Difference between revisions of "Projects:2015s1-13 A One-Time Pad Generator"

From Projects
Jump to: navigation, search
 
(5 intermediate revisions by the same user not shown)
Line 1: Line 1:
  
== Introduction and Background ==
+
== Introduction ==
  
  
 
The One Time Pad generator project aimed to create a true random hardware generator in conjunction with a software interface to produce a device capable of generating "one time pad" keys and true random bit streams. The project consisted of several critical elements which included the design and implementation of both hardware and software subsystems into a fully functional true random hardware generator (TRNG) which could output the random data via a software interface and the subsequent testing of data using statistical test suites. The One Time Pad technique itself is a relatively simple and old crytographic method[1] used to encrypt plain text messages using a "pad" or key which comprised of truly random bits or numbers. This key along with the encrypted message would be sent to another person at different times to achieve secure communications.  
 
The One Time Pad generator project aimed to create a true random hardware generator in conjunction with a software interface to produce a device capable of generating "one time pad" keys and true random bit streams. The project consisted of several critical elements which included the design and implementation of both hardware and software subsystems into a fully functional true random hardware generator (TRNG) which could output the random data via a software interface and the subsequent testing of data using statistical test suites. The One Time Pad technique itself is a relatively simple and old crytographic method[1] used to encrypt plain text messages using a "pad" or key which comprised of truly random bits or numbers. This key along with the encrypted message would be sent to another person at different times to achieve secure communications.  
  
== Aims ==
+
=== Aims ===
  
  
Line 17: Line 17:
  
  
== Significance ==
+
=== Significance ===
  
  
Line 51: Line 51:
  
 
'''Research'''
 
'''Research'''
 +
 
The USB to SPI interface limited our choices when it came to choosing an I/O chip to handle communications between the PC and the One Time pad Generator. Fortunately for us, it was a good thing as we do not handle an abundance of choices very well. We looked into the FTDI FT232H chip, a relatively new chip which supported the interface format we wanted and also seemed to have power and throughput properties that fell within our design calculations. To be sure we ordered the C232HM which is a FT232H development module in the form of a USB cable, the properties of it are on the FT232H wiki page.
 
The USB to SPI interface limited our choices when it came to choosing an I/O chip to handle communications between the PC and the One Time pad Generator. Fortunately for us, it was a good thing as we do not handle an abundance of choices very well. We looked into the FTDI FT232H chip, a relatively new chip which supported the interface format we wanted and also seemed to have power and throughput properties that fell within our design calculations. To be sure we ordered the C232HM which is a FT232H development module in the form of a USB cable, the properties of it are on the FT232H wiki page.
  
 
'''Design'''
 
'''Design'''
As we got the FT232H development cable module it was simply a case of connecting the C232HM's SPI interface directly to the ADC. In this configuration the ADC would be the slave while the master device is clearly the FT232H chip. Once we hooked it up we needed to find a way to see if the ADC was correctly reading the cable's data input. The first step however, was ensuring the cable was powered on and sending a steady SCLK and CS to make the ADC sample at the correct time.  
+
 
 +
As we got the FT232H development cable module it was simply a case of connecting the C232HM's SPI interface directly to the ADC. In this configuration the ADC would be the slave while the master device is clearly the FT232H chip. Once we hooked it up we needed to find a way to see if the ADC was correctly reading the cable's data input. The first step however, was ensuring the cable was powered on and sending a steady SCLK and CS to make the ADC sample at the correct time. The next step was ensuring that the SPI attributes were able to be set correctly in order to correctly receive the data from the ADC. After this step, the majority of the development was optimizing the amount of data we could retrieve per sample and how fast we could get it.
  
 
=== Graphical User Interface ===
 
=== Graphical User Interface ===
Line 60: Line 62:
 
The Graphical User Interface (GUI) is one of the major components which comprise the software system for the One Time Pad Generator. It's realization is to give user's a friendly and acessible interface when working with the One Time Pad Generator. This section will briefly cover the research, design and development of the GUI and try to discuss in details any problems that were encountered along the way.
 
The Graphical User Interface (GUI) is one of the major components which comprise the software system for the One Time Pad Generator. It's realization is to give user's a friendly and acessible interface when working with the One Time Pad Generator. This section will briefly cover the research, design and development of the GUI and try to discuss in details any problems that were encountered along the way.
  
