In wireless communication systems, the ability to provide secure, confidential transmissions and the ability to verify the integrity and/or authenticate transmissions become highly important tasks as these systems move towards the next generation of data services. The need for advanced security measures may require the implementation of encryption and authentication services into the security architecture of 3rd generation mobile communication systems. For example, encryption operations for wideband code division multiple access (WCDMA) applications may be performed at the link layer while authentication operations may be performed at the resource control (RRC) layer, for example.
The link layer may be subdivided into divided into medium access control (MAC), radio link control (RLC), packet data convergence protocol (PDCP), and broadcast/multicast control (BMC). The MAC sublayer may map-logical channels to transport channels, which in turn may be mapped to physical channels by the physical layer. In this regard, the physical layer may be utilized to communicate between a user equipment (UE), such as a mobile phone, and a base station (BS). The MAC sublayer may also handle the UE identification on channels common to all UEs. The RLC sublayer may be utilized to handle segmentation of frames to smaller units suitable for transmission. Encryption or confidentiality operations on user data may be performed at either the MAC or the RLC sublayers, which means that encryption may be limited to communications between the UE and a radio network controller (RNC). The RNC may be utilized to control a set of BSs and may also be responsible for controlling radio resources. Because the RRC runs above the RLC and may be utilized to carry control information over the radio link, authentication operations may be performed on RRC control messages and but may not be performed on user data and/or RLC control data. Moreover, RRC control messages may be encrypted at the link layer by confidentiality operations.
The 3rd Generation Partnership Project (3GPP) has developed normative specifications for a mobile communications confidentiality algorithm, the f8 algorithm, for Wideband Code Division Multiple Access (WCDMA) applications. The f8 confidentiality algorithm developed by the 3GPP is described in the 3GPP, Technical Specification Group Services and System Aspects, 3G Security, Specification of the 3GPP Confidentiality and Integrity Algorithms, Document 1: f8 and f9 Specification, Release 5 (3GPP TS 35.201 V5.0.0, 2002-06). The f8 algorithm may utilize a 128-bit confidentiality key and various other input parameters to generate a keystream that may be utilized to encrypt or decrypt an input bitstream.
The f8 confidentiality algorithm is based on the KASUMI algorithm, which is specified by the 3GPP, Technical Specification Group Services and System Aspects, 3G Security, Specification of the 3GPP Confidentiality and Integrity Algorithms, Document 2: KASUMI Specification, Release 5 (3GPP TS 35.202 V5.0.0, 2002-06). The KASUMI algorithm is a symmetric block cipher with a Feistel structure or Feistel network that produces a 64-bit output from a 64-bit input under the control of a 128-bit cipher key. Feistel networks and similar constructions are product ciphers and may combine multiple rounds of repeated operations, for example, bit-shuffling functions, simple non-linear functions, and/or linear mixing operations. The bit-shuffling functions may be performed by permutation boxes or P-boxes. The simple non-linear functions may be performed by substitution boxes or S-boxes. The linear mixing may be performed using XOR operations.
The f8 confidentiality algorithm utilizes the KASUMI algorithm as a keystream generator in an Output Feedback Mode (OFB). The keystream generator may be specified in terms of a general-purpose keystream function KGCORE as described in 3GPP, Technical Specification Group Services and System Aspects, 3G Security, Specification of the A5/3 Encryption Algorithms for GSM and ECSD, and GEA3 Encryption Algorithms for GPRS, Document 21: A5/3 and GEA3 Specifications, Release 6 (3GPP TS 55.216 V6.2.0, 2003-09). The f8 confidentiality algorithm may be defined by mapping its corresponding inputs to KGCORE function inputs, and mapping KGCORE function outputs to outputs of the confidentiality algorithm. The heart of the KGCORE function is the KASUMI cipher block, and this cipher block may be used to implement the f8 confidentiality algorithm.
Implementing the f8 confidentiality algorithm may require ciphering architectures that provide fast and efficient execution in order to meet the transmission rates, size and cost constraints required by next generation data services and mobile systems. Because of their complexity, implementing the f8 confidentiality algorithm in embedded software to be executed on a general purpose processor on a system-on-chip (SOC) or on a digital signal processor (DSP), may not provide the speed or efficiency necessary for fast secure transmissions in a wireless communication network. Moreover, these processors may need to share some of their processing or computing capacity with other applications needed for data processing and/or transmission, further limiting processing resources available for encryption applications. The development of cost effective integrated circuits (IC) capable of accelerating the speed with which encryption and decryption may be achieved by the f8 confidentiality algorithm is necessary for the deployment of next generation data services.
Further limitations and disadvantages of conventional and traditional approaches will become apparent to one of skill in the art, through comparison of such systems with some aspects of the present invention as set forth in the remainder of the present application with reference to the drawings.