TELKOM
NIKA Indonesia
n
Journal of
Electrical En
gineering
Vol.12, No.4, April 201
4, pp. 3001 ~ 3
0
0
9
DOI: http://dx.doi.org/10.11591/telkomni
ka.v12i4.4995
3001
Re
cei
v
ed Se
ptem
ber 18, 2013; Revi
se
d No
vem
ber
17, 2013; Accepted Decem
ber 1, 201
3
Resear
ch on Design Method Based on Hardware
Encryption and Two-way ID Authentication for Security
Mobile Hard Disk
Huan
chun Y
a
ng
Schoo
l of Busi
ness, W
enzho
u Univ
ersit
y
, W
enzh
ou, Ch
ina
email: yhc
h
yhc
h
@1
26.com
A
b
st
r
a
ct
T
he desi
gn Me
thod of the "S
ecurity Mob
ile
Hard
Disk Bas
ed on H
a
rdw
a
r
e
Encryptio
n
a
nd T
w
o-
w
a
y ID Authenticatio
n" ad
opts the smart card-
base
d
tech
n
o
lo
gy of tw
o
w
a
y ID authe
nticati
o
n, thus ena
bles
hig
her a
u
thenti
c
ation stren
g
th
t
han ord
i
nary
passw
ord a
u
th
enticati
on a
nd
USB-KEY on
e w
a
y certificatio
n;
ado
ptio
n of de
dicate
d hardw
a
r
e encrypti
on c
h
ip o
n
encrypti
ng the har
d dis
k
dat
a enh
anc
es the encrypti
o
n
spee
d; since t
h
is encry
ptio
n is a hardw
ar
e l
e
vel e
n
cryp
ti
on
, it is compl
e
te
ly transpar
ent to users, an
d d
o
not
re
ly on
th
e oper
ating
syste
m
or ot
her
ap
p
licatio
ns, w
i
th
al
most
no
i
m
p
a
ct on
syste
m
perfor
m
a
n
ce; t
h
a
t
the key
of the
encrypti
on sy
stem w
i
l
l
b
e
lo
ade
d b
e
fore th
e syste
m
i
n
itia
li
z
a
tio
n
(syste
m
boot)
preve
n
t
s
m
a
licious
code attacks from hard
driv
e,
and
even when the
mobile hard disk was st
olen,
the thief cannot
read o
u
t any
encrypte
d
data
from it
on an
y other co
mpu
t
er as long
as
the thief has
no access to th
e
encrypti
on key.
T
herefore, this
"enc
rypte
d
mo
bile
hard
disk"
is mor
e
secur
e
w
i
th better readin
g
an
d w
r
iting
perfor
m
a
n
ce, a
nd thus ca
n effectively pr
otect Im
porta
nt and
sensitiv
e data
on the
mob
i
l
e
hard d
i
sk.
Ke
y
w
ords
: se
cure mob
ile h
a
r
d disk, hardw
a
r
e encrypti
on,
tw
o-w
a
y ID authentic
atio
n, mo
bile
hard d
i
sk
Copy
right
©
2014 In
stitu
t
e o
f
Ad
van
ced
En
g
i
n
eerin
g and
Scien
ce. All
rig
h
t
s reser
ve
d
.
1. Introduc
tion
As mobil
e
m
a
ss sto
r
a
ge i
s
wi
dely u
s
e
d
and
pop
ula
r
ize
d
, mobil
e
hard
disk i
s
b
e
comi
ng
the comm
onl
y-use
d
tools
among the g
o
vernm
en
t, enterp
r
ises a
n
d
individual
s; when pe
opl
e
enjoy the
con
v
enien
ce
bro
ught by
mobil
e
sto
r
a
ge
de
vices, th
ey al
so
suffe
r fro
m
the
pro
b
le
m of
data lea
k
ag
e
followe
d by theft of the device
s
. Acco
rdin
g to a survey, 60% of the e
n
terp
rises
an
d
institution
s
ge
t victimized in
ca
se
s of thef
t of
mobile st
orag
e devi
c
e
s
. Surveys from U.S. Fed
e
ral
Burea
u
of Investigation (FBI) and Co
mputer Se
cu
rity Organi
za
tions (CSI)
also
sho
w
that
busi
n
e
s
ses
and gove
r
n
m
ent age
nci
e
s
suffer m
o
re
lo
sse
s
i
n
ca
se
s of
theft of important
informatio
n than tho
s
e
ca
use
d
by viru
s infe
cti
on a
nd ha
cker
attacks, a
nd m
o
re tha
n
80
% of
se
curit
y
t
h
re
a
t
s com
e
f
r
om
inside.
C
h
in
a Nat
i
on
al Informatio
n Security Testing
Evaluation a
nd
Certification
Cente
r
di
spla
yed in
its
su
rvey that the
se
curity issues
of se
nsit
ive data mai
n
ly
derive from di
scl
osure a
nd
crim
es, rat
her than the virus and externa
l
hackers.
In use of
mo
bile h
a
rd
di
sk, if sen
s
itive
dat
a a
r
e
sto
r
ed in
cl
ear te
xt, theft of the devi
c
e
will directly
cause di
scl
osu
r
e of
imp
o
rta
n
t docume
n
ts. In addition,
due to in
co
m
p
lete removal
o
f
files, temp
ora
r
y data
cache
,
disk fragme
n
tation a
nd
other ope
ratio
n
s
in
u
s
e
of m
obile
hard di
sk,
the me
dia
wi
ll have
a lot
of re
sid
ual
d
a
ta, whi
c
h
wi
ll indirectly i
n
cur le
akage
probl
em if
da
ta
recovery te
chniqu
es are
adopte
d
to
o
b
tain the
u
s
e
r
’s
se
nsitive i
n
formatio
n from the
re
sid
ual
data. More
over, tampe
r
ing
of data use
r
s by illegal
use
r
s i
s
also a m
a
jor threat to data se
cu
rity.
