Chapter - 1: Introduction To Vlsi

Design And Implementation Of Triple Data Encryption Standard (DES)
Algorithm Using Verilog
CHAPTER - 1
INTRODUCTION TO VLSI
Very-large-scale integration (VLSI) is the process of creating integrated circuits

by combining thousands of transistor-based circuits into a single chip. VLSI began in the
1970s when complex semiconductor and communication technologies were being
developed. The microprocessor is a VLSI device. The term is no longer as common as it
once was, as chips have increased in complexity into the hundreds of millions of
transistors.
Overview
The first semiconductor chips held one transistor each. Subsequent advances
added more and more transistors, and, as a consequence, more individual functions or
systems were integrated over time. The first integrated circuits held only a few devices,
perhaps as many as ten diodes, transistors, resistors and capacitors, making it possible to
fabricate one or more logic gates on a single device. Now known retrospectively as
"small-scale integration" (SSI), improvements in technique led to devices with hundreds
of logic gates, known as large-scale integration (LSI), i.e. systems with at least a
thousand logic gates. Current technology has moved far past this mark and today's
microprocessors have many millions of gates and hundreds of millions of individual
transistors.
At one time, there was an effort to name and calibrate various levels of large-scale
integration above VLSI. Terms like Ultra-large-scale Integration (ULSI) were used. But
the huge number of gates and transistors available on common devices has rendered such
fine distinctions moot. Terms suggesting greater than VLSI levels of integration are no
longer in widespread use. Even VLSI is now somewhat quaint, given the common
assumption that all microprocessors are VLSI or better.
MRIET 1 15W91A04B6
As of early 2008, billion-transistor processors are commercially available, an example of

which is Intel's Montecito Itanium chip. This is expected to become more commonplace
as semiconductor fabrication moves from the current generation of 65 nm processes to
the next 45 nm generations (while experiencing new challenges such as increased
variation across process corners). Another notable example is NVIDIA’s 280 series GPU.
What is VLSI?
VLSI stands for "Very Large Scale Integration". This is the field which involves
packing more and more logic devices into smaller and smaller areas.
i. Simply we say Integrated circuit is many transistors on one chip.
ii. Design/manufacturing of extremely small, complex circuitry using modified

semiconductor material.
iii. Integrated circuit (IC) may contain millions of transistors, each a few mm in size.
iv. Applications wide ranging: most electronic logic devices.
History of Scale Integration

1. late 40s Transistor invented at Bell Labs
2. late 50s First IC (JK-FF by Jack Kilby at TI)
3. early 60s Small Scale Integration (SSI)
10s of transistors on a chip
late 60s Medium Scale Integration (MSI)
100s of transistors on a chip
4. early 70s Large Scale Integration (LSI)
1000s of transistor on a chip
5. early 80s VLSI 10,000s of transistors on a
chip (later 100,000s & now 1,000,000s)
MRIET 2 15W91A04B6
6. Ultra LSI is sometimes used for 1,000,000

SSI - Small-Scale Integration (0-102)
MSI - Medium-Scale Integration (102-103)
LSI - Large-Scale Integration (103-105)
VLSI - Very Large-Scale Integration (105-107)
ULSI - Ultra Large-Scale Integration (>=107)
Advantages of ICs over discrete components
While we will concentrate on integrated circuits , the properties of integrated circuits-

what we can and cannot efficiently put in an integrated circuit-largely determine the
architecture of the entire system. Integrated circuits improve system characteristics in
several critical ways. ICs have three key advantages over digital circuits built from
discrete components
Size. Integrated circuits are much smaller-both transistors and wires are shrunk to
micrometer sizes, compared to the millimeter or centimeter scales of discrete
components. Small size leads to advantages in speed and power consumption, since
smaller components have smaller parasitic resistances, capacitances, and inductances.
Speed. Signals can be switched between logic 0 and logic 1 much quicker within a chip
than they can between chips. Communication within a chip can occur hundreds of times
faster than communication between chips on a printed circuit board. The high speed of
circuits on-chip is due to their small size-smaller components and wires have smaller
parasitic capacitances to slow down the signal.
Power consumption. Logic operations within a chip also take much less power. Once
again, lower power consumption is largely due to the small size of circuits on the chip-
smaller parasitic capacitances and resistances require less power to drive them.
MRIET 3 15W91A04B6
VLSI and systems
These advantages of integrated circuits translate into advantages at the system level:
1. Smaller physical size. Smallness is often an advantage in itself consider portable

televisions or handheld cellular telephones.
2. Lower power consumption. Replacing a handful of standard parts with a single chip
reduces total power consumption. Reducing power consumption has a ripple effect on the
rest of the system: a smaller, cheaper power supply can be used; since less power
consumption means less heat, a fan may no longer be necessary; a simpler cabinet with
less shielding for electromagnetic shielding may be feasible, too.
3. Reduced cost. Reducing the number of components, the power supply requirements,
cabinet costs, and so on, will inevitably reduce system cost. The ripple effect of
integration is such that the cost of a system built from custom ICs can be less, even
though the individual ICs cost more than the standard parts they replace.
MRIET 4 15W91A04B6
INTRODUCTION TO VERILOG HDL
What is HDL
A typical Hardware Description Language (HDL) supports a mixed-level

description in which gate and net list constructs are used with functional
descriptions. This mixed-level capability enables you to describe system
architectures at a high level of abstraction, then incrementally refine a design’s
detailed gate-level implementation.
HDL descriptions offer the following advantages:
We can verify design functionality early in the design process. A design written as an
HDL description can be simulated immediately. Design simulation at this high
level — at the gate-level before implementation — allows you to evaluate
architectural and design decisions.
An HDL description is more easily read and understood than a netlist or schematic
description. HDL descriptions provide technology-independent documentation of a
design and its functionality. Because the initial HDL design description is
technology independent, you can use it again to generate the design in a different
technology, without having to translate it from the original technology.
Large designs are easier to handle with HDL tools than schematic tools.
Verilog Overview :
Introduction
Verilog is a HARDWARE DESCRIPTION LANGUAGE (HDL). A hardware

description Language is a language used to describe a digital system, for example,
a microprocessor or a memory or a simple flip-flop. This just means that, by using a HDL
one can describe any hardware (digital ) at any level.
MRIET 5 15W91A04B6
Verilog provides both behavioral and structural language structures. These structures
allow expressing design objects at high and low levels of abstraction. Designing
hardware with a language such as Verilog allows using software concepts such as
parallel processing and object-oriented programming. Verilog has a syntax similar to C
and Pascal.
Design Styles
Verilog like any other hardware description language permits the designers to create a
design in either Bottom-up or Top-down methodology.
Bottom-Up Design
The traditional method of electronic design is bottom-up. Each design is performed

at the gate-level using the standard gates. With increasing complexity of new
designs this approach is nearly impossible to maintain. New systems consist of
ASIC or microprocessors with a complexity of thousands of transistors.
Top-Down Design
The desired design-style of all designers is the top-down design. A real top-down
design allows early testing, easy change of different technologies, a structured system
design and offers many other advantages. But it is very difficult to follow a pure top-
down design. Due to this fact most designs are mix of both the methods,
implementing some key elements of both design style.
Abstraction Levels of Verilog
Verilog supports a design at many different levels of abstraction. Three of them are
very important:
1. Behavioral level
2. Register-Transfer Level
MRIET 6 15W91A04B6
3. Gate Level
Behavioral level
This level describes a system by concurrent algorithms (Behavioral). Each algorithm

itself is sequential, that means it consists of a set of instructions that are executed one
after the other. Functions, Tasks and Always blocks are the main elements. There is no
regard to the structural realization of the design.
Register-Transfer Level
Designs using the Register-Transfer Level specify the characteristics of a circuit by

