WO2001072075A1 - Chiffrement et dechiffrement - Google Patents

Chiffrement et dechiffrement Download PDF

Info

Publication number
WO2001072075A1
WO2001072075A1 PCT/EP2001/002646 EP0102646W WO0172075A1 WO 2001072075 A1 WO2001072075 A1 WO 2001072075A1 EP 0102646 W EP0102646 W EP 0102646W WO 0172075 A1 WO0172075 A1 WO 0172075A1
Authority
WO
WIPO (PCT)
Prior art keywords
crypto
data blocks
data
masks
processor
Prior art date
Application number
PCT/EP2001/002646
Other languages
English (en)
Inventor
Lars Silen
Original Assignee
Telefonaktiebolaget Lm Ericsson (Publ)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telefonaktiebolaget Lm Ericsson (Publ) filed Critical Telefonaktiebolaget Lm Ericsson (Publ)
Priority to AU2001250373A priority Critical patent/AU2001250373A1/en
Publication of WO2001072075A1 publication Critical patent/WO2001072075A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/04Masking or blinding
    • H04L2209/046Masking or blinding of operations, operands or results of the operations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Definitions

  • the present invention relates to the encrypting and decrypting of data and in particular, though not necessarily, to the encrypting and decrypting of data in a telecommunications system.
  • the encryption and subsequent decryption of data streams can place high demands on the responsible processors.
  • this is particularly so as the processors, both in the networks and in the user terminals, may be required to handle multiple parallel data streams. Whilst increases in processor power, involving inter alia the use of hardware assistance, help to mitigate the problem, this is generally being outstripped by the increase in data processing requirements.
  • Modern microprocessors generally use external memories that have an access time up to 30 times slower than the speed of the processor.
  • the relative slowness of the external memory is dealt with through the use of a fast intermediate memory called "cache".
  • cache memory As long as the code or data required by the processor is in the cache memory (having previously been transferred there from the external memory), accesses run essentially at the processor speed without the need for any slow wait states.
  • the processor When data or program code is not found in the cache, the processor has to break the flow of computations to update the cache from the external memory.
  • the cache update may require hundreds of clock cycles (corresponding to hundreds of lost machine instructions).
  • a context switch When many simultaneous data streams are handled, the responsible processor has to do a large number of context switches to switch between different data streams, operating system handling etc. In most cases a context switch also means a cache re-load and thus the loss of a large number of processor instruction cycles. In the case of encryption and decryption using a crypto mask, it is also necessary to generate a new crypto mask for each successive block of data in a data stream.
  • the inventor of the present invention has recognised that, as the generation of a crypto mask is independent of the actual data to be encrypted/decrypted, a number of crypto masks can be generated and buffered, upon or prior to receipt of a first block of a sequence of data blocks. Thus, for the sequence, only a single initialisation of the crypto engine is required vis- ⁇ -vis mask generation.
  • a method of encrypting/decrypting a sequence of data blocks by performing an XOR operation between the data blocks and respective crypto masks comprising, prior to or upon receipt of a first of said data blocks: initialising a crypto engine; using the initialised crypto engine to generate a sequence of crypto masks corresponding to respective data blocks; storing the crypto masks in a buffer; and subsequently following receipt of each data block, performing an XOR operation between the data block and the corresponding crypto mask to encrypt/decrypt the data block.
  • said step of initialising the crypto engine typically involves the loading of instructions relating to the crypto engine from an external memory into a memory cache of the responsible processor.
  • the present invention is applicable in particular to telecommunication systems and more particularly to mobile telecommunications systems such as the Universal Mobile Telecommunications System (UMTS).
  • UMTS Universal Mobile Telecommunications System
  • the invention may be employed to encrypt/decrypt data sent over the air interface of a mobile telecommunications network, where encryption and decryption is performed both on the network side and on the subscriber side.
  • the invention is also applicable to other communication systems as well as to systems arranged to encrypt/decrypt data for the purpose of secure storage.
  • apparatus for encrypting/decrypting a sequence of data blocks by performing an XOR operation between the data blocks and respective crypto masks
  • the apparatus comprising: a processor: an external memory storing instructions for causing the processor to operate as a crypto engine; a cache arranged to receive said instructions from the external memory during initialisation of the crypto engine by the processor; and a buffer, the processor being arranged in use to initialise the crypto engine prior to or upon receipt of a first of said data blocks, to generate a sequence of crypto masks corresponding to respective data blocks, and to store the masks in said buffer, whereupon, following receipt of each data block, the processor can perform an XOR operation between the data block and the corresponding crypto mask to encrypt/decrypt the data block.
  • a mobile telecommunications terminal comprising the apparatus of the above second aspect of the present invention.
  • a node of a telecommunications network comprising the apparatus of the above second aspect of the present invention.
  • FIG 1 illustrates schematically an encryption/decryption system embodying the present invention and which is implemented in software
  • FIG. 2 illustrates schematically a crypto engine embodying the present invention and which is implemented in hardware
  • FIG 3 illustrates an encryption/decryption system comprising the hardware crypto engine of Figure 2;