Therefore, to
ensure secu
rity of the dat
a st
o
r
ag
e me
dium, it is n
e
ce
ssary to int
r
odu
ce
data stora
ge se
curity-relat
ed
te
chnol
ogi
es su
ch as
ID a
u
thentication, data
en
cryption a
nd
d
a
ta
integrity verification to re
sea
r
ch an
d desi
gn for t
w
o-way ID
authenti
c
atio
n and h
a
rd
ware
encryption
-
ba
sed
se
cure m
obile ha
rd di
sk.
2. Rese
arch
Statu
s
The follo
win
g
rel
a
ted
m
a
terial
s h
a
ve
bee
n
sorte
d
out f
r
om
dome
s
tic
an
d forei
g
n
document
s a
s
well a
s
re
so
urces o
n
the Internet:
The voi
c
e
an
d graphi
c
digi
tal mobile
ha
rd di
sk (P
ate
n
t) put fo
rward a m
obile
h
a
rd
disk
Evaluation Warning : The document was created with Spire.PDF for Python.
ISSN: 23
02-4
046
TELKOM
NI
KA
Vol. 12, No. 4, April 2014: 3001 – 3
009
3002
allowin
g
only readi
ng an
d d
i
sabli
ng fun
c
tions of c
opy o
r
editing cl
ea
r text without
permi
ssion, the
essential
poi
nt of whi
c
h is acce
ss
co
ntrol. The invent
ion intro
d
u
c
e
d
parti
cula
r type of en
crypti
on
chip b
e
twe
e
n
IDE interface and h
a
rd
d
i
sk fo
r
intera
ctive data en
cryption
and
decryption. T
he
encryption
chip
subj
ect
s
to Serial
Port Comm
uni
ca
tion Proto
c
ol
of
smart
ca
rd,
with a
sl
ow
encryption
sp
eed
and
reli
e
s
o
n
o
per
atin
g sy
stem a
n
d
file unit to
en
crypt
data. Al
so,
se
curity
ri
sk
remai
n
s a
s
t
h
e key
re
side
s
in memory
.
The
en
crypt
ed
remova
bl
e sto
r
a
ge
d
e
vice
s a
n
d
their data
a
c
ce
ss
meth
od
(Patent)
publi
s
hed
a
method of m
obile mem
o
ry device al
o
ng with its
d
a
ta storage
method b
a
se
d on
hard
w
a
r
e en
cryption. The
storag
e med
i
a is rest
rict
e
d
to FLASH with key information store
d
in
the device, li
kely to ca
use key en
clo
s
ure. Me
a
n
wh
ile, safety pe
rforma
nce re
mains l
o
w
si
nce
use
r
pa
sswo
rds are directl
y
used for dat
a encryption.
Hardware e
n
c
ryption
syst
em for mo
bil
e
sto
r
a
ge
de
vices (T
he
sis by Tia
n
jin P
o
lytechni
c
University) d
e
s
ign
ed a
n
em
bedd
ed e
n
cryption sy
st
em
betwe
en PC
and
USB disk that the key i
s
store
d
in sm
a
r
t card. The
key encrypts d
a
ta wh
e
n
writing disk an
d decrypts d
a
ta
when
rea
d
in
g
disk und
er th
e cont
rol of
pre
-
in
stalled
hard
w
a
r
e e
n
c
ryption
and
decryption al
gorithm. It ch
ose
symmetri
c
ke
y DES algo
rithm and
de
si
gned
Tripl
e
DES for hi
gh
er
se
curity co
nce
r
n a
nd a
s
for
hard
w
a
r
e
architecture, it chose TMS3
2
O
VC54X
DSP
as
CPU whi
c
h perform
s
relatively well
in
both cal
c
ulati
on and control. CH37
5
chi
p
, as t
he main-control chip
for commu
nication with
USB
port, imple
m
ents featu
r
e
s
for commu
n
i
cation
and
e
n
cryptio
n
.
When system pro
c
e
s
ses
ke
ys,
rand
om sequ
ence gen
erat
or produ
ce
s random
keys,
store
d
wh
en IC ca
rd is initi
a
lize
d
, and u
s
ed
as keys to the encryption
platform via card read
er ci
rcuit.
Thesi
s
USB
data sto
r
age
encryption te
chn
o
logy ba
sed on FPGA
and DM by S
hang
hai
Jiao
Ton
g
Un
iversity de
sig
ned a
hig
h
ly efficient
en
cryption and
de
cryption
sy
ste
m
with
USB p
o
rt
based on M
E
MS strong
link, U
SB controller and
FPGA, using
AES encryption algorithm of
physi
cal
ce
rtification
an
d h
a
rd
wa
re i
m
pl
ementati
on.
Normal I
D
E h
a
rd
drive
s
be
come
e
n
crypted
USB ha
rd
drives of
stro
n
g
security af
ter
c
onn
ectin
g
to the
sy
stem, with a
n
avera
ge
dat
a
pro
c
e
ssi
ng ra
te closed to n
o
rmal
USB, reaching 1
0
M
B
/s.
