Scientists lay groundwork that offers security to unclassified systems.
Researchers at the Department of Energy’s Sandia National Laboratories have developed a new encryption device that promises the security and bandwidth accommodation necessary to scramble various types of data at speeds unmatched by many other encryption technologies.
While designed primarily with speed in mind, the chip can be used for both advanced and less complex applications, developers suggest. The device can run on systems to support voice, video and data communications. “It’s basically a super fast encryption engine. It’s another tool in the toolbox for the engineering society for encryption products,” Lyndon Pierson states. He is a member of the technical staff at Sandia National Laboratories, Albuquerque, New Mexico. Pierson led the team of designers in building and testing the device.
Working on the project part time, developers crafted a detailed design of an integrated circuit chip that would offer high-speed encryption capabilities for a variety of applications. A seven-member team worked on the device called the data encryption standard application specific integrated circuit (DES ASIC). It was designed, fabricated and tested at Sandia’s microelectronics development laboratory. The chip is compliant with the National Institute of Standards and Technology’s (NIST’s) data encryption standard and is tailored for use in unclassified networks. Scientists worked on the project for nearly two years to create a device that would jump-start the development of products to meet Department of Energy needs and prove that encryption could be scaled to higher processing rates.
The device is suitable for business or individual use on high-end or personal computers. “It works equally well in either system,” Craig Wilcox, senior member of the Sandia National Laboratories technical staff, states. Many government agencies could incorporate the technology into their unclassified systems, he says, but adds that the technology could be used when dealing with highly sensitive information. “Methods we have used could be adapted for a classified system,” he points out.
Tests of the technology performed at Sandia reveal that the device is also capable of encrypting digital cellular telephone communications and high-definition television signals. Wilcox further suggests that the device could be applied for other everyday purposes such as strengthening signal security on automatic garage door openers. “There are a ton of potential opportunities for this device,” Wilcox claims.
DES ASIC consists of 16 sets of 16,000 transistors on an integrated circuit chip. The chip is roughly the size of a dime, and the 16 sets of transistors implement 16 rounds of the algorithm used in the device. Information is broken down into 64-bit units that are processed through the device by being filtered through the transistors. The technology then employs the NIST data encryption standard to scramble the data. Using the 56-bit key specified in the standard, the 64 bits of either plain or cyphered input text can be encrypted or decrypted with the chip.
The technology’s basic premise relies on pipelining. Commonly used for encryption, this method divides the algorithm into 16 equal blocks at the transistors. Data enters into the first block and is passed through each block until it reaches the 16th section, where it appears as output in the desired form—either scrambled or unscrambled. The signals progress through each block between clock cycles.
DES ASIC can manipulate information differently on each clock cycle. Various keys can be used on different clock cycles to encrypt or decrypt data that is being pumped through the device. The key is passed with the data and can be switched from encryption to decryption on every clock cycle. Plain text can also be sent without being encrypted or decrypted.
Pierson indicates that the concept of using pipelining as a hardware technique sets the device apart from other similar technologies. This method increases the encryptor’s speed because it is constantly running information through the system. Keeping the pipeline full and continuously allowing information to pass through increases the pace at which information can be processed.
So far, Sandia researchers have measured the device’s encryption rate at 6.7 billion bits per second. These results were obtained in tests to verify the technology’s speed capability. Developers predict that DES ASIC could operate at 9.28 billion bits per second; however, Wilcox explains that this figure is a theoretical number. The rate was achieved in computer simulations and cannot be attained in the laboratory because of the limited capabilities of its testing device. “Our tester doesn’t go any faster than that,” Pierson admits.
Because speed is a necessary feature for transmitting large amounts of secure data, especially when that data is transmitted via telephone wires, fiber optics or satellites, researchers offer that parallel operation of more than one chip increases the speed of encryption as well. Supercomputers could contain several chips, while a personal computer might only have one. Information is encrypted or decrypted at speeds relative to the speed capability of the machine to which the information is being sent or from which the information is being received.
While the device can offer high-speed encryption capabilities, it can be slowed to match the needs of a variety of users. When this is done, the level of power needed to operate the system is affected. The power usage drops dramatically when the device is used at lower speeds, Wilcox offers.
DES ASIC can also work with triple DES. To accomplish this, three integrated circuits can be cascaded together and data could flow through all three to achieve triple DES. Using triple DES would allow more secure cryptography.
With the upcoming advanced encryption standard about to be released, developers of DES ASIC say that the chip could be altered to work with the new algorithm, but Pierson says that no plans have been made at this point to alter the design. “Once that algorithm is selected, we could apply the type of design to that new algorithm,” Wilcox says.
Although the device could be redesigned to facilitate the use of the advanced encryption standard and the speed could be tested at higher rates, Pierson suggests that the laboratories’ work on the device will probably be discontinued. “We’ve accomplished our objectives,” Pierson notes about the project. To test the device further exceeds the laboratories’ research needs, Wilcox adds.
Sandia is working to promote the device among commercial industry and hopes that the private sector will be able to further develop the technology and apply it for practical consumer use. The device could be used to protect information that is being transmitted via the Internet, radio, television or cellular telephone, making it attractive to commercial buyers who seek to secure their information.
“We’re looking for technology transfer partners,” Pierson says. To date, more than five commercial businesses have expressed interest in furthering the use of the encryption device. The DES ASIC satisfies high-speed communication requirements and is among the first encryption devices fast enough to secure the standard 2.5- and 10-gigabits-per-second communication channels used in electronic commerce transactions. Developers of the technology hope research on this device, which was initiated in the public sector, will be further advanced to encourage private industry use.