The MC6859 Data Security Device (DSD) is a monolithic MOS Integrated circuit designed to be integrated into a wide range of equipment requiring protection of data by the employment of cryptographic measures.
The cryptographic algorithm utilised by the device is the Data Encryption Standard (DES) as adopted by the U.S. Department of Commerce, National Bureau of Standards (NBS), in publication FIPS PUB 46 (1-15-1977).
Through the use of flexible on-chip control and status circuitry and external control lines, the DSD provides the direct capability of adapting the functional implementation of the DES algorithm for various specific system requirements for data protection.
- Direct Compatibility with the M6800 Microprocessor Family
- Data Encryption Standard Algorithm
- Two Separate Interrupt Output Lines for Program Controlled Interrupt Capability
- Up to 400 KBPS Throughput Rate of 64-Bit Block Cipher (Exclusive of Software Overhead)
- TTL Compatible
- Single +5 V Power Supply
The MC6859 Data Security Device (DSD) interfaces to the M6800 bus via an 8-bit bidirectional data bus, five chip select lines, a read/write (R/W) line, an external RESET line, three register select lines, an Enable (System Ø2) line, a 2XEnable (2XE) clock line and two interrupt request lines. These signals permit the M6800 MPU to control the DSD and perform data transfers between the two.
Bidirectional Data Bus (D0-D7)
Chip Select (CS0-1-2-3-4)
With the DSD selected, this input controls the direction of data transfer on the data bus. When R/W is high, data in the DSD is read by the MPU on the trailing edge of E. A low state on the R/W line enables data transfer from the MPU on the trailing edge of the 2XE signal.
Enable (E) and 2XEnable (2XE)
The rising edge of the Enable input initiates data transfer from the DSD to the MPU during a read cycle. The falling edge of the Enable input latches MPU data into the DSD during a write cycle. The 2XE Input is used in processing the encryption/decryption algorithm for all mask sets. E and 2XE are completely asynchronous. See section on Mask Sets for exceptions on the prior revision of the DSD.
This input signal is used to initialize the internal control logic, status flags, and counters of the DSD. The contents of the active key register and major key register remain unchanged. The RESET function should be coupled with the system power-on reset to provide orderly system initialization. It may also be used as a master reset to the chip during system operation. To abort the encryption algorithm before the required 320 clock cycles (2XE) have occurred, it is necessary to provide a RESET signal or software reset command to the DSD. When this occurs, information in the data register and active key register is no longer valid. The contents of the major key register are unaffected.
Address Lines (A0, A1, A2)
These inputs are used in conjunction with the R/W line to select one of eleven possible DSD operations. The DSD is accessed via MPU read and write operations in much the same manner as a memory device.
Instructions performing operations directly on memory should not be used when the DSD is accessed since the DSD uses the R/W line as an additional register select input, read-modify-write type instructions conflict with the standard operation of the Data Security Device.
DSD Functional Description
The MC6859 Data Security Device appears to an MPU system as an interface adapter device. The internal construction of the DSD is illustrated by the block diagram. The device consists of a single 8-bit data bus buffer with a three-state operation, through which data may be entered into:
1) the 56-bit active key register
2) the 54-bit major key register
3) the 54-bit data register
Output data from the status register or the data register is also switched through the data bus buffers. At the bus interface, the DSD data register appears as eight addressable memory locations to the MPU, through which the operational mode of the chip may be selected, chip status monitored, key or data written into the device, and data read from the device.
The operation of the DSD is split into five major modes:
1) status readout
2) loading of data or encrypted key
3) data encryption
4) data decryption
5) data readout
These and additional control modes are activated by three address input lines and a read/write input line.
The PE flag is set when a parity error is detected while loading either a major or secondary key or when the active key is checked during algorithm operation. The PE flag remains set, and the IRQPE signal remains low until a hardware/software reset is received. The READY flag is set, and the IRQR output goes high whenever the device is processing a block of data. The flag is cleared, pulling the IRQR output low, whenever the DSD is not encoding/decoding data or transferring major key. IRQR may be tied to IRQ of an M6800 family processor for interrupt driven encryption if no other peripherals share the IRQ line.
To encipher an 8-byte block of data, the first seven bytes are written to the Write Data/"C" Key register; the eighth byte is written to the Encipher Data register; this automatically initiates the encryption process. Data is always processed using the current Active Key. During algorithm operation, the DSD constantly performs parity checking on the contents of the active key register. The busy flag is set during encryption and then reset when the algorithm has finished; completion requires 320 cycles of 2XE. During this time the DSD ignores all external commands except status read, hardware reset and software reset.
This process is identical to encipher data except that the eighth byte is written to the Decipher Data register. During decipher or encipher only a read status register, hardware reset or software reset are recognised; all other commands are ignored.
This command is normally executed upon completion of the encipher/decipher algorithm (indicated by READY = 0). A read before completion of busy results in all zeros reading from D0-D7. As each byte of data is read, zeros are automatically shifted into the data register to ensure data security.
The DSD may be software reset by writing the reset/initialize command at any time. Like the hardware reset, this command initializes the internal control logic, status flags, and counters without altering the contents of the active key register or the major key register. If a hardware or software reset is issued during the algorithm processing, the information in the data register and active key register will no longer be valid. However, the contents of the major key register are not affected.
Load Major Key
An unencrypted key is entered into both the active key register and the major key register when eight consecutive bytes are written into the Major Key Register. Parity error checking is automatically performed.
Load Plain Secondary Key
An unencrypted key may be loaded into the active key register and simultaneously checked for parity errors by writing eight consecutive bytes into the Enter Plain Secondary Key Register. The Major Key Register is unaffected.
Encipher Secondary Key
After a secondary key is loaded, it can be enciphered or deciphered (the source of an encrypted key is usually another DSD). A secondary key may be enciphered by loading the first seven bytes of plain text to the Write Data/"C" Key register. The eighth byte is entered into the Encipher Secondary Key register. This causes the secondary key to be enciphered using the current major key and automatically loaded into the Active Key register and checked for parity. This operation requires 328 cycles of 2XE.
Decipher Secondary Key
This function is similar to the Encipher Secondary Key operation. The first seven bytes of the key are loaded into the Write Data "C" Key register. The eighth byte is entered by addressing the Decipher Secondary Key register. The secondary key is then deciphered using the current major key and automatically loaded into the Active Key register and checked for parity. This operation requires 328 cycles of 2XE.
Transfer Major Key
The contents of the Major Key register is transferred to the Active Key register by a read of the Transfer Major Key register. The data bus is ignored. The Major Key register remains unchanged. This operation requires eight cycles of 2XE
Typical System Operation
- A software reset is issued to each DSD by its MPU.
- The sending MPU loads a major key (eight bytes) into its DSD; this serves as the active key if a secondary key is not entered.
- The receiving station must also load this same major key before data transmission can begin. If the current major (or secondary) key is not known in advance, it can be transmitted by the sending MPU, but may not be encoded as the receiving MPU system has no key to decode it. The MPU at the receiving station must be programmed with the mode and format used for data transmission so its DSD can process the data correctly. At this point, both the transmitting and receiving stations are ready for data transfer.
- The sending MPU writes eight bytes of data into its DSD which enciphers them.
- The sending MPU retrieves eight bytes of encrypted data from its DSD and transmits them to the receiving MPU.
- The receiving MPU writes these eight bytes of data into its DSD to be deciphered.
- The receiving MPU retrieves eight bytes of data from its DSD in the original plain text form.
Guidelines to be used in selecting a key are:
• Make the key as a single 56-bit number
• Avoid bias in selecting the key
• Change key as frequently as practical
One way to help ensure the security of the key is to make frequent use of secondary keys. Secondary keys can be generated by the sender and distributed selectively to one or more receivers. Since the MC6859 can encipher or decipher secondary keys using the major key, the sender can transmit the secondary key in encrypted form to further ensure system security. However, the receiver must be aware that a secondary key is being transmitted and must decrypt the key if it was sent in encrypted form.
Assuming that secrecy of the key is maintained, it is nearly impossible for an unauthorised user to decode an intercepted message into its original form. Since the DES algorithm utilises a 56-bit active key, there are 256 (or about 7 x 1016) possible encrypted messages which must be searched to retrieve the original message. Also, if the key were changed regularly only a small portion of the message would be retrieved for each successful exhaustive search. Therefore, the basic "block cypher" technique described in the Typical System Operation section is adequate for today's data security applications.
If additional security is required for some reason, several techniques can be used to increase data security. These include:
• Perform multiple encryptions and decryptions using the same key or different keys
• Reverse the algorithm (decipher-transmit-encipher)
• Utilise cypher feedback or other feedback techniques
The process of multiple encryption or decryption is an easy way to effectively increase the size of the key to any desired length. For example, the sender might successively encipher, decipher, and encipher a block of data using one key for the encipher operations and another for the decipher operation. The receiver would then have to decipher, encipher, and decipher the data using the same pair of keys.
This technique would greatly increase data security while reducing throughput by a factor of three. Many such multiple encryption combinations are possible.
An easy way to increase security without reducing throughput is to perform the DES algorithm "in reverse." In other words, data or keys can be deciphered by the sender and then enciphered by the receiver to yield the original message. This technique works because the enciphering and deciphering algorithms are "mirror images" of each other.
Many different feedback techniques are available as alternatives to the basic 64-bit block cypher. One of these, known as cypher feedback (CFB), is described below. CFB is a byte-oriented implementation in that only one byte is transmitted at a time. Thus, throughput is reduced by a factor of eight (excluding software overhead). Implementation of the CFB technique is more dependent upon the system configuration than is the block cypher.