operations and the transfer of data between the registers. An explicit clock is used. RTL
design contains exact timing possibility; operations are scheduled to occur at certain
times. Modern definition of a RTL code is"Any code that is synthesizable is called RTL
code".
Gate Level
Within the logic level the characteristics of a system are described by logical links
and their timing properties. All signals are discrete signals. They can only have definite
logical values (`0', `1', `X', `Z`). The usable operations are predefined logic primitives
(AND, OR, NOT etc gates). Using gate level modeling might not be a good idea for
any level of logic design. Gate level code is generated by tools like synthesis tools and
this Netlist is used for gate level simulation and for backend.
VLSI design flow
Introduction
Design is the most significant human endeavor: It is the channel through which
creativity is realized. Design determines our every activity as well as the results of those
activities; thus it includes planning, problem solving, and producing. Design is also
MRIET 7 15W91A04B6
found in problem-solving tasks such as mathematical proofs and games. Finally,

design is found in pure planning activities such as making a law or throwing a
party.
A semiconductor process technology is a method by which working circuits can be

manufactured from designed specifications. There are many such technologies, each
of which creates a different environment or style of design.
MRIET 8 15W91A04B6
CHAPTER - 1
LITERATURE SURVEY
The original DES cipher's key size of 56 bits was generally sufficient when that
algorithm was designed, but the availability of increasing computational power
made brute-force attacks feasible. Triple DES provides a relatively simple method
of increasing the key size of DES to protect against such attacks, without the need
to design a completely new block cipher algorithm.
A naive approach to increase strength of a block encryption algorithm with short

key length (like DES) would be to use two keys (K1, K2) instead of one, and
encrypt each block twice: EK2(EK1(plaintext)). If the original key length is n bits,
one would hope this scheme provides security equivalent to using key 2n bits
long. Unfortunately, this approach is vulnerable to meet-in-the-middle attack:
given a known plaintext pair (x, y), such that y = EK2(EK1(x)), one can recover the
key pair (K1, K2) in ~2n steps, instead of ~22n steps one would expect from
algorithm with 2n bits of key.
Therefore, Triple DES uses a "key bundle" that comprises three DES keys, K1,
K2 and K3, each of 56 bits (excluding parity bits). The encryption algorithm is:
ciphertext = EK3(DK2(EK1(plaintext)))
I.e., DES encrypt with K1, DES decrypt with K2, then DES encrypt with K3.
Decryption is the reverse:
plaintext = DK1(EK2(DK3(cipher text)))
I.e., decrypt with K3, encrypt with K2, then decrypt with K1.
Each triple encryption encrypts one block of 64 bits of data.
MRIET 9 15W91A04B6
In each case the middle operation is the reverse of the first and last. This improves
the strength of the algorithm when using keying option 2, and provides backward
compatibility with DES with keying option 3.
Keying options
The standards define three keying options:
Keying option 1
All three keys are independent. Sometimes known as 3TDEA or triple-length
keys.
This is the strongest, with 3 × 56 = 168 independent key bits. It is still vulnerable
to meet-in-the-middle attack, but the attack requires 22 × 56 steps.
Keying option 2
K1 and K2 are independent, and K3 = K1. Sometimes known as 2TDEA or
double-length keys.
This provides a shorter key length of 112 bits and a reasonable compromise
between DES and Keying option 1, with the same caveat as above. This is an
improvement over "double DES" which only requires 256 steps to attack. NIST
has deprecated this option.
Keying option 3
All three keys are identical, i.e. K1 = K2 = K3.
This is backward compatible with DES, since two operations cancel out. ISO/IEC
18033-3 never allowed this option, and NIST no longer allows K1 = K2 or K2 =
K3.
Each DES key is 8 odd-parity bytes, with 56 bits of key and 8 bits of error-
detection. A key bundle requires 24 bytes for option 1, 16 for option 2, or 8 for
option 3.
MRIET 10 15W91A04B6
NIST (and the current TCG specifications version 2.0 of approved algorithms
for Trusted Platform Module) also disallows using any one of the 64 following
64-bit values in any keys (note that 32 of them are the binary complement of the
32 others; and that 32 of these keys are also the reverse permutation of bytes of
the 32 others), listed here in hexadecimal (in each byte, the least significant bit is
a odd-parity generated bit, it is discarded when forming the effective 56-bit keys):
MRIET 11 15W91A04B6
CHAPTER – 3
BLOCK DIAGRAM
MRIET 12 15W91A04B6
CHAPTER – 4
BLOCK DIAGRAM DESCRIPTION
ENCRYPTION:
The Encryption and decryption process consists of a number of different transformations
applied consecutively over the data block bits, in a fixed number of iterations, called
rounds. The number of rounds depends on the length of the key used for the encryption
process. For key length of 200 bits, the number of iteration required are10. (Nr = 10).
each of the first Nr- 1 rounds consists of 3 transformations: Shift Rows (), Mix Columns
() & Add Round Key ().
DECRYPTION:
The process of decryption of an Tdes ciphertext is similar to the encryption process in
the reverse order. This process is direct inverse of the Encryption process. All the
transformations applied in Encryption process are inversely applied to this process.
Hence the last round values of both the data and key are first round inputs for the
Decryption process and follows in decreasing order. Each round consists of the three
processes conducted in the reverse order –
The encryption-decryption process is as follows −
 Encrypt the plaintext blocks using single DES with key K1.
 Now decrypt the output of step 1 using single DES with key K2.
 Finally, encrypt the output of step 2 using single DES with key K3.
MRIET 13 15W91A04B6
 The output of step 3 is the ciphertext.
 Decryption of a ciphertext is a reverse process. User first decrypt using K3, then
encrypt with K2, and finally decrypt with K1.
Due to this design of Triple DES as an encrypt–decrypt–encrypt process, it is possible to