  • Figure 4 is a flow diagram illustrating the operation of the systems of Figures 1 and 3
  • Figure 5 is a flow diagram illustrating the freeing of buffer space in the systems of Figures 1 and 3;
  • Figure 6 is a flow diagram illustrating the handling of missing data blocks in a sequence ofblocks
  • Figure 7 illustrates schematically the operation of the systems of Figures 1 and 3 where data blocks are received in sequence
  • Figure 8 illustrates schematically the operation of the systems of Figures 1 and 3 where data blocks are received out of sequence.
  • a microprocessor 1 has an internal cache memory 2 and is connected to a data bus 3.
  • ROM memory 4 Also connected to the data bus 3 are a ROM memory 4 and a RAM buffer 5. Assuming that the system is operating in an encryption mode, a data stream comprising a sequence of data blocks is placed on the data bus 3 via an input port (not shown). The encrypted blocks are similarly placed on the bus 3 and are passed to an output port (not shown).
  • encrypted blocks are placed on the data bus 3 via the input port and the decrypted blocks, also placed on the bus 3, are output via the output port.
  • the received data blocks may correspond to the payloads of IP datagrams.
  • the memory 4 is a relatively slow memory and stores instruction code and data for operating the microprocessor 1.
  • the memory 4 stores code for providing a crypto engine (see the 3GPP paper TS 25.301 N3.2.0 (1999-10)), the code being passed to the microprocessor 1 for temporary storage in the cache 2 during an initialisation phase of the engine.
  • the initialisation phase continues with the generation of crypto masks which are passed by the microprocessor 1 to the buffer 5 for temporary storage therein.
  • FIG 2 illustrates a hardware implementation of a crypto engine which may be used in place of the software engine of the system of Figure 1.
  • the engine may be implemented using an Application Specific Integrated Circuit (ASIC) or a Field Programmable Gate Array (FPGA) and comprises a number of registers (start block, end block, ... , crypto key) which are required in order to generate a crypto mask.
  • ASIC Application Specific Integrated Circuit
  • FPGA Field Programmable Gate Array
  • the registers are set by the processor during initialisation of the crypto engine.
  • the register information is then used by the engine to generate the required sequence of crypto masks which are stored directly into the buffer without intervention from the microprocessor.
  • Figure 3 illustrates the interworking between the hardware crypto engine of Figure 2 and a processor in an encryption/decryption system, where it is assumed that the incoming data stream is received over an ATM transport network.
  • Figure 4 is a flow diagram illustrating the method of operation of the systems of Figures 1 and 3.
  • the processor obtains the appropriate cryptographic key, the count (which represents an index to the crypto mask buffer), the identity of the stream (or bearer), the direction (i.e. encrypt or decrypt), and determines the number of blocks N for which crypto masks are to be created and the length of these blocks.
  • These parameters represent the inputs to the crypto engine required in order to generate the first crypto mask.
  • Generated crypto masks are fed back to provide an input to the crypto engine to generate subsequent masks. As crypto masks are independent of the data to be encrypted decrypted, a number of crypto masks can be pre-calculated.
  • the processor creates a temporary small buffer for storing the incoming data blocks, and a second crypto buffer for storing the generated crypto masks as well as the encrypted/decrypted blocks.
  • the processor sets up an array containing pointers to the start of each successive mask in the crypto buffer, and flags to indicate if respective blocks have been encrypted/decrypted.
  • the first block is then handled by XORing it with the first block mask stored in the buffer.
  • the resulting block is written into the crypto buffer on top of the corresponding mask and the corresponding flag set to indicate that the first block has been processed.
  • the processor determines whether or not a mask exists in the crypto buffer for that block.
  • FIG. 5 is a flow diagram illustrating the process which is carried out following the handling of the final (Nth) block in a sequence in order to forward the encrypted/decrypted sequence and free the crypto buffer space.
  • a received block has a block number which is higher than the highest number for which a mask exists in the buffer, then if the block number falls within the next expected set of N blocks a new buffer is created for those next N blocks and the received block stored in that buffer. The crypto engine is reinitialised and the next set of N crypto masks generated. The received block is then XORed with the appropriate mask. In the event that the block number of a received block is higher than the next buffer space (due for example to data blocks being sent via different paths or to a network error), an error state is generated and, for example, the block discarded.
  • a Timeout counter is used to ensure that the system does not wait indefinitely for a missing block and to flush and free the data buffer in case of errors.
  • the Timeout counter is reset to zero when a block is correctly received, and subsequently counts up with every operating system "tick". If the counter reaches some predefined (large) value, this indicates that an error has occurred and that the buffer should be flushed (all processed blocks are forwarded and the buffer marked as free).
  • Figure 7 illustrates schematically the process of encrypting/decrypting a sequence of data blocks forming a data stream, where crypto masks are pre-calculated for a set of N blocks.
  • Figure 7 assumes that the blocks are received in the correct sequence.
  • Figure 8 illustrates an alternative scenario, where a series of data blocks are received in the incorrect order. It will be noted that the use of the block pointer array flag ⁇ Blk#l, Blk#2, Blk#3, ... ⁇ allows blocks to be marked as handled or not handled. There is thus no need for the blocks to be received (and handled) in order.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Facsimile Transmission Control (AREA)

