• 한국통신학회논문지
• /
• 제34권8A호
• /
• pp.640-647
• /
• 2009

IEEE 802.11i에서는 기존의 802.11a,b,g가 가지고 있던 보안상 문제점을 보완하기 위해서 RSNA(Robust Security Network Association)를 새로이 규정하고 있다. RSNA에서는 기존의 데이터 암호화를 위한 WEP(Wired Equivalent Privacy)을 대신하여 좀 더 견고한 데이터 암호화를 위하여 TKIP(Temporal Key Integrity Protocol)와 CCMP(Counter with CBC-MAC Protocol)를 사용하고 있다. 본 논문에서는 WEP, TKIP, CCMP의 암.복호 엔진을 설계하여 IEEE 802.11i를 지원하는 MAC Layer를 설계, 구현 하였다. WEP은 기존의 IEEE 802.11 legacy MAC과의 호환성을 보장하기 위하여 구성되었고, TKIP와 CCMP는 IEEE 802.11i에서 규정한 데이터 보안을 보장한다. 본 논문의 CCMP 블록은 동작 주파수 134MHz에서 최대 816.7Mbps의 데이터의 처리속도를 가짐으로써 802.11n의 성능을 보장 한다. 또한 2단 파이프 라인 구조를 가지는 AES 구조를 제안하여 CCMP에서의 동작 모드인 CBC 모드와 CTR 모드를 1개의 AES 코어에서 처리하도록 하여 적은 면적의 하드웨어를 가지도록 하였다.

• 한국통신학회논문지
• /
• 제31권6A호
• /
• pp.640-647
• /
• 2006

본 논문에서는 IEEE 802.11i 무선 랜 보안을 위한 AES(Advanced Encryption Standard) 기반 CCMP (Counter mode with CBC-MAC Protocol) 코어의 설계에 대해서 기술한다. 설계된 CCMP 코어는 데이터의 기밀성을 위한 CTR(counter) 모드와 인증 및 데이터 무결성 검증을 위한 CBC 모드의 동작이 두개의 AES 암호 코어로 병렬처리 되도록 설계되어 전체 성능의 최적화를 이루었다. AES 암호 코어에서 하드웨어 복잡도에 가장 큰 영향을 미치는 S-box를 composite field 연산 방식을 적용하여 설계함으로써 기존의 LUT(Lookup Table) 기반의 구현방식에 비해 게이트 수가 약 27% 감소되도록 하였다. 설계된 CCMP 코어는 Excalibur SoC 장비를 이용하여 H/W-S/W 통합 검증을 수행하였으며, 0.35-um CMOS 표준 셀 공정으로 MPW 칩으로 제작하고, 제작된 칩의 테스트 결과 모든 기능이 정상 동작함을 확인하였다. 설계된 CCMP 프로세서는 약 17,000개의 게이트로 구현되었으며, 116-MHz@3.3-V의 클록으로 안전하게 동작하여 353-Mbps의 성능이 예상되어 IEEE 802.11a와 802.11g 표준의 MAC 성능인 54-Mbps를 만족한다.

• IEIE Transactions on Smart Processing and Computing
• /
• 제6권2호
• /
• pp.133-139
• /
• 2017

Vehicles have increasingly evolved and become intelligent with convergence of information and communications technologies (ICT). Vehicle communications (VC) has become one of the major necessities for intelligent vehicles. However, VC suffers from serious security problems that hinder its commercialization. Hence, the IEEE 1609 Wireless Access Vehicular Environment (WAVE) protocol defines a security service for VC. This service includes Advanced Encryption Standard-Counter with CBC-MAC (AES-CCM) for data encryption in VC. A high-speed AES-CCM crypto module is necessary, because VC requires a fast communication rate between vehicles. In this study, we propose and implement an efficient AES-CCM hardware architecture for high-speed VC. First, we propose a 32-bit substitution table (S_Box) to reduce the AES module latency. Second, we employ key box register files to save key expansion results. Third, we save the input and processed data to internal register files for secure encryption and to secure data from external attacks. Finally, we design a parallel architecture for both cipher block chaining message authentication code (CBC-MAC) and the counter module in AES-CCM to improve performance. For implementation of the field programmable gate array (FPGA) hardware, we use a Xilinx Virtex-5 FPGA chip. The entire operation of the AES-CCM module is validated by timing simulations in Xilinx ISE at a speed of 166.2 MHz.

• 한국멀티미디어학회논문지
• /
• 제11권6호
• /
• pp.845-851
• /
• 2008

The ID/password method is the most classical method among authentication techniques on the internet, and is performed more easily and successfully than other methods. However, it is a vulnerable method against attacks such as eavesdropping or replay attack. To overcome this problem, OTP technique is used. The most popular OTP is HOTP algorithm, which is based on one-way hash function SHA-1. As recent researches show the weakness of the hash function, we need a new algorithm to replace HOTP. In this paper we propose a new OTP algorithm using the MAC(Message Authentication Code) based on AES. We also show that the new OTP outperforms HOTP experimentally.