use a 3TDES (hardware) implementation for single DES by setting K1, K2, and K3 to be
the same value. This provides backwards compatibility with DES.
Second variant of Triple DES (2TDES) is identical to 3TDES except that K3is replaced
by K1. In other words, user encrypt plaintext blocks with key K1, then decrypt with key
K2, and finally encrypt with K1 again. Therefore, 2TDES has a key length of 112 bits.
Triple DES systems are significantly more secure than single DES, but these are clearly
a much slower process than encryption using single DES.
EXAMPLE: FOURTH YEAR ECE-B MRIET CAMPUS
F O U R T
H Y E A R
E C E B M
R I E T C
A M P U S
STEP:1
ENCRYPTION
ROW OPERATIONS:
MRIET 14 15W91A04B6
KEY1 (1,1,1,1,1)
T F O U R
H Y E A R
E C E B M
R I E T C
A M P U S
KEY2 (1,1,1,1,1)
T F O U R
R H Y E A
E C E B M
R I E T C
A M P U S
KEY3 (1,1,1,1,1)
T F O U R
R H Y E A
M E C E B
R I E T C
A M P U S
MRIET 15 15W91A04B6
KEY4 (1,1,1,1,1)
T F O U R
R H Y E A
M E C E B
C R I E T
A M P U S
KEY5 (1,1,1,1,1)
T F O U R
R H Y E A
M E C E B
C R I E T
S A M P U
STEP:2
COLUMN OPERATION
KEY6 (1,1,1,1,1)
S F O U R
T H Y E A
MRIET 16 15W91A04B6
R E C E B
M R I E T
C A M P U
KEY7 (1,1,1,1,1)
S A O U R
T F Y E A
R H C E B
M E I E T
C R M P U
KEY8 (1,1,1,1,1)
S A M U R
T F O E A
R H Y E B
M E C E T
C R I P U
KEY9 (1,1,1,1,1)
S A M P R
T F O U A
MRIET 17 15W91A04B6
R H Y E B
M E C E T
C R I E U
KEY10 (1,1,1,1,1)
S A M P U
T F O U R
R H Y E A
M E C E B
C R I E T
STEP:3
DECRYPTION
COLUMN OPERATION
KEY8 (1,1,1,1,1)
S A O P U
T F Y U R
R H C E A
M E I E B
C R M E T
STEP:4
MRIET 18 15W91A04B6
ENCRYPTION
ROW OPERATION
KEY1 (1,1,1,1,1)
U S A O P
T F Y U R
R H C E A
M E I E B
C R M E T
KEY2 (0,0,0,0,0)
U S A O P
T F Y U R
R H C E A
M E I E B
C R M E T
KEY3 (1,1,1,1,1)
U S A O P
T F Y U R
A R H C E
M E I E B
C R M E T
KEY4 (0,0,0,0,0)
MRIET 19 15W91A04B6
U S A O P
T F Y U R
A R H C E
M E I E B
C R M E T
KEY5 (1,1,1,1,1)
U S A O P
T F Y U R
A R H C E
M E I E B
T C R M E
STEP:5
COLUMN OPERATION
KEY6 (1,1,1,1,1)
T S A O P
U F Y U R
T R H C E
A E I E B
M C R M E
MRIET 20 15W91A04B6
KEY7 (1,1,1,1,1)
T C A O P
U S Y U R
T F H C E
A R I E B
M E R M E
KEY8 (1,1,1,1,1)
T C R O P
U S A U R
T F Y C E
A R H E B
M E I M E
KEY9 (0,0,0,0,0)
T C R O P
U S A U R
T F Y C E
A R H E B
M E I M E
KEY10 (1,1,1,1,1)
MRIET 21 15W91A04B6
T C R O E
U S A U P
T F Y C R
A R H E E
M E I M B
STEP:6
DECRYPTION
COLUMN OPERATION:
KEY6 (1,1,1,1,1)
U C R O E
T S A U P
A F Y C R
M R H E E
T E I M B
KEY7 (1,1,1,1,1)
U S R O E
T F A U P
A R Y C R
M E H E E
MRIET 22 15W91A04B6
T E I M B
KEY8 (1,1,1,1,1)
U S A O E
T F Y U P
A R H C R
M E I E E
T C R M B
KEY9 (0,0,0,0,0)
U S A O E
T F Y U P
A R H C R
M E I E E
T C R M B
KEY10 (1,1,1,1,1)
U S A O P
T F Y U R
A R H C E
M E I E B
T C R M E
MRIET 23 15W91A04B6
STEP:7
ROW OPERATION
KEY1 (1,1,1,1,1)
S A O P U
T F Y U R
A R H C E
M E I E B
T C R M E
KEY2 (0,0,0,0,0)
S A O P U
T F Y U R
A R H C E
M E I E B
T C R M E
KEY3 (1,1,1,1,1)
S A O P U
T F Y U R
R H C E A
M E I E B
MRIET 24 15W91A04B6
T C R M E
KEY4 (0,0,0,0,0)
S A O P U
T F Y U R
R H C E A
M E I E B
T C R M E
KEY5 (1,1,1,1,1)
S A O P U
T F Y U R
R H C E A
M E I E B
C R M E T
STEP:8
ENCRYPTION
K8 (1,1,1,1,1)
S A M P U
T F O U R
MRIET 25 15W91A04B6
R H Y E A
M E C E B
C R I E T
STEP:9
DECRYPTION
COLUMN OPERATION
KEY6 (1,1,1,1,1)
T A M P U
R F O U R
M H Y E A
C E C E B
S R I E T
KEY7 (1,1,1,1,1)
T F M P U
R H O U R
M E Y E A
C R C E B
S A I E T
KEY8 (1,1,1,1,1)
MRIET 26 15W91A04B6
T F O P U
R H Y U R
M E C E A
C R I E B
S A M E T
KEY9 (1,1,1,1,1)
T F O U U
R H Y E R
M E C E A
C R I E B
S A M P T
KEY10 (1,1,1,1,1)
T F O U R
R H Y E A
M E C E B
C R I E T
S A M P U
STEP:10
ROW OPERATION
MRIET 27 15W91A04B6
KEY1 (1,1,1,1,1)
F O U R T
R H Y E A
M E C E B
C R I E T
S A M P U
KEY2 (1,1,1,1,1)
F O U R T
H Y E A R
M E C E B
C R I E T
S A M P U
KEY3 (1,1,1,1,1)
F O U R T
H Y E A R
E C E B M
C R I E T
S A M P U
MRIET 28 15W91A04B6
KEY4 (1,1,1,1,1)
F O U R T
H Y E A R
E C E B M
R I E T C
S A M P U
KEY5 (1,1,1,1,1)
F O U R T
H Y E A R
E C E B M
R I E T C
A M P U S
MRIET 29 15W91A04B6
SECURITY
INTRODUCTION:
I. The OSI (open systems interconnection)security architecture provides systematic

frame work for defining security attacks, mechanisms, and services.
II. Security attacks are classified as either passive attacks, which include
unauthorized reading of message of file and traffic analysis, and active attacks,
such as modification of messages or files, and denial of service.
III. A security mechanism is any process (or a device incorporating such a process)
that is designed to detect, prevent, or recover from a security attack. Examples of
mechanisms are encryption algorithms, digital signatures, and authentication
protocols.
IV. Security services which include authentication, access control, data
confidentiality, data integrity, non repudiation, and availability.
The requirements of information security with in an organization have undergone two
major changes in the last several decades. Before the wide spread use of data
processing equipment, the security of information felt to be valuable to an organization
was provided primarily by physical and administrative means. An example of the
former is the use of rugged filing cabinets with a combination lock for storing
sensitive documents. An example of the latter is personnel screening procedures used
during the hiring process. With the introduction of the computer, the need for
automated tools for protecting files and other information stored on the computer
became evident.
This is especially the case for shared system, such as a time-sharing system, and the
need is even more acute for systems that can be accessed over a public telephone
network, data network, or the Internet. The generic name for the collection of tools
designed to protect data and to thwart hackers is computer security.
MRIET 30 15W91A04B6
The second major change that affected security is the introduction of distributed
systems and the use of networks and communications facilities for carrying data between
terminal user and computer and between computer and computer. Network security
measures are needed to protect data during their transmission. In fact, term network
security is some what misleading, because virtually all business, government, and
academic organizations interconnect their data processing equipment with a collection of
interconnected networks. Such a collection is often referred to as an internet, and the
term internet security is used.
There are no clear boundaries between these two forms of security. For example, one
of the most publicized types of attack on information systems is the computer virus. A
virus may be introduced in to a system physically when it arrives on a diskette or
optical disk and is subsequently loaded on to a computer. Viruses may also arrive over
an internet. In either case, once the virus is resident on a computer system, internal
computer security tools are needed to detect and recover from the virus. This book
focuses on internet security, which consists of measures to deter, prevent, detect, and
correct security violations that involve the transmission of information. That is a broad
statement that covers a host of possibilities. To give you a feel for the areas covered in
this book, consider the following examples of security violations:
User A transmits a file to user B. The file contains sensitive information (e.g., payroll
records) that is to be protected from disclosure. User C, who is not authorized to read the
file, is able to monitor the transmission and capture a copy of the file during its
transmission.
A network manager, D, transmits a message to a computer, E, under its