'''Research
+
'''Research'''
'''The first stage of the GUI was to investigate the best software package for the design and implementation stage of development. Having gained experience with QT in  one of my previous subjects we were already familiar with what it offered and we decided to look for other options in case I was missing out. We first looked at Microsoft Visual Studio and it seemed to offer a flexible and powerful package for GUI creation. The only things we were concerned about were the learning curve of using Visual Studio and the fact that it did not C++ GUI libraries meaning that the program would not be cross platform. Given these potential problems we decided to look for maybe another solution. The next one we looked at was GTK+, an apparent rival to QT, it offered a lot of the same QT did but we chose QT based on what we already knew about the program and that we knew we could immediately start developing the GUI on QT.
+
 
 +
The first stage of the GUI was to investigate the best software package for the design and implementation stage of development. Having gained experience with QT in  one of my previous subjects we were already familiar with what it offered and we decided to look for other options in case we were missing out. We first looked at Microsoft Visual Studio and it seemed to offer a flexible and powerful package for GUI creation. The only things we were concerned about were the learning curve of using Visual Studio and the fact that it did not C++ GUI libraries meaning that the program would not be cross platform. Given these potential problems we decided to look for maybe another solution. The next one we looked at was GTK+, an apparent rival to QT, it offered a lot of the same QT did but we chose QT based on what we already knew about the program and that we knew we could immediately start developing the GUI on QT.
  
 
'''Equipment and Resources'''
 
'''Equipment and Resources'''
 +
 
For this particular part the software used was the QT Creator  5.0 Program. Fortunately QT now comes with the GNU LGPL licensing scheme meaning we can use it for free without having to pay royalties. The flip side is that the project is open source but as we are trying to make this project as open ended at possible it does not make it that different. Finally the last resource we needed was a decent computer so we could keep compiling the results of the GUI after each small revision.
 
For this particular part the software used was the QT Creator  5.0 Program. Fortunately QT now comes with the GNU LGPL licensing scheme meaning we can use it for free without having to pay royalties. The flip side is that the project is open source but as we are trying to make this project as open ended at possible it does not make it that different. Finally the last resource we needed was a decent computer so we could keep compiling the results of the GUI after each small revision.
  
Line 74: Line 78:
  
 
'''Development'''
 
'''Development'''
 +
 
The GUI started from the main window and from there we routinely added new function once we had tested them seperately using another C compiler. QT is a C++ based program, or rather it uses a C++ compiler as the default for compiling codes, this meant we needed to slightly change some code from C we had written previously. Another thing to note was that we needed to import the LibMPSSE library into the build path, this was done by ensuring we appended the LibMPPSE to the QT.pro file (the configuration file that QT uses to coordinate everything - Makefile) and also by specifying the name of Lib being used.
 
The GUI started from the main window and from there we routinely added new function once we had tested them seperately using another C compiler. QT is a C++ based program, or rather it uses a C++ compiler as the default for compiling codes, this meant we needed to slightly change some code from C we had written previously. Another thing to note was that we needed to import the LibMPSSE library into the build path, this was done by ensuring we appended the LibMPPSE to the QT.pro file (the configuration file that QT uses to coordinate everything - Makefile) and also by specifying the name of Lib being used.
=== Statistical Suites ===
 
  
 +
=== Statistical Test Suites ===
 +
 +
An important aspect for verification to evaluate the performance of the One Time Pad generator was the use of statistical test suites which tested the randomness of the bit streams. By using these we could see how well they performed when compared to other pseudo random generators which are generally used in place of true random generators due to their ease of access and relative randomness. The pseudo random number generators we chose to test alongside our true random generator was the C function srand() fed by time and PHP's rand() function which is seeded by any random value. The test suites used were the FIPS 140-2 Suite and the ENT Test Suite. Both offer a variety of different tests which compared many aspects of the randomness properties of the bit streams, such as arithmetic tests and correlation tests.
 +
 
== Results ==
 
== Results ==
  
=== Hardware Testing ===
+
All of the aims mentioned above were met and the fact that the design was able to be followed through with both respect to software and hardware subsystems was very fulfilling. Secondly for a non-tangible reason, the experience that comes from applying various technical skills on a single project is invaluable for understanding how projects develop over time. All the skills learnt as well are transferable skills that can be applied to different projects and activities which may be encountered in the future.
=== Software Testing ===
+
 
 +
As a recap:
 +
 
 +
- Applied a series of statistical tests to certify that the random number generator satisfies the Federal Information Processing Standards for Secure Communications
 +
(FIPS 140-2). The ENT test suite also revealed that the true random number generator performed better than the pseudo random generators as well.
 +
 
 +
- Constructed a software interface for the generator to interact directly with an external secure computer.
 +
 
 +
- Extended the hardware number generator beyond One Time Pad through the use of software and hardware interfacing.
 +
 
 +
- Designed the circuit such that it can fit into a form factor of a USB stick, by using an I/O chip to handle communications between a host PC and the hardware generator.
 +
 
  
 
== Future Work ==
 
== Future Work ==
 +
 +
There is plenty of future work to be had with the OTP generator because there are an incredible amount of applications that could use a cheap, portable and fast TRNG. The main areas of use would be driven by security and research themed ventures. In particular security is an entity which always needs to find better and more improved ways of keeping data and personal information safe. Many applications can be redesigned to use a hardware generator such as this OTP generator as their sole source of random numbers to ensure there is no correlation within the key data. Other software development ideas include the implementation of other encryption standards which can generate industry standard authentication such as PGP and AES encryption. More specifically to the generator is the possibility that it can become further optimized to deliver better throughput and also be developed to fulfill the other compliance levels for FIPS such as physical resistance to tampering and environment factors, making it a more self contained generator.
 +
 +
== Conclusions ==
 +
 +
The OTP generator was a very successful project in terms of laying the groundwork for future development from both software and hardware perspective. The prototypes developed in this project were able to meet all the specifications, outcomes and sufficient testing was done over the course of the project to warrant a reliable end product. The team worked together well to produce good harmony in the software and hardware interfacing and this will go a long way in assisting other projects which may need integration of hardware and software modules. All the software is open source and the hardware is open ended, with room for plenty more design and variations.
 +
 
== Team Members ==
 
== Team Members ==
  

Latest revision as of 15:50, 17 November 2015

Introduction

The One Time Pad generator project aimed to create a true random hardware generator in conjunction with a software interface to produce a device capable of generating "one time pad" keys and true random bit streams. The project consisted of several critical elements which included the design and implementation of both hardware and software subsystems into a fully functional true random hardware generator (TRNG) which could output the random data via a software interface and the subsequent testing of data using statistical test suites. The One Time Pad technique itself is a relatively simple and old crytographic method[1] used to encrypt plain text messages using a "pad" or key which comprised of truly random bits or numbers. This key along with the encrypted message would be sent to another person at different times to achieve secure communications.

Aims

1. Apply a series of statistical tests to certify that the random number generator satisfies the Federal Information Processing Standards for Secure Communications (FIPS 140-2).

2. Construct a software interface for the generator to interact directly with an external secure computer and extend the hardware number generator beyond One Time Pad through the use of software and hardware interfacing.

3. Capture data from a white noise source in order to produce random bit streams for use within the One Time Pad algorithm by using a hardware based sampling method.

4. Design the circuit such that it can fit into a form factor of a USB stick, by using an on-board processor instead of a developer board.


Significance

The One Time Pad generator allows for true random bit streams to be produced using a cheap and convenient form factor with very robust and relatively high throughput when compared to some of the commercial true random number generators available on the market currently. These random bit streams are able to feed a large variety of software based applications which use random numbers as their primary input. These applications are implemented across a wide range of different industries such as security, medical and academic research, testing suites and entertainment. Some examples of these applications include being used security and safety critical systems to feed encryption algorithms to academic research where truly random data is needed to test the response of a certain phenomena to record unpredictable output. Another aspect of the generator is how it sends the data in real time to the PC. By using analogue to digital conversion technique it is possible with some modifications to perform real time analysis of various analog signals by simply by connecting it the the generator. The uses of having a real time analysis hardware tool to observe different real time sources can be significant in many industries as well.

Hardware Components

Noise Source

The noise source needed to be a physically based phenomenon due to the fact that anything produced by software would be inherently deterministic and thus predictable causing correlations in the random bit streams. The phenomenon which was chosen to be the source of the noise is called avalanche noise, this type of noise was chosen as it was found to be the best source of white noise[2]. and was produced in this generator by putting two bipolar junction transistors (BJTs) in reverse biased p-n junction at a low voltage. This would result in an effect called quantum mechanical tunneling which would produce an "avalanche" (truly random) noise source. As this technique uses low power it does not require large electrical components to power the generator and at least 15V is needed to produce a suitable amount of noise.

Amplifier

The noise source itself only produces a voltage source of around 250-350 mV which is not large enough to be sampled by the ADC in the generator. Thus there needed to be amplification of the noise source to produced a suitable voltage range that would be properly captured by the ADC. This amplification was done by using another BJT to amplify the noise source. This was able to amplify the noise source output to around 4-5V which was adequate for the noise source. One important caveat of amplification is that it can potentially introduce bias into the signal it is amplifying causing correlations within the noise signal to be sampled. The effects of the introduced correlation in the generator was done through some compensation design of the amplifier circuit by using a bypass capacitor.

ADC

One of the main components that was critical to the throughput and performance of the generator was the ADC circuit which uses the SPI protocol. The actual ADC component in the generator is a ADCS7476 from Texas Instruments. The key properties of this ADC is that it has 12 bit sampling, able to sample at 1 Mega Samples per second and requires 2.7V to 5.2V to be powered which it also uses as a voltage reference for the analog input. These properties allowed for the noise source to be sampled at around 1000 times per second, providing very good throughput of the random data.

FTDI SPI to USB I/O

The FTDI chip was the F232H variant of a well known SPI to USB chip available at FTDI and is implemented in a module which also includes an EEPROM for data operations. It supports more than just SPI however, as it uses an MPSSE engine which can interface with other serial communication standards such as JTAG and I2C. The reason it was chosen was that it supported clock speeds of up to 20MHz which would be more than sufficient to drive the SPI clock requirements of the ADC. The data sampled from the ADC would be captured and then sent through the SPI communications into the EEPROM of the FTDI module and then pushed to the host PC via the USB communications. This data would be able to processed in real time, allowing for bit stream data to be stored directly into a file or passed directly into any software applications requiring random bit streams.

DC-DC converter

The last component of the generator is the DC-DC converter which steps up the voltage of the input voltage into the noise source circuit. As mentioned before the noise source requires at least 15V of power and as the USB standard only allows up to a maximum of 5V then a DC-DC converter was required. There was a custom designed converter used using a DC-DC chip in conjunction with the appropriate power circuit but they kept failing. Ultimately a DC-DC module was implemented instead which allowed us to step up the voltage of 5B from the USB input to around 16-17V which was enough to power the noise source.

Software Components

Software Interface for SPI sampling

A critical part of the generator was to ensure that the Host PC could interact with the generator in order to receive and process the random bits streams. This was done by using both the FTDI library and the relevant API functions along with the SPI protocol for communicating with the ADC. By using the API functions various attributes of the SPI communications could be set such as the number of bits to transfer per sample, the number of samples per second and the speed of the serial clock. This software was developed in Windows and the driver was supplied by FTDI which uses the generic Windows USB standard driver as a foundation.

Research

The USB to SPI interface limited our choices when it came to choosing an I/O chip to handle communications between the PC and the One Time pad Generator. Fortunately for us, it was a good thing as we do not handle an abundance of choices very well. We looked into the FTDI FT232H chip, a relatively new chip which supported the interface format we wanted and also seemed to have power and throughput properties that fell within our design calculations. To be sure we ordered the C232HM which is a FT232H development module in the form of a USB cable, the properties of it are on the FT232H wiki page.

Design

As we got the FT232H development cable module it was simply a case of connecting the C232HM's SPI interface directly to the ADC. In this configuration the ADC would be the slave while the master device is clearly the FT232H chip. Once we hooked it up we needed to find a way to see if the ADC was correctly reading the cable's data input. The first step however, was ensuring the cable was powered on and sending a steady SCLK and CS to make the ADC sample at the correct time. The next step was ensuring that the SPI attributes were able to be set correctly in order to correctly receive the data from the ADC. After this step, the majority of the development was optimizing the amount of data we could retrieve per sample and how fast we could get it.

Graphical User Interface

The Graphical User Interface (GUI) is one of the major components which comprise the software system for the One Time Pad Generator. It's realization is to give user's a friendly and acessible interface when working with the One Time Pad Generator. This section will briefly cover the research, design and development of the GUI and try to discuss in details any problems that were encountered along the way.

Research

The first stage of the GUI was to investigate the best software package for the design and implementation stage of development. Having gained experience with QT in one of my previous subjects we were already familiar with what it offered and we decided to look for other options in case we were missing out. We first looked at Microsoft Visual Studio and it seemed to offer a flexible and powerful package for GUI creation. The only things we were concerned about were the learning curve of using Visual Studio and the fact that it did not C++ GUI libraries meaning that the program would not be cross platform. Given these potential problems we decided to look for maybe another solution. The next one we looked at was GTK+, an apparent rival to QT, it offered a lot of the same QT did but we chose QT based on what we already knew about the program and that we knew we could immediately start developing the GUI on QT.