Tianjin A
g
ri
cu
ltural
Unive
r
si
ty studied
a
desi
gn applyi
ng
p
e
rm
utation cod
e
to e
n
crypte
d
USB hard d
r
ive system,
propo
sin
g
to improv
e d
a
ta encryptio
n and de
cry
p
tion spe
ed
b
y
spe
c
iali
zed f
eature u
n
its
desi
gne
d by Maxplus II from ALTERA. In this way
it solved spe
ed
bottlene
ck
o
f
encryption
and d
e
cryption du
ri
ng
data tran
smissi
on a
n
d
created a
high
transmitting speed
USB ha
rd drive
sy
ste
m
that suppo
rts encryption.
NetDi
s
k Mini
of Ximeta co
ntrols
acce
ss in dr
ivers to memory by r
equiri
ng u
s
e
r
s to enter
passwords. B
e
sid
e
s, the in
ternal
small
server al
so
co
ntribute
s
to
makin
g
lo
w-cost NAS solu
tion
possibl
e. Clie
nts in netwo
rks a
r
e able t
o
access dat
a in mobile hard di
sk through pa
sswo
rd
whe
n
addin
g
Ethernet con
nectio
n
port
s
.
BenQDP
361
is
a p
o
rta
b
l
e
en
crypte
d
hard
di
sk wh
ich
ado
pts l
a
test chip
en
cryption
technology that separat
e
s
encrypt
ion al
gorithm f
r
om
password. That
is to
say, password
will
not
be stol
en eve
n
if the ha
rd
disk ha
s b
e
e
n
lost. No
o
n
e
kn
ows info
rmation
store
d
in the h
a
rd
d
r
ive
except the u
s
er.
Cen
d
a
C
803
mobile HDD with fingerpri
n
t enc
ryption
adopts live fingerpri
n
t recognitio
n
and AES-256 bit encrypt
ion that supports 10 diffe
rent finger
prints. Data is protected
by
examining
un
ique fin
ger p
r
ints to
confirm ide
n
tity. EagetE810
ha
s e
m
be
dded
the mo
st u
p
d
a
ted
AES-256 encryption algori
thm as
well.
Travel
st
ar’
s
encrypted
m
obile
HDD, adopts
hardware
encryption
ke
y with un
kno
w
n expl
anati
on. The
r
e a
r
e
also
other ty
pes
of en
cryp
ted mobile
ha
rd
disk.
All in all, the
con
c
lu
sion i
s
that re
sea
r
ch rega
rdin
g
mobile ha
rd
disk e
n
crypt
i
on ha
s
made
achiev
ements in th
e world
toda
y along
with
corre
s
p
ondin
g
produ
cts, y
e
t no
disk a
m
on
g
whi
c
h ad
opts
both strong a
u
thentication algorith
m
s
a
n
d
encryption
algorith
m
s.
3. Scheme Design
The "en
c
rypt
ed mobil
e
ha
rd disk" in thi
s
pape
r too
k
F
P
GA (PLD) a
s
the
co
re p
r
oce
s
sing
comp
one
nts, sele
cted ci
ph
er units in
clu
d
ing SCB-
2 algorithm ASIC chip
s certified by the State
Encryptio
n
Administ
ration,
adopted sm
a
r
t cards with
safe co
mputi
ng to achieve the key storage
and I
D
auth
e
n
tication, a
n
d
ch
ose USB
2
.0 anal
og t
r
ansceive
r
for de
signin
g
th
e USB p
h
ysi
c
al
layer p
r
oto
c
ol
. Among all,
FPGA chi
p
is the co
ntro
l
center of thi
s
"
encrypted m
o
bile ha
rd di
sk."
The de
sign bl
ock diag
ram i
s
sh
own in Figure 1.
Evaluation Warning : The document was created with Spire.PDF for Python.
TELKOM
NIKA
ISSN:
2302-4
046
Re
sea
r
ch on
De
sign Meth
od Base
d on
Hardware Encryption a
nd
Two
-
way… (Hua
nchun Ya
ng)
3003
3.1. USB Tra
n
sceiv
e
r
As the a
nal
og fro
n
t-en
d
of USB2.0
, U
SB tran
sceiver
unit
is u
s
e
d
for
NRZI
encodin
g
/de
c
oding
of differential
sig
nal, bit ma
nipulation
a
nd serial
-p
arallel conversion,
complyin
g wi
th UTMI sp
ecification. The tran
sceiver ca
n use
the readily available an
alog
transceive
r
chip of USB 2.0.
3.2. FPGA
FPGA is mai
n
ly used to a
c
hieve the foll
owin
g functio
n
s:
First, co
ntrol t
he mutual aut
hentication b
e
twee
n user
key ca
rd an
d the SAM card
.
After the mutual authenti
c
ation b
e
twe
en t
he user
key ca
rd a
n
d
SAM card
is done,
FPGA will
obt
ain the
key
m
a
terial f
r
om t
he u
s
e
r
key
card th
ro
ugh
cipher text, an
d then
the SAM
card will m
a
ke cal
c
ulations with the key material
to produce the
working
key for
SCB2 algorit
h
m
in decrypting
mobile ha
rd d
i
sk d
a
ta.
Then, it recei
v
es the parall
e
l data sent
by U
SB transceiver a
nd cl
assifies d
a
ta into “to
be encrypted" and "
not to
be encrypted". Those da
ta to be encrypted w
ill
be
sent to SSX30-D
and get encry
p
ted through
SSX30-D,
while those data not to be encry
pted will just get through.
In accordance with the
co
mmands received
from USB,
it
will send
comm
ands to
hard
disk to read
or write. All readin
g
and
wr
iting ope
rations on th
e hard d
r
ive
follow the ATA
specification.