management. The message instructs computer E to update an authorization file to
include the identities of a number of new users who are to be given access to that
computer. User F intercepts the message, alters its contents to add or delete entries, and
MRIET 31 15W91A04B6
then forwards the message to E, which accepts the message as coming from manager D
and updates its authorization file accordingly.
Rather than intercept a message, user F constructs its own message with the desired
entries and transmits that message to E as if it had come from manager D.
Computer E accepts the message as coming from the manager D and updates its
authorization file accordingly. An employee is fired without warning. The personnel
manager sends a message to a server system to invalidate the employee's account.
When the invalidation is accomplished, the server is to post a notice to the employee's
file as confirmation of the action. The employee is able to intercept the message and
delay it long enough to make a final access to the server to retrieve sensitive
information. Message is then forwarded, the action taken, and confirmation posted. The
employee's action may go unnoticed for some considerable time.
A message is sent from a customer to a stockbroker with instructions for various

transactions. Subsequently, investments lose value and the customer denies sending the
message. Although this list by no means exhausts the possible types of security
violations, it illustrates the range of concerns of network security.
Internet work security is both fascinating and complex. Some of the reasons follow:
Security involving communications and networks is not as simple as it might first

appear to the novice. Requirements seem to be straight forward; indeed, most of the
major requirements for security services can be given self-explanatory one-word
labels: confidentiality, and authentication, non repudiation, integrity. But the mechanisms
used to meet those requirements can be quite complex, and understanding them
may involve rather subtle reasoning. In developing a particular security mechanism
or algorithm, one must always consider potential attacks on those security features. In
many cases, successful attacks are designed by looking at the problem in a completely
different way, therefore exploiting an unexpected weakness in the mechanism.
MRIET 32 15W91A04B6
Because of the procedures used to provide particular services are often

counterintuitive:
It is not obvious from the statement of a particular requirement that such elaborate
measures are needed. It is only when the various counter measures are considered that
the measures used make sense. Having designed various security mechanisms, it is
necessary to decide where to use them. This is true both in terms of physical placement
(e.g., at what points in a network are certain security mechanisms needed) and in a
logical sense [e.g., at what layer or layers of an architecture such as TCP/IP
(Transmission Control Protocol/Internet Protocol) should the mechanisms be placed].
Security mechanisms usually involve more than a particular algorithm or protocol.

They usually also require that participants be in possession of some secret
information (e.g., an encryption key), which raises questions about the creation,
distribution, and protection of that secret information. There is also a reliance on
communications protocols whose behavior may complicate the task of developing the
security mechanism. For example, if proper functioning of the security mechanism
requires setting time limits on the transit time of a message from sender to receiver,
then any protocol or network that introduces variable, unpredictable delays may render
such time limits meaningless.
4.3. The OSI Security Architecture:
To assess effectively the security needs of an organization and to evaluate and choose
various security products and policies, the manager responsible for security needs some
systematic way of defining the requirements for security and characterizing the
approaches to satisfying thoserequirements. This is difficult enough in a centralized
data processing environment with the use of local and wide area networks, the problems
are compounded.
MRIET 33 15W91A04B6
ITU-T Recommendation (X.800), security architecture for OSI, defines such a systematic
approach. The OSI security architecture is useful to managers as a way of organizing
the task of providing security. Furthermore, because this architecture was developed as
an international standard, computer and communications vendors have developed
security features for their products and services that relate to this structured definition of
services and mechanisms.
[1] The International Telecommunication Union (ITU) Telecommunication

Standardization Sector (ITU-T) is a United Nations sponsored agency that develops
standards, called the Recommendations, relating to telecommunications and to open
systems interconnection (OSI).
[2] The OSI security architecture was developed in the context of OSI protocol
architecture, which is described in Appendix H. However, for our purposes in this
chapter, an understanding of the OSI protocol architecture is not required.
The OSI security architecture focuses on security attacks, mechanisms, and services.
These can be defined briefly as follows:
Security attack: Any action that compromises the security of information owned by
an organization.
Security mechanism: A process (or a device incorporating such a process) that is

designed to detect, prevent, or recover from a security attack.
Security service: A processing or communication service that enhances the security of

the data processing systems and information transfers of an organization. The services
are intended to counter security attacks, and they make use of one or more security
mechanisms to provide service.
MRIET 34 15W91A04B6
Table 4.4. Threats and Attacks
Threat:
A potential for violation of security, which exists when there is a circumstance,

capability, action, or event that could breach security and cause harm. That is, a threat is a
possible danger that might exploit a vulnerability.
Attack:
An assault on system security that derives from an intelligent threat; that is, an
intelligent act that is a deliberate attempt (especially in the sense of a method or
technique) to evade security services and violate the security policy of a system.
4.5 SECURITY ATTACKS:
There is a flow of information from a source, such as a file or a region of main

memory, to a destination, such as another file or a user. This normal flow is shown in
figure 3.1 (a).
MRIET 35 15W91A04B6
FIGURE 4.5 SECURE ATTACKS
In figure 3.1(a) there is no attack while the data is sending to the destination, but the
remaining parts of the figure show the following four general categories of attack:
(b)Interruption: This is an attack on “availability”. Examples include destruction of a

piece of hardware, such as hard disk, the cutting of a communication line.
MRIET 36 15W91A04B6
(c)Interception: This is an attack on “confidentiality”. Unauthorized party could be a

person, or a computer. Examples include wiretapping to capture data in a network, and
the illegal copying of files or programs.
(d)Modification: This is an attack on “integrity”. Examples include changing values in a

data file, altering a program so that it performs differently, and modifying the content
of messages being transmitted in a network.
(e)Fabrication: This is an attack on “authenticity”. Examples will include insertion of

extra messages in a network or the addition of records to a file.
A useful categorization of these attacks is in terms of passive attacks and active

attacks are
shown below:
Figure 4.6 Passive Attacks
MRIET 37 15W91A04B6
Passive Attacks: Passive attacks are in the nature of leaves dropping on,or monitoring
of, transmissions. The goal of the opponent is to obtain information that is being
transmitted.
Two types of passive attacks are release of message contents and traffic analysis. The
release of message contents is easily understood (Figure 4.6.a). A telephone conversation,
an electronic mail message, and a transferred file may contain sensitive or confidential
information. We would like to prevent an opponent from learning the contents of these
transmissions.
A second type of passive attack, traffic analysis, is subtler (Figure 4.6.b). Suppose that
we had a way of masking the contents of messages or other information traffic so that
opponents, even if they captured the message, could not extract the information from the
message. The common technique for masking contents is encryption. If we had
encryption protection in place, an opponent might still be able to observe the pattern
of these messages. The opponent could determine the location and identity of
communicating hosts and could observe the frequency and length of messages being
exchanged. This information might be useful in guessing the nature of the
communication that was taking place.
Passive attacks are very difficult to detect because they do not involve any alteration
of the data. Typically, the message traffic is sent and received in an apparently normal
fashion and neither the sender nor receiver is aware that a third party has read the
messages or observed the traffic pattern. However, it is feasible to prevent the success
of these attacks, usually by means of encryption. Thus, the emphasis in dealing with
passive attacks is on prevention rather than detection.
MRIET 38 15W91A04B6
Active Attacks:
Active attacks involve some modification of the data stream or the creation of a false
stream and can be subdivided into four categories: masquerade, replay, modification of
messages, and denial of service. Active attacks present opposite characteristics of
passive attacks. Where as passive attacks are difficult to detect, measures are available
to prevent their success. On the other hand, it is quite difficult to prevent active attacks
absolutely, because of the wide variety of potential physical, software, and network
vulnerabilities. Instead, the goal is to detect active attacks and to recover from any
disruption or delays caused by them. If the detection has a deterrent effect, it may also
contribute to prevention.
A masquerade takes place when one entity pretends to be a different entity (Figure
4.7.a). A masquerade attack usually includes one of the other forms of active attack.
For example, authentication sequences can be captured and replayed after a valid
authentication sequence has taken place, thus enabling an authorized entity with the
few privileges to obtain extraprivileges by impersonating an entity that has those
privileges.
MRIET 39 15W91A04B6
Figure 4.7 Passive Attacks
MRIET 40 15W91A04B6
Replay involves the passive capture of a data unit and its subsequent
retransmission to produce an unauthorized effect (Figure 4.7.b). Modification of
messages simply means that some portion of a legitimate message is altered, or that
messages are delayed or reordered, to produce an unauthorized effect (Figure 4.7.c).
For example, a message meaning "Allow John Smith to read confidential file
accounts" is modified to mean "Allow Fred Brown to read confidential file accounts."
MRIET 41 15W91A04B6
The denial of service prevents or inhibits the normal use or management of