• 한국정보통신학회논문지
• /
• 제12권11호
• /
• pp.2031-2038
• /
• 2008

무선 USB 시스템의 호스트-디바이스 간에 4-way handshake 상호 인증을 위한 PRF(Pseudo Random Function)-256, PRF-64 및 데이터 암/복호 기능을 수행하는 저면적 고속 인증/보안 프로세서 (WUSB_Sec) IP를 설계하였다. PRF-256과 PRF-64는 CCM(Counter mode with CBC-MAC) 연산을 기반으로 구현되며, CCM은 AES(Advanced Encryption Standard) 암호 코어 2개를 사용하여 CBC 모드와 CTR 모드가 병렬로 처리되도록 설계되었다. WUSB_Sec 프로세서의 핵심 블록인 AES 암호 코어는 합성체 GF$(((2^2)^2)^2)$ 연산 기반의 S-Box로 설계되었으며, SubByte 블록과 키 스케줄러가 S-Box를 공유하도록 설계하여 약 10%의 면적을 감소시켰다. 설계된 WUSB_Sec IP는 약 25,000 게이트로 구현되었으며, 120MHz에 서 동작하여 480Mbps의 성능을 갖는다.

• 전기학회논문지P
• /
• 제60권4호
• /
• pp.262-266
• /
• 2011

In high data-rate communication systems, encryption/decryption must be processed in high speed. In this paper, we implement CCM security mode which is the basis of security. Specifically, we combine CCM with AES block encryption algorithm in hardware. With the combination, we can carry out encryption/decryption as well as data transmission/reception simultaneously without reducing data-rate, and we keep low-power consumption with high speed by optimizing CCM block.

• JSTS:Journal of Semiconductor Technology and Science
• /
• 제16권3호
• /
• pp.293-299
• /
• 2016

Recently, as IoT (Internet of Things) becomes more important, low cost implementation of sensor nodes also becomes critical issues for two well-known standards, IEEE 802.15.4 and IEEE 802.15.6 which stands for WPAN (Wireless Personal Area Network) and WBAN (Wireless Body Area Network), respectively. This paper presents the area-optimized AES-CCM (Advanced Encryption Standard - Counter with CBC-MAC) hardware security engine which can support both IEEE 802.15.4 and IEEE 802.15.6 standards. First, for the low cost design, we propose the 8-bit AES encryption core with the S-box that consists of fully combinational logic based on composite field arithmetic. We also exploit the toggle method to reduce the complexity of design further by reusing the AES core for performing two operation mode of AES-CCM. The implementation results show that the total gate count of proposed AES-CCM security engine can be reduced by up to 42.5% compared to the conventional design.

• Journal of Ubiquitous Convergence Technology
• /
• 제2권1호
• /
• pp.12-17
• /
• 2008

In this paper, the 128bit AES block cipher algorithm OCB (Offset Code Book) mode for privacy and authenticity of high speed packet data was efficiently designed in C language level and was optimized to support the required capacity of contents server using high performance DSP. It is known that OCB mode is about two times faster than CBC-MAC mode. As an experimental result, the encryption / decryption speed of the implemented block cipher was 308Mbps, 311 Mbps respectively at 1GHz clock speed, which is 50% faster than a general design with 3.5% more memory usage.

• Journal of information and communication convergence engineering
• /
• 제10권3호
• /
• pp.248-252
• /
• 2012

The sensor network standard DASH7 was proposed to improve transmission quality and low power communication. Specifications for the standard are currently being developed, so the security specification has not been firmly implemented. However, without a security specification, a network cannot work due to threats from malicious users. Thus we must ensure confidentiality and authentication of data packets by using a cryptography method. To contribute to the DASH7 security specification, this paper shows the implementation results of network and data link layer security by using advanced encryption standard (AES) counter with CBC-MAC (CCM) over CC430 sensor nodes.

• ETRI Journal
• /
• 제29권6호
• /
• pp.755-768
• /
• 2007

A very promising application of active RFID systems is the electronic seal, an electronic device to guarantee the authenticity and integrity of freight containers. To provide freight containers with a high level of tamper resistance, the security of electronic seals must be ensured. In this paper, we present the design and implementation of an electronic seal protection system. First, we propose the eSeal Protection Protocol (ePP). Next, we implement and evaluate various cryptographic primitives as building blocks for our protocol. Our experimental results show that AES-CBC-MAC achieves the best performance among various schemes for message authentication and session key derivation. Finally, we implement a new electronic seal system equipped with ePP, and evaluate its performance using a real-world platform. Our evaluation shows that ePP guarantees a sufficient performance over an ARM9-based interrogator.