Data
read out by the hard driv
e
will be
classified into “to be
decrypted" and "not to be
decrypted". Those data to be de
crypted will
be
sent to SSX30-
D and get decrypted through
SSX30-D, wh
ile those d
a
ta
not to be decrypted will ju
st get through.
3.3. SSX30-D
SSX30-D, a
s
certified
by the State Encryp
tio
n
Administ
ration,
is a
chip
of high-
perfo
rman
ce
block
ciph
er
algorith
m
, wh
ich im
pleme
n
t
s the SCB
2
cryptog
r
a
phi
c algo
rithms. T
h
e
cipher block
length is 128 bits with 128-bit
key length. SSX30-D incl
udes m
u
ltiple operati
ng
mode
s such as ECB, CB
C and
OFB a
nd two
worki
ng mea
n
s a
s
"single
-
bu
s"
and "du
a
l bu
s." In
the ECB mod
e
and du
al bus op
eratio
n, the encry
pti
on and d
e
cryption rate
s u
p
to 1.4Gbp
s. In
the "encrypte
d
mobile ha
rd
disk", ECB o
peratio
n mod
e
and du
al bu
s mean
s a
r
e
adopte
d
.
3.4. SAM
SAM is realized with the smart ca
rd aut
hentic
ated by State Encryption Administration. It
is adopte
d
to compl
e
te the mutual authe
nticati
on bet
wee
n
"encryp
t
ed mobile ha
rd disk" and t
he
use
r
key card, and to obtain the key material in u
s
er
key ca
rd
for com
putin
g the workin
g key
with SCB2 al
gorithm.
3.5. User Ke
y
Card
User key ca
rd is reali
z
e
d
through the
smar
t card approved by
the State Encryptio
n
Figure 1.
The
Desi
gn Block Diagram of the Encrypted
Mobile Ha
rd
Hard
disk
FPGA
(EP1C1
2Q24C
8)
IDE
interface
USB
transce-
iver
USB
interface
SAM
SSX30-D
Key
interface
circuit
User key
card
Encrypte
d mobile ha
rd di
sk
Evaluation Warning : The document was created with Spire.PDF for Python.
ISSN: 23
02-4
046
TELKOM
NI
KA
Vol. 12, No. 4, April 2014: 3001 – 3
009
3004
Administratio
n
, mainly
use
d
to
store the
key
materi
al
whi
c
h i
s
to
ge
nerate
the
wo
rkin
g
key
und
er
SCB2 crypto
grap
hic al
gori
t
hm. In order
to prevent
an
intrude
r from
stealin
g the key material, this
desi
gn reali
z
ed mutual a
u
t
henticatio
n b
e
twee
n us
er
key card
and
SAM in “en
c
rypted
mobil
e
hard di
sk".
4. Module Design
Module d
e
si
g
n
of the "encrypted mobile
hard di
sk" is
sho
w
n in Fig
u
re 2.
4.1. Auth
enti
cation an
d Ke
y
Acces
s Modules
Authenticatio
n and
key acce
ss m
o
d
u
les ta
ke
ch
arge
of the mutual auth
e
n
tication
betwe
en u
s
e
r
key ca
rd a
nd "encrypte
d
mobile
ha
rd disk". Afte
r authenti
c
ati
on is thro
ug
h,
authenti
c
atio
n an
d
key a
c
ce
ss mo
dule
s
will o
b
tain
key m
a
terial
from u
nde
r
key ca
rd
thro
u
gh
ciph
er an
d then ap
ply SAT to generate the wo
rki
ng key for h
a
rd di
sk d
a
ta encryption
and
decryption
wi
th SCB2
algo
rithm. Fig
u
re
3 an
d 4
sho
w
the p
r
o
c
e
s
s
of ID a
u
thenti
c
ation
an
d
ke
y
ac
ce
ss.
4.2. USB Tra
n
sceiv
e
r Module
They readily
available
US
B physi
cal
la
yer tra
n
sceiv
e
r i
s
used
to
receive th
e
serial
data
from
USB int
e
rface, a
nd
a
fter serial
-p
arallel
conve
r
si
on the
s
e
dat
a will
be
sent
to
USB devi
c
e
controlle
r mo
dule whil
e US
B bus state will also be
se
n
t
to USB devi
c
e co
ntroll
er
module a
nd th
e
parall
e
l data thus g
e
t seri
al
ized a
nd driv
en to USB interface.
4.3. USB De
v
i
ce Controll
er Module
USB devi
c
e
co
ntrolle
r
module
is a
c
hieve
d
thro
ugh V
H
DL l
angu
age
ha
rdenin
g
. It
receives pa
ra
llel data
and
bus state
fro
m
the
USB
transceive
r
m
o
dule,
write
s
t
he d
a
ta p
a
cket of
transmissio
n
control into t
he control en
dpoint
b
u
ffer
module,
and
sen
d
s th
e re
que
st of cont
rol
output break
to the main controlle
r m
o
dule; the bulk t
r
ansmi
ssi
on
dat
a packet
will be written into
bulk
end
point
buffer mo
dul
e and
se
nt the req
u
e
s
t of
batch output brea
k
to
th
e main
controll
er
module.
USB device
controlle
r mod
u
le re
ceive
s
the re
que
st of control input
brea
k fro
m
the main
controlle
r mo
dule, rea
d
s o
u
t data from control end
p
o
int buffer module, and fo
rwa
r
d
s
it to the
USB tran
scei
ver mod
u
le;
it also receives the
req
u
e
s
t of batch i
nput brea
k from the m
a
i
n
controlle
r mo
dule, read
s o
u
t data fro
m
bulk
end
point
buffer m
odul
e, and fo
rwards to th
e US
B
transceive
r
m
odule. Figu
re
5 displ
a
ys th
e
stru
cture of this devi
c
e co
ntrolle
r.