communications facilities (Figure 4.7.d). This attack may have a specific target; for
example, an entity may suppress all messages directed to a particular destination
(e.g., the security audit service). Another form of service denial is the disruption of
an entire network, either by disabling the network or by overloading it with messages so
as to degrade performance.
4.8 Security Services:
X.800 defines a security service as a service provided by a protocol layer of

communicating open systems, which ensures adequate security of the systems or of
data transfers. Perhaps a clearer definition is found in Internet Security Glossary[ RFC
2828], which provides following
definition: a processing or communication service that is provided by a system to

give a specific kind of protection to system resources; security services implement
security policies and are implemented by security mechanisms.
X.800 divides these services in to five categories and fourteen specific services. We
look at each category in turn.
[1] There is no universal agreement about many of the terms used in the security
literature. For example, the term integrity is sometimes used to refer to all aspects of
information security. The term authentication is sometimes used to refer both to
verification of identity and to the various functions listed under integrity in this chapter.
Our usage here agrees with both X.800 and RFC 2828.
MRIET 42 15W91A04B6
Authentication:
The authentication service is concerned with assuring that a communication is

authentic. In the case of a single message, such as a warning or alarm signal, function of
the authentication service is to assure the recipient that the message is from the source
that it claims to be from. In the case of an on going interaction, such as the connection
of a terminal to a host, two aspects are involved. First, at the time of connection
initiation, the service assures that the two entities are authentic, that is, that each is the
entity that it claims to be. Second, the service must assure that the connection is not
interfered with in such a way that a third party can masquerade as one of the two
legitimate parties for the purposes of unauthorized transmission or reception.
Two specific authentication services are defined in X.800:
Peer entity authentication: Provides for the corroboration of the identity of a peer entity
in an association. It is provided for use at the establishment of, or at times during the
data transfer phase of, a connection. It attempts to provide confidence that an entity is
not performing either a masquerade or an unauthorized replay of a previous connection.
Data origin authentication: Provides for the corroboration of the source of a data unit. It
does not provide protection against the duplication or modification of data units. This
type of service supports applications like electronic mail where there are no prior
interactions between the communicating entities.
Access Control:
In the context of network security, access control is the ability to limit and control the
access to host systems and applications via communications links. To achieve this, each
entity trying to gain access must first be identified, or authenticated, so that access
rights can be tailored to the individual.
MRIET 43 15W91A04B6
Data Confidentiality:
Connection Confidentiality: The protection of all user data on a connection.
Connectionless Confidentiality: Protection of all user data in a single data block

Selective-Field Confidentiality: The confidentiality of selected fields within the user data
on a connection or in a single data block.
Traffic Flow Confidentiality: The protection of the information that might be derived
from observation of traffic flows.
Confidentiality is the protection of transmitted data from passive attacks. With respect to
the content of a data transmission, several levels of protection can be identified. The
broadest service protects all user data transmitted between two users over a period of
time. For example, when a TCP connection is set up between two systems, this broad
protection prevents the release of any user data transmitted over the TCP connection.
Narrower forms of this service can also be defined, including the protection of a single
message or even specific fields within a message. These refinements are less useful
than the broad approach and may even be more complex and expensive to implement.
The other aspect of confidentiality is the protection of traffic flow from analysis. This
requires that an attacker not be able to observe the source and destination, frequency,
length, or other characteristics of traffic on a communications facility.
Data Integrity:
The assurance that data received are exactly as sent by an authorized entity (i.e., contain
no modification, insertion, deletion, or replay).
Connection Integrity with Recovery: Provides for integrity of all user data on a
connection and detects any modification, insertion, deletion, or replay of any data with
in an entire data sequence, with the recovery attempted.
MRIET 44 15W91A04B6
Connection Integrity without Recovery: Provides only detection with out recovery.
Selective-Field Connection Integrity: Provides for the integrity of selected fields with
in the user data of a data block transferred over a connection and takes the form of
determination of whether the selected fields have been modified, inserted, deleted, or
replayed.
Connectionless Integrity: Provides for the integrity of a single connectionless data

block and may take the form of detection of data modification. Additionally, a
limited form of replay detection may be provided.
Selective-Field Connectionless Integrity: Provides for the integrity of selected fields

within a single connectionless data block; takes the form of determination of whether the
selected fields have been modified.
As with confidentiality, integrity can apply to a stream of messages, a single message,

or selected fields within a message. Again, the most useful and straightforward
approach is total stream protection.
A connection-oriented integrity service, one that deals with a stream of messages,

assures that messages are received as sent, with no duplication, insertion, modification,
reordering, or the replays. The destruction of data is also covered under this service.
Thus, connection-oriented integrity service addresses both message stream
modification and denial of service. On other hand, a connectionless integrity service, one
that deals with individual messages without regard to any larger context, generally
provides protection against message modification only. We can make a distinction
between the service with and without recovery. Because integrity service relates to
active attacks, we are concerned with detection rather than prevention. If a violation of
integrity is detected, then the service may simply report this violation, and some
other portion of software or human intervention is required to recover from violation.
Alternatively, there are mechanisms available to recover from the loss of integrity of
MRIET 45 15W91A04B6
data, as we will review subsequently. The incorporation of automated recovery

mechanisms is, in general, the more attractive alternative.
Non repudiation: Provides protection against denial by one of the entities

involved in a communication of having participated in all or part of the
communication. Non repudiation, origin proof that the message was sent by the
specified party. Non repudiation, Destination
Proof that the message was received by the specified party. Non repudiation prevents
either sender or receiver from denying a transmitted message. Thus, when a message is
sent, receiver can prove that the alleged sender in fact sent the message. Similarly,
when a message is received, the sender can prove that the alleged receiver in fact
received the message.
4.8 Security Mechanisms:
The security mechanisms defined in X.800. As can be seen the mechanisms are divided
into those that are implemented in a specific protocol layer and those that are not
specific to any particular protocol layer or security service. These mechanisms will be
covered in appropriate places in the book and so we do not elaborate now, except
to comment on the definition of encipherment. X.800 distinguishes between
reversible encipherment mechanisms and the irreversible encipherment mechanisms.
A reversible encipherment mechanism is simply an encryption algorithm that allows
data to be encrypted and subsequently decrypted. Irreversible encipherment mechanisms
include hash algorithms and message authentication codes, which are used in digital
signature and message authentication applications.
MRIET 46 15W91A04B6
SPECIFIC SECURITY MECHANISMS
May be incorporated in to the appropriate protocol layer in order to provide some of

the OSI security services.
Encipherment: The use of mathematical algorithms to transform data in to a form that

is not readily intelligible. The transformation and subsequent recovery of the data
depend on an algorithm and zero or more encryption keys.
Digital Signature: Data appended to, or a cryptographic transformation of, a data

unit that allows a recipient of the data unit to prove the source and integrity of the data
unit and protect against forgery (e.g., by the recipient).
Access Control: A variety of mechanisms that enforce access rights to resources.
Data Integrity: A variety of mechanisms used to assure the integrity of a data unit or
stream of data units.
Authentication Exchange: A mechanism intended to ensure the identity of an entity by

