Grand Valley State University ScholarWorks@GVSU Masters Theses Graduate Research and Creative Practice 2018 Efficient Implementation of IEEE 802.11i Wi-Fi Security (WPA2-PSK) Standard Using FPGA Atal Bajracharya Grand Valley State University Follow this and additional works at: https://scholarworks.gvsu.edu/theses Part of the Engineering Commons Recommended Citation Bajracharya, Atal, "Efficient Implementation of IEEE 802.11i Wi-Fi Security (WPA2-PSK) Standard Using FPGA" (2018). Masters Theses. 910. https://scholarworks.gvsu.edu/theses/910 This Thesis is brought to you for free and open access by the Graduate Research and Creative Practice at ScholarWorks@GVSU. It has been accepted for inclusion in Masters Theses by an authorized administrator of ScholarWorks@GVSU. For more information, please contact [email protected]. Efficient Implementation of IEEE 802.11i Wi-Fi Security (WPA2-PSK) Standard Using FPGA Atal Bilas Bajracharya A Thesis Submitted to the Graduate Faculty of GRAND VALLEY STATE UNIVERSITY In Partial Fulfillment of the Requirements For the Degree of Master of Science in Engineering School of Engineering December 2018 Acknowledgements The successful completion of this thesis required guidance and assistance from a lot people and I am extremely privileged to have got this throughout the course of my thesis. All that I have done is only possible due to such supervision and assistance. I would like to express my sincere appreciation to my thesis advisor Dr. Chirag Parikh for his wealth of knowledge, immense support and constant guidance without which I would not have been able to complete my thesis. I would also like to thank the rest of my thesis committee members, Dr. Nabeeh Kandalaft and Dr. Christian Trefftz for their invaluable comments and feedback which helped me correctly cover my subject matter. I would also like to express my immense gratitude towards my graduate advisor Dr. Shabbir Choudhuri, for guiding me throughout my master’s degree program at Grand Valley State University. Finally, I would like to thank my family and friends for their constant love and support throughout my life. 3 Abstract The rationale behind the thesis was to design efficient implementations of cryptography algorithms used for Wi-Fi Security as per IEEE 802.11i Wi-Fi Security (WPA2-PSK) standard. The focus was on software implementation of Password-Based Key Derivation Function 2 (PBKDF2) using Keyed-Hash Message Authentication Code (HMAC)-SHA1, which is used for authentication, and, hardware implementation of AES-256 cipher, which is used for data confidentiality. In this thesis, PBKDF2 based on HMAC-SHA1 was implemented on software using C programming language, and, AES-256 was implemented on hardware using Verilog HDL. The overall implementation was designed and tested on Nexys4 FPGA board. The performance of the implementation was compared with other existing designs. Latency (us) was used as the performance metric for PBKDF2, whereas, throughput (Gb/s), resource utilization (Number of Slices), efficiency (Kb/s per slice) and latency (ns) were used as performance metrics for AES- 256. MRF24WG0MA PMOD Wi-Fi module was the 2.4 GHz Wi-Fi module which was interfaced with Nexys4 FPGA board for wireless communication. When the correct security credentials were entered in the implemented system interfaced to the Wi-Fi module, it was successfully authenticated by a 2.4 GHz wireless router (or mobile hotspot) configured to work in WPA2-PSK security mode. Once this system was authenticated, the implemented AES-256 cipher within the system was used to provide a layer of encryption over the data being communicated in the network. 4 Table of Contents Acknowledgements ....................................................................................................................... 3 Abstract .......................................................................................................................................... 4 Table of Contents .......................................................................................................................... 5 List of Figures ................................................................................................................................ 9 List of Tables ............................................................................................................................... 12 Abbreviations .............................................................................................................................. 13 Chapter 1: Introduction ............................................................................................................. 14 1.1 Background ................................................................................................................... 14 1.2 Wireless Security Principle ......................................................................................... 15 1.3 WPA2-PSK Overview .................................................................................................. 16 1.4 Project Scope ................................................................................................................ 18 Chapter 2: WPA2-PSK Theory ................................................................................................. 20 2.1 WPA2-PSK Device Authentication............................................................................ 20 2.1.1 PBKDF2 (Password-Based Key Derivation Function 2) ................................... 22 2.1.2 HMAC (Keyed-Hashing for Message Authentication) ..................................... 25 2.1.3 SHA1 ...................................................................................................................... 27 2.2 WPA2-PSK Data Confidentiality ............................................................................... 31 2.2.1 AES-256 Key Expansion ...................................................................................... 35 2.2.2 AES-256 Encryption ............................................................................................. 37 5 2.2.3 AES-256 Decryption ............................................................................................. 37 Chapter 3: Software Implementation ....................................................................................... 40 3.1 Overview ...................................................................................................................... 40 3.2 MicroBlaze™ Environment ....................................................................................... 40 3.3 WPA2-PSK Device Authentication............................................................................ 42 3.3.1 Layer1: SHA1-HASH Implementation ............................................................... 43 3.3.2 Layer2: HMAC_SHA1 Implementation ............................................................. 45 3.3.3 Layer3: PBKDF2 Implementation ...................................................................... 45 3.4 AES-256 Key Expansion .............................................................................................. 46 Chapter 4: Hardware Implementation ..................................................................................... 50 4.1 Overview ...................................................................................................................... 50 4.2 Nexys4 ........................................................................................................................... 50 4.3 AXI Interconnect ......................................................................................................... 51 4.4 AES-256 Implementation ........................................................................................... 52 4.4.1 BRAMs .................................................................................................................. 53 4.4.2 AES Core .............................................................................................................. 55 4.4.3 AES-256 Internal Design ..................................................................................... 57 4.5 AES-256 Interface with MicroBlaze .......................................................................... 61 4.6 Total On-Chip Power Consumption .......................................................................... 62 Chapter 5: Testing and Result ................................................................................................... 64 6 5.1 Overview ....................................................................................................................... 64 5.2 WPA2-PSK Testing and Result .................................................................................. 65 5.3 WPA2-PSK Performance Evaluation ........................................................................ 70 5.4 AES-256 Testing and Result ........................................................................................ 72 5.4.1 TCP Server and TCP Client ............................................................................... 72 5.4.2 HTTP Server and Web Browser ......................................................................... 76 5.5 AES-256 Performance Evaluation .............................................................................. 78 5.5.1 Latency Comparison ............................................................................................. 80 5.5.2 Throughput Comparison ....................................................................................