–269
21. Mangard S, Aigner M, Moninikus S (2003) A highly regular and scalable AES hardware architecture.
IEEE Trans Comput 52(4):483–491
22. Liberatori MC, Bonadero JC (2007) AES—28 Cipher. Minimum area, low cost FPGA implementation.
Latin Am Appl Res 37(1):71–77
23. Bulens P, Standaert F-X, Quisquater J-J, Pellegrin P, Rouvroy G (2008) Implementation of the AES-128
on Virtex-5 FPGAs. Supported by Walloon Region, Belgium/First Europe Program
24. Priya SSS, Karthigaikumar P, SivaMangai NM (2015) Generation of 128-Bit blended key for AES algo-
rithm. In: Proceedings of the 49th annual convention of the computer society of India—emerging ICT for
Bridging the Future, pp 431–439
25. Lagendijk RL, Erkin Z, Barni M (2013) Encrypted signal processing for privacy protection: conveying the
utility of homomorphic encryption and multiparty computation. IEEE Signal Process Mag 30(1):82–105
26. Rahimunnisa K, Karthigaikumar P, Christy N, Kumar S, Jayakumar J (2013) PSP: parallel sub-pipelined
architecture for high throughput AES on FPGA and ASIC. Eur J Comput Sci 3(4):173–186
27. Jun Y, Jun D, Na L, Yixiong G (2010) FPGA-based design and implementation of reduced AES algo-
rithm. In: International conference on challenges in environmental science and computer engineering,
pp 194–198
123
T. Manoj Kumar, P. Karthigaikumar
28. Priya SSS, KarthigaiKumar P, Sivamangai NM, Rejula V (2015) FPGA implementation of efficient AES
encryption. In: International conference on innovations in information, embedded and communication
systems, pp 1–4
29. Good M, Benaissa M (2005) AES on FPGA from the fastest to the smallest. In: Cryptographic hardware
and embedded systems-CHES 2005, International Workshop on Cryptographic Hardware and Embedded
Systems. Springer, Berlin, pp 427–440
30. Helion. www.heliontech.com
31. Chena C-K, Lina C-L, Chiangb C-T, Linc S-L (2012) Personalized information encryption using ECG
signals with chaotic functions. Inf Sci 193:125–140
32. Anumol TJ, Karthigaikumar P (2011) DWT based invisible image watermarking algorithm for color
images. In: IJCA Special Issue on “computational science-new dimensions & perspectives”, pp 76–79
33. Huang J, Lai, Xuejia. (2017) Transposition of AES key schedule. In: 12th China International Conference
on Information Security and Cryptology Beijing, China November 4–6, 2016, pp 84–102
123