Abstract -Wireless networks are on the cutting edge of modern technology and rapidly gaining popularity in today's world due to their excellent usability. For secure wireless data transmission, Wired Equivalent Privacy (WEP), IEEE 802.11 standard defined security protocol, is employed. WEP has a potential limitation that stems from its adaptation of RC4 stream cipher algorithm. As a result, there is a pressing need for new WLAN security measure. Therefore, this paper presents hardware implementation of RC4A stream cipher and proposes to replace RC4 in WLAN security scheme, due to weakness of RC4.The design of the cipher was implemented by Verilog HDL. For hardware implementation of the design, an Altera Field Programmable Gate Array (FPGA) device, EP20K200EFC484-2X from APEX family, APEX 20KE, was used.
I. Introduction
Wireless Local Area Network (WLAN) offers organizations and users a both convenient and flexible means of communication. The popularity of wireless LANs is a testament primarily to their convenience, cost efficiency, and ease of integration with other networks and network components.It also provides mobility, enhances productivity, and lowers installation costs. The most prominent feature about WLAN is the absence of wires and its mobility. It is cable-free, no-strings-attached networking. As compares to the traditional network, WLAN requires no complicate configuration on its physical topology. Wireless LANs use electromagnetic airwaves to communicate information from one point to another without relying on any physical connection However, as data travels through the air, it can easily be tapped by any one including unauthenticated personnel using sniffer. There are number of issues that have to be considered when setting up a WLAN. The most vital is the security [5] particularly for applications hosting important information. For instance, networks transmitting credit card numbers for verification or storing sensitive information are certainly candidates for emphasizing security. In these cases and others, proactively safeguard the network against security attacks is a very important problem. The designers have tried to overcome the security concern by devising a user authentication and data encryption system known as wired equivalent privacy (WEP) [1 and 16] . In the paper we mainly focus on the WEP relevant secure problems.
WEP has a prospective weakness since its adaptation of RC4 stream cipher algorithm [17] . As a result, these networks are very susceptible to security violations and need significant encryption algorithm. In this circumstance, RC4A stream cipher can be alternative to replace RC4. As far as security concern, RC4A has an enhanced security over the RC4 against most of the known plaintext attacks [2] .RC4A pseudorandom bit generator passed all the statistical tests listed in [3] .
For secure high speed networks the hardware always appears to be the ultimate choice because hardware implementation of cryptographic algorithms is intrinsically more physically secure and run faster than software. Reconfigurable logic, based on Field-Programmable Gate Arrays (FPGA) devices, provides a hardware solution to algorithm flexibility [15] . FPGA is an ideal platform to provide hardware arithmetic acceleration for use in many cryptographic applications. Implementation of cryptographic algorithms in FPGA devices usually achieves superior performance when compared with software-based ones. [3] which prove the randomness of the keystream. The cipher was designed using Verilog hardware description language and implemented into a single Altera APEX TM 20K200E Field Programmable Gate Array (FPGA).
The paper is organized as follow. First weakness of WEP and RC4 algorithm is presented.RC4A algorithm is discussed then. This is followed by architecture of hardware, design methodology, discussion on the FPGA implementation and performance of the hardware. Finally the conclusion is presented.
5th
II. WEP, RC4 Stream Cipher and Their Weakness
The concept of WEP is to prevent eavesdroppers by encrypting data transmitted over the WLAN from one point to another. Wired Equivalent Privacy (WEP) is a security protocol that is part of IEEE 802.11 standard for wireless networks. WEP is still widely employed around the world due to the fact that old network interface cards cannot match the requirements of newer security protocols. WEP uses a pre-shared key for encryption and user authentication. WEP was developed to protect linklevel data during wireless transmission [14] .
WEP adopts RC4 algorithm, a stream cipher, developed by RSA security. RC4 is a symmetric algorithm relies on a single shared key that is used at one end to encrypt plaintext into cipher text, and decrypt it at the other end [2 and 14] . It is a variable key-size stream cipher with byteoriented operations. The algorithm is based on the use of a random permutation. It works in Output Feedback (OFB) mode of operation. [8] . Confidentiality in WEP is achieved using RC4 stream cipher. While remarkable in its simplicity, RC4 falls short of the high standards of security set by cryptographers, and some ways of using RC4 can lead to very insecure cryptosystems including WEP [18] . Two major weaknesses were found in RC4's key scheduling algorithm (KSA). The first being the existence of a large class of weak keys, and the second being related key vulnerability. One of WEP's biggest downfalls is that its secret keys are relatively shorter than other security protocols' keys -typically, 40 bits due to US Government restrictions on the export of cryptographic technology at the time the protocol was drafted. This key length was too short and made brute force attacks [14] .
III. RC4A Stream Cipher
RC4A, an RC4 family stream cipher algorithm, developed by S. Paul and B. Preneel [13] which attempts to increase security without decreasing efficiency. Their approach essentially takes two RC4 instances and crosses information between them. RC4A stream cipher works in two phases, KSA (Key Scheduling Algorithm) phase and PRGA (Pseudo Random number Generation Algorithm) phase. During PRGA two successive output byte are generated. The goal behind RC4A was to increase security primarily by increasing the internal complexity of the algorithm [9] . RC4A is made through improvement on the RC4, i.e., providing 2 S arrays (S1 and S2) that are independent from each other and, so that RC4A should not have bias in consecutive output byte. RC4A uses three counter i, j1, and j2. Variable j1 and j2 are introduced corresponding to S1 and S2. In KSA for RC4A, like KSA of RC4, the array S1 is initialized, using the secret key K, Keystream, WK, are generated from the array S1 like PRGA (Pseudo Random number Generation Algorithm) of RC4. Then, like S1, the array S2 is initialized using WK. Unlike RC4 in PRGA of RC4A two successive output byte are generated. All the arithmetic operations are computed modulo N (N=256) [13] . 