Equipment and Resources

For this particular part the software used was the QT Creator 5.0 Program. Fortunately QT now comes with the GNU LGPL licensing scheme meaning we can use it for free without having to pay royalties. The flip side is that the project is open source but as we are trying to make this project as open ended at possible it does not make it that different. Finally the last resource we needed was a decent computer so we could keep compiling the results of the GUI after each small revision.

QT Creator 5.0 C++ Libraries FTDI LibMPSSE library Windows 7 64 bit Operating System Design The GUI needed to be user friendly, so we aimed to try to keep the navigation of the program as simple as possible. Thus, we only made the GUI two windows deep, so that they could get to any function they wanted directly from the main window. We maintained a consistent naming convention and layout for each new window to ensure that people did not need remember where all the buttons for each window.

Development

The GUI started from the main window and from there we routinely added new function once we had tested them seperately using another C compiler. QT is a C++ based program, or rather it uses a C++ compiler as the default for compiling codes, this meant we needed to slightly change some code from C we had written previously. Another thing to note was that we needed to import the LibMPSSE library into the build path, this was done by ensuring we appended the LibMPPSE to the QT.pro file (the configuration file that QT uses to coordinate everything - Makefile) and also by specifying the name of Lib being used.

Statistical Test Suites

An important aspect for verification to evaluate the performance of the One Time Pad generator was the use of statistical test suites which tested the randomness of the bit streams. By using these we could see how well they performed when compared to other pseudo random generators which are generally used in place of true random generators due to their ease of access and relative randomness. The pseudo random number generators we chose to test alongside our true random generator was the C function srand() fed by time and PHP's rand() function which is seeded by any random value. The test suites used were the FIPS 140-2 Suite and the ENT Test Suite. Both offer a variety of different tests which compared many aspects of the randomness properties of the bit streams, such as arithmetic tests and correlation tests.

Results

All of the aims mentioned above were met and the fact that the design was able to be followed through with both respect to software and hardware subsystems was very fulfilling. Secondly for a non-tangible reason, the experience that comes from applying various technical skills on a single project is invaluable for understanding how projects develop over time. All the skills learnt as well are transferable skills that can be applied to different projects and activities which may be encountered in the future.

As a recap:

- Applied a series of statistical tests to certify that the random number generator satisfies the Federal Information Processing Standards for Secure Communications (FIPS 140-2). The ENT test suite also revealed that the true random number generator performed better than the pseudo random generators as well.

- Constructed a software interface for the generator to interact directly with an external secure computer.

- Extended the hardware number generator beyond One Time Pad through the use of software and hardware interfacing.

- Designed the circuit such that it can fit into a form factor of a USB stick, by using an I/O chip to handle communications between a host PC and the hardware generator.


Future Work

There is plenty of future work to be had with the OTP generator because there are an incredible amount of applications that could use a cheap, portable and fast TRNG. The main areas of use would be driven by security and research themed ventures. In particular security is an entity which always needs to find better and more improved ways of keeping data and personal information safe. Many applications can be redesigned to use a hardware generator such as this OTP generator as their sole source of random numbers to ensure there is no correlation within the key data. Other software development ideas include the implementation of other encryption standards which can generate industry standard authentication such as PGP and AES encryption. More specifically to the generator is the possibility that it can become further optimized to deliver better throughput and also be developed to fulfill the other compliance levels for FIPS such as physical resistance to tampering and environment factors, making it a more self contained generator.

Conclusions

The OTP generator was a very successful project in terms of laying the groundwork for future development from both software and hardware perspective. The prototypes developed in this project were able to meet all the specifications, outcomes and sufficient testing was done over the course of the project to warrant a reliable end product. The team worked together well to produce good harmony in the software and hardware interfacing and this will go a long way in assisting other projects which may need integration of hardware and software modules. All the software is open source and the hardware is open ended, with room for plenty more design and variations.

Team Members

Students:

Andrew Khuu

Yanni Karvouniaris

Supervisors:

Dr. Andrew Allison

Prof. Derek Abbott

Consultant:

Lachlan Gunn

References

[1] Shannon, Claude (1949). Communication Theory of Secrecy Systems, Bell System Technical Journal 28 (4): 656–715.

[2] R.Sarpeshkar, T Delbruck and C.A. Mead (1993). White noise in MOS transistors and resistors, IEEE Circuits Devices Mag. pp. 23-29.