Fi
g
ure 2. The
Module Desi
g
n Dia
g
ra
m o
f
the Encr
y
pted Mobile
Ha
rd Di
sk
IDE
interface
USB devic
e
control
l
er
Main
control
l
er
AT
A
control
l
er
En
cry
p
ti
on
a
nd
decr
y
pti
on co
ntrol
modu
le
SSX30-D
SAM
User key
card
USB
interface
USB
transceiv
er
Authentic
atio
n and
key
access
modu
les
Evaluation Warning : The document was created with Spire.PDF for Python.
TELKOM
NIKA
ISSN:
2302-4
046
Re
sea
r
ch on
De
sign Meth
od Base
d on
Hardware Encryption a
nd
Two
-
way… (Hua
nchun Ya
ng)
3005
4.4. Main Controller Module
Main co
ntroll
er mod
u
le is
reali
z
ed th
ro
ugh VHDL la
ngua
ge ha
rd
ening. It rece
ives the
requ
est of
co
ntrol b
r
ea
k from the
USB device
co
ntro
ller mo
dule, read
s out the
orde
r p
a
cket
o
r
data pa
cket from co
ntrol endp
oint
buffer a
r
ea,
and then
write
s
the resp
on
se dat
a of
transmissio
n control
o
r
de
r into
co
ntrol e
ndpoi
nt
buffe
r zone
ba
sed
on the type
of comm
and
in
the orde
r pa
cket, and send
s the re
que
st of cont
rol inp
u
t brea
k to the USB device
controll
er.
Main controll
er mo
dule
re
ceive
s
the re
que
st of batch output b
r
e
a
k fro
m
USB
device
controlle
r mo
dule, write
s
the ATA tra
n
smissi
on
ord
e
r
pa
ram
e
ters into ATA co
ntrolle
r mo
du
le,
write
s
the
wo
rkin
g pa
ram
e
ters of
encry
ption
an
d de
cryption i
n
to the de
cryptio
n
and e
n
cryption
control mo
du
le, write
s
th
e re
spo
n
se
date of bat
ch tran
smi
ssi
on o
r
de
r fro
m
ATA cont
roller
module or en
cryption and decryption
m
odule
i
n
to
the
batch
end
poi
nt buffer mo
d
u
le, and
se
nd
s
the req
u
e
s
t of batch in
put b
r
ea
k to USB
device
c
ont
ro
ller mod
u
le, o
r
dire
ctly forward
s
the outp
u
t
data pa
cket to encryption
and de
cryptio
n
controlle
r module.
Main co
ntroll
er mod
u
le re
ceive
s
the st
atus
informati
on from en
cryption and d
e
cryptio
n
control m
odul
e, allo
wing
or pro
h
ibiting
the readi
ng
or writin
g o
perations on
the
en
cryption
a
n
d
decryption
co
ntrol mo
dule
from mai
n
co
ntrolle
r mod
u
l
e and ATA
controlle
r mo
dule. Figu
re
6
displ
a
ys main
controll
er mo
dule working
pro
c
e
ss.
T
he main
control
l
er
interface
PL
UT
MI
interface
MMU
interface
T
r
ansceiver
USB
interface
USB2.0 dev
ice
controll
er
Figure 5. The
Structure of USB Device Controlle
r
6. Extern
al a
u
thentic
atio
n
th
ro
u
gh
5. Sent (rand
o
m
2)
4. Internal a
u
th
enticati
o
n
th
ro
u
gh
2. Sent (rand
o
m
1)
3. Calcu
l
atio
ns
(random
1)
and se
nt
1. Requ
est (random
1)
User key
card
T
he encr
y
pte
d
mobil
e
har
d
disk
Figure 3. The
Proce
s
s of Two-way ID
Authenticatio
n
2. Authentic
ati
o
n
t
hrou
gh
1.
Internal
authe
nticati
o
n
th
h
User key
card
T
he encr
y
pte
d
mobil
e
har
d
disk
3. Sent (rand
o
m)
4. Calcu
l
atio
ns
(random)
a
nd
sent
5. Decr
y
p
tion (Dk)
6. Calcu
l
atio
ns
(K
w
)
Figure 4. The
Proce
s
s of Key Acce
ss
Evaluation Warning : The document was created with Spire.PDF for Python.
ISSN: 23
02-4
046
TELKOM
NI
KA
Vol. 12, No. 4, April 2014: 3001 – 3
009
3006
4.5. Encr
y
p
tion and De
cr
y
p
tion Control Module
Encryptio
n
a
nd de
cryptio
n
co
ntrol m
odule i
s
re
alize
d
thro
u
gh VHDL l
angu
age
descri
p
tion. It receive
s
working
key material fr
om
key
access mod
u
le and worki
ng paramete
r
s of
encryption a
nd de
cryptio
n
from mai
n
controlle
r;
it receive
s
the
output data
packet fro
m
main
controlle
r,
ge
nerate
s
the write control sign
al
for SSX30-D chi
p
, write
s
the da
ta into SSX30-D
chip through
SSX30-D host bus to
get t
hem
encrypted, and afte
r
SSSX30-D chip fini
shes
data
encryption, th
e en
cryption
and d
e
cryptio
n
co
ntrol
m
o
d
u
le will
produ
ce the
re
ad
control
sign
al f
o
r
SSX30-D
chi
p
, thus the e
n
crypte
d re
su
lts will be
re
a
d
and drive
n
to the ATA controlle
r mod
u
le;
it re
ceives th
e inp
u
t data
packet f
r
om
ATA co
nt
rolle
r
mo
dule, ge
nerate
s
the write control si
gnal
for SSX30-D c
h
ip, writes
the data isolated thro
ugh IDE interface module int
o
SSX30-D
chip
through SSX30-D host bu
s to get the data decrypted, and
after SSX30-D chi
p
com
p
letes
data
Y
F
a
ilur
e
F
a
ilur
e
F
a
ilur
e
F
a
ilur
e
F
a
ilur
e
F
a
ilur
e
F
a
ilur
e
F
a
ilur
e
N
N
N
Y
Po
w
e
r-
on reset
Initializ
atio
n
Setup
break
?