IV. Hardware Architecture Controller provides essential signals to operate Datapath, Storage Unit and Key Unit. Datapath unit is responsible for the key set up and key stream generation. As per received signal from controller it generates required signal for operation of storage and key unit. With the data from storage and key unit it executes arithmetical and swapping operation. And then generate the output. The storage unit was used to contain memory elements for S1, S2 known as S1 box, S2 box. Storage unit dealt with S1 box and S2 box. Storage Unit consists of six Rams. The Key Unit was used to contain memory elements for K array known as K box to store key of variable length from 8 bit to 512 bit. For this function one RAM was used in the hardware. Design cycle for our work consists of the following steps:
• Verilog implementation of the algorithm of RC4A stream cipher.
• Verifying the algorithm on Register-Transfer-level (RTL)
• Synthesis and logic optimization.
• Place and Route for specific device.
B. Software tools:
The entire design was described using Verilog HDL language. Our choice has the advantages to be portable on all circuit design platforms. For implementing proposed algorithm on FPGA device, Quartus II 5.0 development software have been used which is fully integrated package for creating for logic design for Altera FPGA. Altera Quartus II EDA tool provides a complete, multiplatform design environment for system-on-a-programmable-chip (SOPC) design. It supports system level design, FPGA, and CPLD (Complex programmable logic device) design, synthesis, place and rout, verification and device programming. Each stage of design flow can be invoked from the GUI of the Quartus II.
C. Hardware tools:
Altera Nios development kit is a board mounted with EPXAI device from the APEX family. The part number of the FPGA chip mounted on the Nios development kit used in this thesis is EP20K200EFC484-2X. It provides 8,696 registers; 106496 memory bits; and 200,000 typical gates. It contains an embedded array to implement memory functions and logic array to implement general logic functions. It has 8,320 logic elements grouped into 52 Mega Logic Array Block(LAB) structures, each of which consists of 16 logic Labs and one Embedded System Block(ESB).The ESB provides 2,048 programmable bits that can be configured as product term logic, look up table based logic, or various types of memory. The kit has other peripherals such as external SDRAM (static Dynamic Ram), SDRAM controller, watchdog timer and UART (Universal Asynchronous Receiver and Transmitter). The kit is an ideal platform for system prototyping, emulation, hardware and software development or other special requirements. It provides a flexible, powerful debug and development environment to support the development of systems using APEX devices.
VI. Hardware Implementation Results
The whole design was analyzed & synthesized by using Altera FPGA device (part number-EP20K200EFC484-2X). Synthesis results for the proposed hardware are shown in Table 1 . Timing of various stages of the proposed hardware is shown in Table 2 . Throughput of the hardware proposed can be defined as, Throughput = N * clock frequency. Where N is the number of bits produced in every clock cycle [7] .So, Throughput of proposed hardware is 177.98 Mbits/s where the clock frequency is 33.33 MHz and N=(512x8)/766 = 5.34.
From Table 2 it is observed that proposed hardware implementation of RC4A require high time and clock cycle for KSA. It is reasonable because to increase security internal complexity of the algorithm and number of variables involved in each output byte was increased. Large number of variable increases the set up time as it involves more arithmetic operation [13] .
Comparison of the results of performance (in term of throughput) and consumed area (in terms of FPGA CLB slices) for the proposed hardware and RC4 stream cipher are presented in the Table 3 . For hardware implementation, of RC4 of [10] XILINX 2V250FG256 FPGA device and of RC4 of [11] XILINX XC4000E-4013EEPQ208-2 FPGA device was used. RC4 in [4] was implemented in software. From Table 3 it is observed that for the performance in term of throughput proposed hardware implementation outperforms the implementation of RC4 in [4, 10, and 11] . But it consumes relatively more area. To increase security of the RC4A primarily internal complexity of the algorithm was increased. By increasing the number of variables involved in each output the size of predictive state was increased, reducing biases. The cost is a large increase in memory requirements as well as set up time [9] . The proposed design is able to support variable key lengths from 8 bit to 512 bit. The RC4 implementation in [8] is able to support variable key lengths from 8-bit to 128-bit only. The other designs [6, 11 and 12] that supports merely fixed key lengths. Therefore, it can be seen that proposed design has more option of using key compare to other RC4 stream cipher implementations and longer key will be useful for the secure use of WLAN Unlike RC4 stream cipher, it generates two output streams at a time, whereas RC4 generate only one output stream. So, at the same time proposed hardware implementation can generate almost double number of keys with compare to RC4. Thus, it is possible to use any of keystream which increase the unpredictability of the keystream as well as security. Keystream of proposed hardware implementation has passed the all the described statistical tests listed in [3] which prove the randomness of the keystream of the proposed hardware implementation.
VII. Conclusion
Hardware implementation of RC4A stream cipher for WLAN security is presented in this paper. Hardware performance of RC4A is compared with that of RC4 which is adopted by WEP. Proposed implementation achieved better data throughput than that of RC4. Longer, variable key length and two output streams make proposed hardware more secure than RC4. Unlike RC4, RC4A considered as a secure cipher. Therefore, it is a more suitable alternative for long term privacy. Nevertheless, the cost of this improved security is longer encryption time and high consumed area.
In the light of the presented hardware implementation results, it can be said that proposed hardware be able to flexible solution for WLAN security. 