Abstract

L'invention concerne un procédé qui permet de chiffrer/déchiffrer une séquence de blocs de données en effectuant une opération OU exclusif entre les blocs de données et des masques cryptographiques. Le procédé consiste, avant ou après réception d'un premier bloc de données, à démarrer un moteur de chiffrement (1,2); à utiliser le moteur de chiffrement (1,2) pour générer une séquence de masques cryptographiques correspondant à des blocs de données respectifs; à stocker les masques cryptographiques dans une mémoire tampon (5); et à recevoir ensuite chaque bloc de données pour effectuer une opération OU exclusif entre le bloc de données et le masque cryptographique correspondant afin de chiffrer/déchiffrer le bloc de données.
PCT/EP2001/002646 2000-03-21 2001-03-09 Chiffrement et dechiffrement WO2001072075A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2001250373A AU2001250373A1 (en) 2000-03-21 2001-03-09 Encrypting and decrypting

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB0006668A GB0006668D0 (en) 2000-03-21 2000-03-21 Encrypting and decrypting
GB0006668.8 2000-03-21

Publications (1)

Publication Number Publication Date
WO2001072075A1 true WO2001072075A1 (fr) 2001-09-27

Family

ID=9887983

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2001/002646 WO2001072075A1 (fr) 2000-03-21 2001-03-09 Chiffrement et dechiffrement

Country Status (3)

Country Link
AU (1) AU2001250373A1 (fr)
GB (1) GB0006668D0 (fr)
WO (1) WO2001072075A1 (fr)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2836735A1 (fr) * 2002-03-01 2003-09-05 Canal Plus Technologies Circuit integre et procede de gestion de la memoire programme d'un tel circuit integre
EP1646976A2 (fr) * 2003-06-04 2006-04-19 Mastercard International, Inc. Authentification de la clientele dans des transactions commerciales electroniques
EP1865471A2 (fr) * 2002-02-28 2007-12-12 Mastercard Europe SPRL Agencement d'authentification et procédé pour son utilisation avec des transactions financières
WO2011121298A2 (fr) 2010-03-31 2011-10-06 British Telecommunications Public Limited Company Dispositif d'enregistrement de données sécurisées
US8909557B2 (en) 2002-02-28 2014-12-09 Mastercard International Incorporated Authentication arrangement and method for use with financial transaction

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0366288A2 (fr) * 1988-10-28 1990-05-02 International Business Machines Corporation Chiffrage utilisant une mémoire tampon
US5444781A (en) * 1993-08-23 1995-08-22 Apple Computer Inc. Method and apparatus for decryption using cache storage