means of information exchange.
Traffic Padding: The insertion of bits in to gaps in a data stream to frustrate traffic
analysis attempts.
Routing Control: Enables selection of particular physically secure routes for certain
data and allows routing changes, especially when a breach of security is suspected.
Notarization: The use of a trusted third party to assure certain properties of a data
exchange.
MRIET 47 15W91A04B6
PERVASIVE SECURITY MECHANISMS
Mechanisms that are not specific to any particular OSI security service or protocol
layer.
Trusted Functionality. That which is perceived to be correct with respect to some criteria
(e.g., as established by a security policy).
4.9 A Model for Network Security:
A model for much of what we will be discussing is captured, in very general

terms. A message is to be transferred from one party to another across some sort
of internet. The two parties, who are the principals in this transaction, must
cooperate for the exchange to take place. A logical information channel is
established by defining a route through the internet from source to destination and
by the cooperative use of communication protocols (e.g., TCP/IP) by the two principals.
MRIET 48 15W91A04B6
Figure 4.9. Model for Network Security
Security aspects come into play when it is necessary or desirable to protect the
information transmission from an opponent who may present a threat to confidentiality,
authenticity, and so on. All the techniques for providing security have two components:
[1] A security-related transformation on information to be sent. Examples include

encryption of the message, which scrambles the message so that it is unreadable by the
opponent, and the addition of a code based on the contents of the message, which
can be used to verify the identity of the sender. Some secret information shared by the
two principals and, it is hoped, unknown to the opponent. An example is an
encryption key used in conjunction with the transformation to scramble the message
before transmission and unscramble it on reception.
[2] Part Two discusses a form of encryption, known as public-key encryption, in

which only one of the two principals needs to have the secret information.
MRIET 49 15W91A04B6
A trusted third party may be needed to achieve secure transmission. For example, a third
party may be responsible for distributing the secret information to the two principals
while keeping it from any opponent. Or a third party may be needed to arbitrate
disputes between the two principals concerning the authenticity of a message
transmission.
4.10 SECURITY IMPLEMENTATION:
Security is applied by using keys length of 96-bits. In figure 2.4 at the input permutation
i.e. the 96-bit key is used. At the encryption input permutation (UUT1) the given
positions of bits are changed or shuffled by using 2-bit keys for once column shift and
row shift . After input permutation the shuffled bits are given as the inputs to
arithmetic coder (AC) (UUT2) where the bits are compressed in to 72-bits. The
compressed bits given as inputs to encryption output permutation (UUT3), once again
the position of bits are shuffled by using a 2-bit key for column shift and row shift.
After changing the positions of bits once again the message is sent to the receiver.
MRIET 50 15W91A04B6
CHAPTER – 5
INTRODUCTION TO XILINX
Migrating Projects from Previous ISE Software Releases

When you open a project file from a previous release, the ISE® software prompts you to
migrate your project. If you click Backup and Migrate or Migrate Only, the software
automatically converts your project file to the current release. If you click Cancel, the
software does not convert your project and, instead, opens Project Navigator with no
project loaded.
Note After you convert your project, you cannot open it in previous versions of the ISE
software, such as the ISE 11 software. However, you can optionally create a backup of
the original project as part of project migration, as described below.
To Migrate a Project
1. In the ISE 12 Project Navigator, select File > Open Project.

2. In the Open Project dialog box, select the .xise file to migrate.
Note You may need to change the extension in the Files of type field to display
.npl (ISE 5 and ISE 6 software) or .ise (ISE 7 through ISE 10 software) project
files.
3. In the dialog box that appears, select Backup and Migrate or Migrate
Only.
4. The ISE software automatically converts your project to an ISE 12
project.
Note If you chose to Backup and Migrate, a backup of the original project is
created at project_name_ise12migration.zip.
5. Implement the design using the new version of the software.
Note Implementation status is not maintained after migration.
MRIET 51 15W91A04B6
Properties
For information on properties that have changed in the ISE 12 software, see ISE 11 to
ISE 12 Properties Conversion.
IP Modules
If your design includes IP modules that were created using CORE Generator™ software
or Xilinx® Platform Studio (XPS) and you need to modify these modules, you may be
required to update the core. However, if the core netlist is present and you do not need
to modify the core, updates are not required and the existing netlist is used during
implementation.
Obsolete Source File Types
The ISE 12 software supports all of the source types that were supported in the ISE 11
software.
If you are working with projects from previous releases, state diagram source files (.dia),
ABEL source files (.abl), and test bench waveform source files (.tbw) are no longer
supported. For state diagram and ABEL source files, the software finds an associated
HDL file and adds it to the project, if possible. For test bench waveform files, the
software automatically converts the TBW file to an HDL test bench and adds it to the
project. To convert a TBW file after project migration, see Converting a TBW File to an
HDL Test Bench.
Migrating Projects from Previous ISE Software Releases

When you open a project file from a previous release, the ISE® software prompts you to
migrate your project. If you click Backup and Migrate or Migrate Only, the software
automatically converts your project file to the current release. If you click Cancel, the
software does not convert your project and, instead, opens Project Navigator with no
project loaded.
MRIET 52 15W91A04B6
Note After you convert your project, you cannot open it in previous versions of the ISE
software, such as the ISE 11 software. However, you can optionally create a backup of
the original project as part of project migration, as described below.
To Migrate a Project
1. In the ISE 12 Project Navigator, select File > Open Project.

2. In the Open Project dialog box, select the .xise file to migrate.
Note You may need to change the extension in the Files of type field to display
.npl (ISE 5 and ISE 6 software) or .ise (ISE 7 through ISE 10 software) project
files.
3. In the dialog box that appears, select Backup and Migrate or Migrate
Only.
4. The ISE software automatically converts your project to an ISE 12
project.
Note If you chose to Backup and Migrate, a backup of the original project is
created at project_name_ise12migration.zip.
5. Implement the design using the new version of the software.
Note Implementation status is not maintained after migration.
Properties
For information on properties that have changed in the ISE 12 software, see ISE 11 to
ISE 12 Properties Conversion.
IP Modules
If your design includes IP modules that were created using CORE Generator™ software
or Xilinx® Platform Studio (XPS) and you need to modify these modules, you may be
required to update the core. However, if the core netlist is present and you do not need
MRIET 53 15W91A04B6
to modify the core, updates are not required and the existing netlist is used during
implementation.
Obsolete Source File Types
The ISE 12 software supports all of the source types that were supported in the ISE 11
software.
If you are working with projects from previous releases, state diagram source files (.dia),
ABEL source files (.abl), and test bench waveform source files (.tbw) are no longer
supported. For state diagram and ABEL source files, the software finds an associated
HDL file and adds it to the project, if possible. For test bench waveform files, the
software automatically converts the TBW file to an HDL test bench and adds it to the
project. To convert a TBW file after project migration, see Converting a TBW File to an
HDL Test Bench.
Using ISE Example Projects

To help familiarize you with the ISE® software and with FPGA and CPLD designs, a set
of example designs is provided with Project Navigator. The examples show different
design techniques and source types, such as VHDL, Verilog, schematic, or EDIF, and
include different constraints and IP.
To Open an Example
1. Select File > Open Example.

2. In the Open Example dialog box, select the Sample Project Name.
Note To help you choose an example project, the Project Description field
describes each project. In addition, you can scroll to the right to see additional
fields, which provide details about the project.
3. In the Destination Directory field, enter a directory name or browse to the
directory.
4. Click OK.
MRIET 54 15W91A04B6
The example project is extracted to the directory you specified in the Destination
Directory field and is automatically opened in Project Navigator. You can then run
processes on the example project and save any changes.
Note If you modified an example project and want to overwrite it with the original
example project, select File > Open Example, select the Sample Project Name, and
specify the same Destination Directory you originally used. In the dialog box that
appears, select Overwrite the existing project and click OK.
Creating a Project
Project Navigator allows you to manage your FPGA and CPLD designs using an ISE®
project, which contains all the source files and settings specific to your design. First, you
must create a project and then, add source files, and set process properties. After you
create a project, you can run processes to implement, constrain, and analyze your design.
Project Navigator provides a wizard to help you create a project as follows.
Note If you prefer, you can create a project using the New Project dialog box instead of
the New Project Wizard. To use the New Project dialog box, deselect the Use New
Project wizard option in the ISE General page of the Preferences dialog box.
To Create a Project
1. Select File > New Project to launch the New Project Wizard.
2. In the Create New Project page, set the name, location, and project type,
and click Next.
3. For EDIF or NGC/NGO projects only: In the Import EDIF/NGC Project
page, select the input and constraint file for the project, and click Next.
4. In the Project Settings page, set the device and project properties, and
click Next.
MRIET 55 15W91A04B6
5. In the Project Summary page, review the information, and click Finish to
create the project.
Project Navigator creates the project file (project_name.xise) in the directory you
specified. After you add source files to the project, the files appear in the Hierarchy
pane of the Design panel. Project Navigator manages your project based on the design
properties (top-level module type, device type, synthesis tool, and language) you
selected when you created the project. It organizes all the parts of your design and
keeps track of the processes necessary to move the design from design entry through
implementation to programming the targeted Xilinx® device.
Note For information on changing design properties, see Changing Design Properties.
You can now perform any of the following:
1. Create new source files for your project.
2. Add existing source files to your project.
3. Run processes on your source files.
Modify process properties.
Creating a Copy of a Project

You can create a copy of a project to experiment with different source options and
implementations. Depending on your needs, the design source files for the copied project
and their location can vary as follows:
 Design source files are left in their existing location, and the copied
project points to these files.
 Design source files, including generated files, are copied and placed in a
specified directory.
MRIET 56 15W91A04B6
 Design source files, excluding generated files, are copied and placed in a
specified directory.
Copied projects are the same as other projects in both form and function. For example,
you can do the following with copied projects:
 Open the copied project using the File > Open Project menu command.
 View, modify, and implement the copied project.
 Use the Project Browser to view key summary data for the copied project
and then, open the copied project for further analysis and implementation, as
described in Using the Project Browser.
Note Alternatively, you can create an archive of your project, which puts all of the
project contents into a ZIP file. Archived projects must be unzipped before being
opened in Project Navigator. For information on archiving, see Creating a Project
Archive.
To Create a Copy of a Project
1. Select File > Copy Project.

2. In the Copy Project dialog box, enter the Name for the copy.
Note The name for the copy can be the same as the name for the project, as long
as you specify a different location.
3. Enter a directory Location to store the copied project.
4. Optionally, enter a Working directory.
By default, this is blank, and the working directory is the same as the project
directory. However, you can specify a working directory if you want to keep
your ISE® project file (.xise extension) separate from your working area.
5. Optionally, enter a Description for the copy.
The description can be useful in identifying key traits of the project for reference
later.
MRIET 57 15W91A04B6
6. In the Source options area, do the following:

a) Select one of the following options:
i. Keep sources in their current locations - to leave the
design source files in their existing location.
If you select this option, the copied project points to the files in
their existing location. If you edit the files in the copied project, the
changes also appear in the original project, because the source files
are shared between the two projects.
ii. Copy sources to the new location - to make a copy of all
the design source files and place them in the specified Location
directory.
If you select this option, the copied project points to the files in the
specified directory. If you edit the files in the copied project, the changes
do not appear in the original project, because the source files are not
shared between the two projects.
b) Optionally, select Copy files from Macro Search Path
directories to copy files from the directories you specify in the Macro
Search Path property in the Translate Properties dialog box. All files from
the specified directories are copied, not just the files used by the design.
Note If you added a netlist source file directly to the project as described
in Working with Netlist-Based IP, the file is automatically copied as part
of Copy Project because it is a project source file. Adding netlist source
files to the project is the preferred method for incorporating netlist
modules into your design, because the files are managed automatically by
Project Navigator.
c) Optionally, click Copy Additional Files to copy files that were not
included in the original project. In the Copy Additional Files dialog box,
use the Add Files and Remove Files buttons to update the list of
MRIET 58 15W91A04B6
additional files to copy. Additional files are copied to the copied project
location after all other files are copied.
7. To exclude generated files from the copy, such as implementation results
and reports, select Exclude generated files from the copy.
When you select this option, the copied project opens in a state in which
processes have not yet been run.
8. To automatically open the copy after creating it, select Open the copied
project.
Note By default, this option is disabled. If you leave this option disabled, the
original project remains open after the copy is made.
Click OK.
Creating a Project Archive

A project archive is a single, compressed ZIP file with a .zip extension. By default, it
contains all project files, source files, and generated files, including the following:
i.User-added sources and associated files

ii.Remote sources
iii.Verilog `include files

iv.Files in the macro search path
v.Generated files
vi.Non-project files
To Archive a Project
1. Select Project > Archive.

2. In the Project Archive dialog box, specify a file name and directory for
the ZIP file.
3. Optionally, select Exclude generated files from the archive to exclude
generated files and non-project files from the archive.
4. Click OK.
MRIET 59 15W91A04B6
A ZIP file is created in the specified directory. To open the archived project, you must
first unzip the ZIP file, and then, you can open the project.
Note Sources that reside outside of the project directory are copied into a remote_sources
subdirectory in the project archive. When the archive is unzipped and opened, you must
either specify the location of these files in the remote_sources subdirectory for the
unzipped project, or manually copy the sources into their original location.
Xilinx Spartan 3E
The Spartan-3E Starter Kit board highlights the unique features of the Spartan-3E FPGA
family and provides a convenient development board for embedded processing
applications. The board highlights these features:
MRIET 60 15W91A04B6
• Spartan-3E FPGA specific features

• Parallel NOR Flash configuration
• Multi-Boot FPGA configuration from Parallel NOR Flash PROM
• SPI serial Flash configuration
• Embedded development
• Micro Blaze™ 32-bit embedded RISC processor
• Pico Blaze™ 8-bit embedded controller
• DDR memory interfaces
If the board is connected properly, the iMPACT programming software automatically

recognizes the three devices in the JTAG programming file, as shown in Figure 5.1. If not
already prompted, click the first device in the chain, the Spartan-3E FPGA, to highlight
it. Right-click the FPGA and select Assign New Configuration File. Select the desired
FPGA configurations file and click OK. To start programming the FPGA, right-click the
FPGA and select Program.
The Impact software reports status during programming process. Direct
programming to the FPGA takes a few seconds to less than a minute, depending on the
speed of the PC’s USB port and the impact settings. If not already prompted, click the
MRIET 61 15W91A04B6
first device in the chain, the Spartan-3E FPGA, to highlight it. Right-click the FPGA and
select Assign New Configuration File.
Select the desired FPGA configurations file and click OK. To start programming
the FPGA, right-click the FPGA and select Program.
The Impact software reports status during programming process. Direct
programming to the FPGA takes a few seconds to less than a minute, depending on the
speed of the PC’s USB port and the iMPACT settings.
We need to assign the new generated UCF File. This new configuration file called the
UCF File contains all the information about the top level architecture and all the pin
assignments.
MRIET 62 15W91A04B6
MRIET 63 15W91A04B6
Introduction to FPGA
FPGA contains a two dimensional arrays of logic blocks and interconnections

between logic blocks. Both the logic blocks and interconnects are programmable. Logic
blocks are programmed to implement a desired function and the interconnects are
programmed using the switch boxes to connect the logic blocks.
To be more clear, if we want to implement a complex design (CPU for instance),

then the design is divided into small sub functions and each sub function is implemented
using one logic block. Now, to get our desired design (CPU), all the sub functions
implemented in logic blocks must be connected and this is done by programming the
Internal structure of an FPGA is depicted in the following figure. FPGAs, alternative to
the custom ICs, can be used to implement an entire System On one Chip (SOC). The
main advantage of FPGA is ability to reprogram. User can reprogram an FPGA to
implement a design and this is done after the FPGA is manufactured. This brings the
name “Field Programmable.”
MRIET 64 15W91A04B6
Figure 5.5 FPGA Block Diagram
Custom ICs are expensive and takes long time to design so they are useful when
produced in bulk amounts. But FPGAs are easy to implement with in a short time with
the help of Computer Aided Designing (CAD) tools (because there is no physical layout
process, no mask making, and no IC manufacturing). Some disadvantages of FPGAs are,
they are slow compared to custom ICs as they can’t handle vary complex designs and
also they draw more power.
MRIET 65 15W91A04B6
CHAPTER – 6
RESULT
MRIET 66 15W91A04B6
CHAPTER – 7
CONCLUSION AND FUTURE SCOPE
The internet usage and network system is growing rapidly. So there are some additional
requirements to secure the data transmitted over different networks using different
services. To afford the security to the network and data different encryption methods are
used. In this paper, a survey on the existing works on the Encryption techniques has been
done. To sum up, all the techniques are useful for real-time Encryption. Each technique is
unique in its own way, which might be suitable for different applications and has its own
pro’s and con’s. According to research done and literature survey it can be found that
3DES algorithm is most efficient in terms of speed, time, and throughput effect. The
Security provided by these algorithms can be enhanced further, if more than one
algorithm is applied to data.
Our future work will explore this concept and a combination of algorithms will
be applied either sequentially or parallel, to setup a more secure environment for data
storage and retrieval. It is a flexible solution for any cryptographic system and security
layers of wireless protocol. Measurement results and comparisons between the proposed
and previous hardware implementations are presented that shows quite encouraging
results. The presented simulation results showed that 3DES has a better performance
result with ECB and CBC than other common encryption algorithms used. In this paper
we present a performance evaluation of selected symmetric encryption algorithms. Our
future work will explore this concept and a combination of algorithms will be applied
either sequentially or parallel, to setup a more secure environment for data storage and
retrieval.
MRIET 67 15W91A04B6
REFERENCES
1. "Triple DES Encryption". IBM. Retrieved 2010-05-17.

2. ^ Alanazi, Hamdan. O.; Zaidan, B. B.; Zaidan, A. A.; Jalab, Hamid A.; Shabbir,
M.; Al-Nabhani, Y. (March 2010). "New Comparative Study Between DES, 3DES
and AES within Nine Factors". Journal of
Computing. 2 (3). arXiv:1003.4085. Bibcode:2010arXiv1003.4085A. ISSN 2151-
9617.
3. ^ "Cisco PIX 515E Security Appliance Getting Started Guide: Obtaining a DES
License or a 3DES-AES License" (PDF). Cisco. 2006. Retrieved 2017-09-05.
4. ^ "3DES Update: Most Banks Are Done, But..." ATM & Debit News. 2007-03-29.
Archived from the original on 2013-05-10. Retrieved 2017-09-05.
5. ^ RFC 2828 and RFC 4949
6. ^ Karn, P.; Metzger, P.; Simpson, W. (September 1995). The ESP Triple DES
Transform. doi:10.17487/RFC1851. RFC 1851.
7. ^ Jump up to:a b "ANSI X9.52-1998 Triple Data Encryption Algorithm Modes of
Operation". Retrieved 2017-09-05. Extends ANSI X3.92-1981 Data Encryption
Algorithm.
8. ^ "ANSI Standards Action" (PDF). Vol. 39 no. 46. ANSI. 2008-11-14.
Retrieved 2017-09-05.
9. ^ "FIPS PUB 46-3: Data Encryption Standard (DES)" (PDF). United States
Department of Commerce. Oct 25, 1999. Retrieved 2017-09-05.
10. ^ "Announcing Approval of the Withdrawal of Federal Information Processing
Standard (FIPS) 46–3..." (PDF). Federal Register. 70 (96). 2005-05-19.
Retrieved 2017-09-05.
MRIET 68 15W91A04B6
MRIET 69 15W91A04B6

Chapter - 1: Introduction To Vlsi

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Chapter - 1: Introduction To Vlsi

Transféré par

Droits d'auteur :

Formats disponibles

Design And Implementation Of Triple Data Encryption Standard (DES)

Algorithm Using Verilog

Very-large-scale integration (VLSI) is the process of creating integrated circuits

As of early 2008, billion-transistor processors are commercially available, an example of

ii. Design/manufacturing of extremely small, complex circuitry using modified

iv. Applications wide ranging: most electronic logic devices.

History of Scale Integration

6. Ultra LSI is sometimes used for 1,000,000

Advantages of ICs over discrete components

While we will concentrate on integrated circuits , the properties of integrated circuits-

VLSI and systems

1. Smaller physical size. Smallness is often an advantage in itself consider portable

INTRODUCTION TO VERILOG HDL

A typical Hardware Description Language (HDL) supports a mixed-level

HDL descriptions offer the following advantages:

Verilog is a HARDWARE DESCRIPTION LANGUAGE (HDL). A hardware

The traditional method of electronic design is bottom-up. Each design is performed

Abstraction Levels of Verilog

This level describes a system by concurrent algorithms (Behavioral). Each algorithm

Designs using the Register-Transfer Level specify the characteristics of a circuit by

VLSI design flow

found in problem-solving tasks such as mathematical proofs and games. Finally,

A semiconductor process technology is a method by which working circuits can be

A naive approach to increase strength of a block encryption algorithm with short

Decryption is the reverse:

plaintext = DK1(EK2(DK3(cipher text)))

Each triple encryption encrypts one block of 64 bits of data.

The standards define three keying options:

The encryption-decryption process is as follows −

 The output of step 3 is the ciphertext.

Due to this design of Triple DES as an encrypt–decrypt–encrypt process, it is possible to

EXAMPLE: FOURTH YEAR ECE-B MRIET CAMPUS

I. The OSI (open systems interconnection)security architecture provides systematic

A network manager, D, transmits a message to a computer, E, under its

A message is sent from a customer to a stockbroker with instructions for various

Security involving communications and networks is not as simple as it might first

Because of the procedures used to provide particular services are often

Security mechanisms usually involve more than a particular algorithm or protocol.

4.3. The OSI Security Architecture:

[1] The International Telecommunication Union (ITU) Telecommunication

Security mechanism: A process (or a device incorporating such a process) that is

Security service: A processing or communication service that enhances the security of

Table 4.4. Threats and Attacks

A potential for violation of security, which exists when there is a circumstance,

4.5 SECURITY ATTACKS:

There is a flow of information from a source, such as a file or a region of main

FIGURE 4.5 SECURE ATTACKS

(b)Interruption: This is an attack on “availability”. Examples include destruction of a

(c)Interception: This is an attack on “confidentiality”. Unauthorized party could be a

(d)Modification: This is an attack on “integrity”. Examples include changing values in a

(e)Fabrication: This is an attack on “authenticity”. Examples will include insertion of

A useful categorization of these attacks is in terms of passive attacks and active

Figure 4.6 Passive Attacks

Figure 4.7 Passive Attacks

The denial of service prevents or inhibits the normal use or management of

4.8 Security Services:

X.800 defines a security service as a service provided by a protocol layer of

definition: a processing or communication service that is provided by a system to

The authentication service is concerned with assuring that a communication is

Two specific authentication services are defined in X.800:

Connection Confidentiality: The protection of all user data on a connection.

Connectionless Confidentiality: Protection of all user data in a single data block

Connectionless Integrity: Provides for the integrity of a single connectionless data