Rea
d
the dev
ic
e descri
p
tor
Set address
Rea
d
the dev
ic
e descri
p
tor
Read configurati
on descriptor
Rea
d
the dev
ic
e descri
p
tor
Rea
d
all th
e co
nfigur
ation
and strin
g
desc
r
iptors
T
he device con
f
igurati
o
n
Read MAXLUN
Successful nume
r
ation
C
o
nn
e
c
ti
on
statu
s
Po
w
e
r status
Default status
A
ddress status
Confi
gurati
on s
t
atus
Bus reset
Bus activit
y
?
T
r
ansactions
Su
sp
en
de
d
state
Bus activit
y
Wa
ke
?
Y
Set Interface
Soft
w
a
re
conn
ectio
n
Figure 6. Main Controlle
r Module
Wo
rki
ng Pro
c
e
s
s
Evaluation Warning : The document was created with Spire.PDF for Python.
TELKOM
NIKA
ISSN:
2302-4
046
Re
sea
r
ch on
De
sign Meth
od Base
d on
Hardware Encryption a
nd
Two
-
way… (Hua
nchun Ya
ng)
3007
decryption, the read c
ont
rol si
gnal for SSX30-D
chip w
ill be generated by
encryption and
decryption m
odule and the decrypt
io
n results will
be read out
and driven to main cont
roller
module tog
e
ther with the
status of encry
ption and
d
e
cryption co
ntro
l module. Fig
u
re 7 an
d figu
re
8 sep
a
rately
sho
w
the working p
r
o
c
e
ss
of encryptio
n and de
cryptio
n
module.
4.6. SSX30-D Chip
SSX30-D
chi
p
is a crypt
chip
certified by
the State Encryption
Administ
rati
on, whi
c
h
N
Y
Y
N
Y
N
Y
N
Y
Begin
W
r
it
e encr
y
p
t
e
d
wo
r
ki
ng
key
W
r
it
e encr
y
p
t
e
d
comman
d
Write data length
Par
a
llel Star
t
Ou
tp
ut
buf
fer
is
not
empty
?
Read in orde
r
encr
y
pte
d
results in
output buffe
r
Write in order
encr
y
pte
d
data
into hard drive
Co
mp
letion
of w
r
iti
ng
all
dat
a?
Write data to be
encr
y
pte
d
data t
o
the
input buffer
Data i
n
i
n
p
u
t
b
u
f
f
e
r ra
t
e
up to 12
8-
bit
?
Start to encr
y
pt t
he 128-
bit data in input buffer
Co
mp
letion
of all dat
a
enc
ry
ption
?
End
Figure 7.
The
Working P
r
o
c
e
ss of en
cryption
N
Y
Y
N
Y
N
Y
N
Y
Begin
W
r
it
e
d
ecr
y
p
t
e
d
wo
r
ki
ng
key
W
r
it
e
d
ecr
y
p
t
e
d
comman
d
Write data length
Par
a
llel Star
t
Ou
tp
ut
buf
fer
is
not
empty
?
Read in orde
r
decr
y
pte
d
results in
output buffe
r
Write in order
decr
y
pte
d
data
into hard drive
Co
mp
l
e
t
i
on
of w
r
iti
n
g
all
dat
a?
Write data to be
decr
y
pte
d
data t
o
the
input buffer
Data i
n
i
n
p
u
t
b
u
f
f
e
r ra
t
e
up to 12
8-
bit
?
Start to encr
y
pt t
he 128-
bit data in input buffer
Co
mp
letion
of all dat
a
dec
ry
ption
?
End
Figure 8. The
Working P
r
o
c
e
ss of Decry
p
tion
Evaluation Warning : The document was created with Spire.PDF for Python.
ISSN: 23
02-4
046
TELKOM
NI
KA
Vol. 12, No. 4, April 2014: 3001 – 3
009
3008
enabl
es th
at the SCB2
cryptog
r
a
phi
c algorit
h
m
can en
crypt
and d
e
crypt the data to
be
encrypted or decrypted
as
parsed
out
by main
controll
er m
odul
e u
n
der the
co
ntrol of e
n
crypti
on
and de
cryptio
n
control mod
u
le.
4.7. ATA
Co
ntroller Mod
u
le
ATA cont
rolle
r mo
dule i
s
realized th
rou
gh VHDL
lan
guag
e de
scri
ption. It re
cei
v
es the
para
m
eter bl
ock of ATA t
r
ansmi
ssion
comman
d
s fr
o
m
main
controller modul
e, and write
s
th
em
into the regi
ster g
r
ou
p of ATA memory thr
ough th
e IDE interface; in acco
rd
ance with ATA
proto
c
ol it di
rectly send
s ATA memo
ry para
m
et
er information
from IDE int
e
rface to m
a
in
controlle
r mo
dule, a
nd
se
n
d
s i
nput
data
pa
cket fro
m
IDE interfa
c
e
to the
unit
of en
cryptio
n
a
n
d
decryption. A
T
A co
ntrolle
r
sup
port
s
b
o
th
PIO an
d
UDMA tran
smi
s
sion mo
de
s, a
nd
sin
c
e it i
s
of
a high
er d
egree of de
sign
compl
e
xity, th
e state ma
chi
ne is th
us
pro
posed to d
e
scrib
e
the timi
n
g
as spe
c
ified b
y
ATA protocol.
5. Dev
e
lopment Tre
n
d
5.1. Securit
y
Encr
y
p
tion
Becom
es Inev
itable
Storage
prov
iders al
ways aim to offer use
s
p
r
ofe
s
sion
al, se
cu
re and
stable
stora
ge
solutio
n
s.
Wi
th the increa
sing
data a
m
ount an
d
its bo
oming i
m
porta
nce, d
a
ta se
cu
rity has
become o
n
e
of the essential criteria
whe
n
co
nsumers b
a
cku
p
data. However, software
encryption m
ode n
o
long
e
r
sati
sfies
ma
rket d
e
ma
nd.
Hard ware e
n
cryptio
n
be
comes
users’ f
i
rst
option
such
as Eag
e
t’sE9
06 chip en
cryption
and L
enovo’
s F11
7
fingerprint
encryption in
the
sen
s
e th
at da
ta remai
n
s
un
der
prote
c
tion
even if t
he h
a
rd
disk
stori
ng it is l
o
st. Consume
r
s
ne
ed
not to wo
rry a
bout the di
scl
o
su
re of
data
or t
hat b
e
ing
stolen. En
cry
p
tion technol
ogy will b
e
co
me
an inevitable
trend of mobil
e
hard di
sk d
e
velopme
n
t for su
re!
5.2. B.
Ha
rd
ware En
cry
p
tion is th
e O
n
ly
Ap
pro
a
c
h
to
Br
ea
king Sp
e
e
d
Bo
ttl
ene
c
k
of E
n
cry
p
tion
and De
cr
y
p
tion
Although software e
n
cryp
tion is far more flex
ible
, it is also more
compli
cated. If
implemented by
CPU,
the method
will use
l
o
ts
of CP
U
capacity; if ado
pting coprocessor, CPU
will then
be a
b
le to de
al wi
th other a
ppli
c
ation
s
b
u
t its capa
city wil
l
still be h
a
m
pere
d
du
e to
the
occupi
ed b
u
s duri
ng
data
tran
smi
ssi
on
between
co
pro
c
e
s
sor an
d main
mem
o
ry. Embed
d
ed
CPU in
sid
e
p
o
rtable
hard
drive c
ontroll
er for e
n
cryp
tion ca
n re
du
ce
CPU u
s
a
ge imp
r
essiv
e
ly
albeit this m
e
thod requi
re
s hig
h
ly profi
c
ient
em
bed
ded p
r
o
c
e
s
sor, thus i
n
creasi
ng the
cost.
Encryptio
n
algorithm u
s
in
g FPGA or ASIC with
data strea
m
processin
g
feature
s
esch
e
w
s
dra
w
ba
cks
of the above im
plementat
io
n
approa
che
s
.
Hardware en
cryption,
with high security as
well as hig
h
speed, is the only path to unbl
ocking spe
ed b
o
ttleneck of encryption a
nd
decryption.
5.3. Ke
y
Saf
e
t
y
is
more Significant than Cry
p
tographic Algor
ithms
Most mod
e
rn
cryptog
r
ap
hi
c algo
rithm
s
are b
a
sed on
particular m
a
th pro
b
lem
s
for data
encryption
protection
s.
Ne
verthel
e
ss,
a
d
vanced appl
ication
s
of
e
n
c
ryption
al
gorithms all requ
ire
algorith
m
s to
go
publi
c
such
a
s
Data
Encryption
Standard
(DES) an
d Adv
anced E
n
cryption
Standard (AE
S
). Hen
c
e, th
e safety
of cryptograp
hic
a
l
gorithm
s reli
es m
o
re
and
more
on that
of
keys in
stea
d of that of the
algorithm
s. Encryp
te
d ke
ys sho
u
ld be
stored fo
r sa
fety issue
s
a
nd
rand
om
num
ber gen
erator is
used
to g
e
nerate
th
e
m
a
ster e
n
cryption
key. In
ad
dition, adva
n
c
ed
identificatio
n algorith
m
will
veri
fy the legitimacy of use
r
s.
6. Conclusio
n
In this study, centered on
CYCLO
N
E chip se
ri
es (by Altera Corporatio
n) an
d
applied
with a sp
ecial
i
zed
crypt alg
o
rithm chip a
pprove
d
ce
rtified by the State Encryption
Administratio
n
,
a mobile h
a
rd disk with t
w
o-way ID
a
u
thentication
and ha
rd
wa
re en
cryptio
n
techn
o
logy
is
desi
gne
d and
cha
r
a
c
teri
ze
d with high
er safety, highe
r perfo
rma
n
ce and bette
r tran
spa
r
e
n
cy. In
addition, the
"encrypted m
obile ha
rd di
sk" a
dopt
s th
e low-en
d F
P
GA prod
uct
s
of CY
CLO
N
E
chip
serie
s
,
so it ha
s l
o
wer co
st a
nd
better p
r
i
c
e-pe
rfo
r
man
c
e
ratio
and
goo
d ma
rket
prospe
cts.
Therefore, th
e "encrypted
m
obile hard
disk" can b
e
widely
app
lied to government age
ncies,
enterp
r
i
s
e
s
a
nd individual
use
r
s
who h
a
v
e urgent ne
e
d
s for
safe m
obile sto
r
ag
e.
Evaluation Warning : The document was created with Spire.PDF for Python.
TELKOM
NIKA
ISSN:
2302-4
046
Re
sea
r
ch on
De
sign Meth
od Base
d on
Hardware Encryption a
nd
Two
-
way… (Hua
nchun Ya
ng)
3009
Referen
ces
[1]
F
r
eescal
e
. MPC82
60 IDMA T
i
ming D
i
a
g
ram
s
. 2006; Rev.4:
07.
[2]
W
u
Z
hend
on
g, Che
n
L
i
n. Re
search
on
Us
e Co
ntrol
of Mobil
e
Stora
g
e
Dev
i
ces.
C
o
mm
un
i
c
a
t
ions
T
e
chno
logy.
2
008; 05: 1
42-1
44.
[3]
Cao
Xiao
li. Ba
sed o
n
D
ES E
n
cr
y
p
tion Algor
i
thm.
Co
mp
ute
r
Know
led
ge
a
nd T
e
ch
nol
ogy
.
2011; 0
2
:
295-
296.
[4]
Hua
ng S
hen
g
c
hun,
Xi
Yon
g
,
W
e
i Jibo, Z
h
ao H
a
ita
o
. MPC82
60
and
F
P
GA-based
D
M
A Interfac
e
Desig
n
.
Microc
ontrol
l
ers an
d Emb
e
d
d
e
d
Systems
. 200
7; 09: 23-26.
[5]
Yang D
o
n
g
, Xi
e Yong
qi
ang.
A Public Ke
y
S
y
ste
m-b
ase
d
Mutual Auth
en
tication a
nd K
e
y
A
g
reem
en
t
Scheme.
Netw
ork & Compute
r
Security
. 200
8; 01: 25-2
8
.
[6]
Xi
a Sh
uhu
a. D
ES and
RSA e
n
cr
yptio
n
al
gor
ithm bas
ed o
n
the data s
e
curi
t
y
transmiss
io
n
techno
log
y
researc
h
.
Manufacturing Autom
a
tion
. 20
11;
02: 180-
18
2.
[7]
Yang
Xi
aomi
n
g
.
H
y
bri
d
Base
d
on DES an
d R
SA Encr
yption
Algorit
hm.
Co
mp
uter Study
.
201
1; 1: 2-3.
[8]
Qiu Hu
imin, Y
ang Y
i
xia
n
, Hu
Z
hengm
ing. A
Ne
w
Sm
art C
a
rd-b
ased
Sch
e
me D
e
sig
n
of
T
w
o-
w
a
y I
D
Authentic
atio
n.
Applic
ation R
e
search of Co
mputers
. 200
5; 1
2
: 103-1
05.
[9]
Hu W
e
i, Mu D
e
ju
n, Liu
Han
g
,
et al. Desig
n
and R
e
a
lizati
on of H
a
rd
w
a
r
e
Encr
ypti
on i
n
Mobi
le H
a
r
d
Disk.
Co
mp
ute
r
Engin
eeri
ng a
nd App
licati
ons
. 2010; 22: 62-
64.
[10]
W
u
Dians
hua
n
g
, Liu Ha
ng,
He De
qua
n. D
e
sig
n
an
d Re
alizati
on of En
cr
y
p
te
d Sol
i
d-
state Disk in
Integrated H
a
r
d
w
a
r
e
Encr
ypti
on.
Co
mp
uter Measur
e
m
ent
& Control
. 20
0
9
; 17: 951-
957.
[11]
Jia Li
ng. Rese
arch an
d Im
ple
m
entatio
n of Cr
y
p
to
gra
phic s
ystem in soft
w
a
r
e
and h
a
rd
w
a
r
e
.
Comput
e
r
Progra
m
mi
ng s
k
ills an
d Mai
n
tena
nce
. 20
10; 14: 132-
13
3.
[12]
W
ang Qing
bin
,
Chen Sha
o
z
hen. Broa
dcas
t encr
y
pti
on s
c
heme
w
i
t
h
const
ant-siz
e p
ublic ke
y a
n
d
private ke
y.
Jo
urna
l on Co
mmu
n
ic
ations
. 2
011; 02: 1
14-1
19.
[13]
Jinh
ui S
un, Ge
ng Z
h
ao,
Xufe
i
Li. An
Improv
ed P
ublic Key
Encr
y
p
tion Algo
rithm Bas
e
d
o
n
Ch
eb
ys
hev
Po
ly
no
mi
al
s.
T
E
LKOMNIKA Indo
nesi
an Jo
u
r
nal of Electric
al Eng
i
ne
eri
ng.
2013; 1
1
(2): 8
64-8
70.
[14]
Xi
ao
qia
n
g
Gu
o, Shu
a
i
Z
h
a
n
g
, Yin
g
Li. K
e
y T
e
c
hnol
og
i
e
s a
n
d
App
lic
ations
of S
e
c
u
re M
u
ltip
art
y
Comp
utation.
T
E
LKOMNIKA Indon
esi
an Jou
r
nal of Electric
al Eng
i
ne
eri
n
g
.
2013; 1
1
(7): 3
774-
377
9.
Evaluation Warning : The document was created with Spire.PDF for Python.