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0366288A2 (fr) * 1988-10-28 1990-05-02 International Business Machines Corporation Chiffrage utilisant une mémoire tampon
US5444781A (en) * 1993-08-23 1995-08-22 Apple Computer Inc. Method and apparatus for decryption using cache storage

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8909557B2 (en) 2002-02-28 2014-12-09 Mastercard International Incorporated Authentication arrangement and method for use with financial transaction
US10395462B2 (en) 2002-02-28 2019-08-27 Mastercard International Incorporated Authentication arrangement and method for use with financial transactions
EP1865471A2 (fr) * 2002-02-28 2007-12-12 Mastercard Europe SPRL Agencement d'authentification et procédé pour son utilisation avec des transactions financières
EP1850297A3 (fr) * 2002-02-28 2008-03-05 Mastercard Europe SPRL Agencement d'authentification et procédé pour son utilisation avec des transactions financières
EP1865471A3 (fr) * 2002-02-28 2008-03-05 Mastercard Europe SPRL Agencement d'authentification et procédé pour son utilisation avec des transactions financières
EP2309465A1 (fr) * 2002-02-28 2011-04-13 Mastercard Europe SPRL Agencement d'authentification et procédé pour son utilisation avec des transactions financières
FR2836735A1 (fr) * 2002-03-01 2003-09-05 Canal Plus Technologies Circuit integre et procede de gestion de la memoire programme d'un tel circuit integre
EP1646976A4 (fr) * 2003-06-04 2008-02-27 Mastercard International Inc Authentification de la clientele dans des transactions commerciales electroniques
US9514458B2 (en) 2003-06-04 2016-12-06 Mastercard International Incorporated Customer authentication in E-commerce transactions
EP1646976A2 (fr) * 2003-06-04 2006-04-19 Mastercard International, Inc. Authentification de la clientele dans des transactions commerciales electroniques
WO2011121298A3 (fr) * 2010-03-31 2013-01-17 British Telecommunications Public Limited Company Dispositif d'enregistrement de données sécurisées
US20130019111A1 (en) * 2010-03-31 2013-01-17 British Telecommunications Public Limited Company Secure data recorder
WO2011121298A2 (fr) 2010-03-31 2011-10-06 British Telecommunications Public Limited Company Dispositif d'enregistrement de données sécurisées
US9208333B2 (en) * 2010-03-31 2015-12-08 British Telecommunications Public Limited Company Secure data recorder

Also Published As

Publication number Publication date
GB0006668D0 (en) 2000-05-10
AU2001250373A1 (en) 2001-10-03

Similar Documents

Publication Publication Date Title
US7631116B2 (en) Method and system for packet encryption
US6434699B1 (en) Encryption processor with shared memory interconnect
US7362859B1 (en) Enhancement of utilization of encryption engine
EP1192781B1 (fr) Traitement distribue au niveau d'un microcircuit d'acceleration cryptographique
EP0876026B1 (fr) Procédé et dispositif de traitement pour le chiffrage programmable
US7953221B2 (en) Method for processing multiple operations
US20060039555A1 (en) Method and system for performing permutations using permutation instructions based on butterfly networks
US20140189367A1 (en) Digital-encryption hardware accelerator
WO2001076129A2 (fr) Moteur cryptographique echelonnable
WO1998029982A1 (fr) Systeme et procede de securite de donnees
EP2715544B1 (fr) Procédé et système pour chiffre micrologiciel reconfigurable haute performance incorporé
US10419207B2 (en) Cryptographic apparatuses and methods for encrypting and decrypting data using automata
JPH1074044A (ja) デジタルデータを符号化する方法および装置
Gilbert et al. Decorrelated Fast Cipher: an AES Candidate
WO2001072075A1 (fr) Chiffrement et dechiffrement
Pornin et al. Software-hardware trade-offs: Application to A5/1 cryptanalysis
US7603549B1 (en) Network security protocol processor and method thereof
US8560832B2 (en) Information processing apparatus
JP2004180234A (ja) 暗号パケット処理装置
CN115801321B (zh) 一种数据组合加密方法及装置
KR20040045517A (ko) Rijndael암호를 이용한 블록 데이터 실시간암호복호화 장치 및 방법
CN117997514A (zh) 网络设备中的灵活的密码架构
CN117914624A (zh) 一种数据加密方法、系统、电子设备及介质
GB2381913A (en) Multiplier circuit comprising a plurality of multiplier segments
GB1581645A (en) Electronic digital telecommunications apparatus

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP