隨著物聯網（Internet of Things, IoT）技術的快速發展，連接設備與裝置的數量驚人地增加，從家電到微型感測器等等，這對於物聯網設備間的安全通訊提出了嚴峻挑戰。在這個網絡環境中，確保資料的保密性、完整性和可用性變得至關重要。為了確保資料可以安全地傳輸、儲存和處理，我們需要一個能夠滿足物聯網環境中資源有限的需求且安全的通訊架構。本論文旨在設計與實現一個基於AES-CCM演算法的IoT安全通訊架構，以滿足物聯網環境中資源有限的設備的需求。
本論文研究工作主要集中於AES-CCM（Advanced Encryption Standard-Counter with Cipher Block Chaining-Message Authentication Code）演算法，該演算法結合了進階加密標準（AES）、區塊加密的密碼區塊鏈模式（Cipher Block Chaining mode, CBC）、計數器模式（Counter mode, CTR）以及訊息驗證碼（Message Authentication Code, MAC）。藉由在AES演算法中，透過即時運算的方式生成每個回合中使用到的回合金鑰，以減少記憶體面積；以有限域複合場運算取代查表，減少硬體資源的使用；簡化矩陣相乘之運算，達到電路共享。目標是在保持安全性的同時，設計一個低面積的架構，以確保其在資源受限的物聯網設備上能有效實施。
完成的設計在Xilinx Virtex 7系列的xc7vx330t-3ffg1157元件以及tsmc 0.18 m標準元件庫上實現與驗證。在FPGA部份，硬體資源方面分別使用了1,707個slices、3,116個registers，最高工作頻率可達到118.217 MHz。在標準元件庫設計部份，合成後最高工作頻率可達到100 MHz，晶片核心面積為882.47 m  881.40 m，等效邏輯閘數量約為55,098 gates，核心功率消耗為30.3576 mW，I/O pad功率消耗為1.3168 mW。

With the rapid development of Internet of Things (IoT), the number of connected devices has increased dramatically, ranging from home appliances to miniature sensors and more. This poses significant challenges for secure communication between IoT devices. In the network environment, ensuring the confidentiality, integrity, and availability of data becomes important. To ensure that data can be transmitted, stored, and processed securely, we need a communication architecture that can meet the requirements with limited resource and provide security in the IoT environment. This thesis is aimed to design and implement an IoT secure communication architecture based on the AES-CCM algorithm to meet the requirements of resource-constrained devices in the Internet of Things (IoT) environment.
The main focus of this thesis is on the AES-CCM (Advanced Encryption Standard-Counter with Cipher Block Chaining-Message Authentication Code) algorithm. This algorithm combines the Advanced Encryption Standard (AES), the Cipher Block Chaining mode (CBC) for block encryption, the Counter mode (CTR), and the Message Authentication Code (MAC). By generating round keys on-the-fly during each round in the AES algorithm, it reduces the area of memory. It also replaces look-up table with finite field arithmetic operations to reduce hardware resource usage and simplifies matrix multiplication operations for circuit sharing. The goal is to design a low-area architecture that can effectively implement the algorithm on resource-constrained Internet of Things (IoT) devices while maintaining security.
The completed design is implemented and verified on a Xilinx Virtex 7 series xc7vx330t-3ffg1157 device and the tsmc 0.18 μm standard cell library. In the FPGA implementation, the hardware resources used were 1,707 slices and 3,116 registers, achieving a maximum operating frequency of 118.217 MHz. In the standard cell library implementation, after synthesis, the maximum operating frequency can reach 100 MHz, with a chip core area of 882.47 m  881.40 m, equivalent to 55,098 gates. The core power consumption is 30.3576 mW, and the I/O pad power consumption is 1.3168 mW.

[1] A. Al-Fuqaha, M. Guizani, M. Mohammadi, M. Aledhari and M. Ayyash, "Internet of Things: A Survey on Enabling Technologies, Protocols, and Applications," IEEE Communications Surveys & Tutorials, vol. 17, no. 4, pp. 2347-2376, Jun. 2015.
[2] NIST Special Publication 800-38C, Recommendation for Block Cipher Modes of Operation: The CCM Mode for Authentication and Confidentiality (CCM), U.S., May. 2004.
[3] William Stallings, Cryptography and Network Security Principles and Practice, Eighth edition, Pearson, 2019.
[4] ITU-T, " Common requirements and capabilities of a gateway for Internet of things applications," ITU-T Recommendation Y.2067, International Telecommunication Union, Geneva, Oct. 2017.
[5] S. Singh and N. Bisht, “A Comparative Study of Some Symmetric and Asymmetric Key Cryptography Algorithms,” International Journal of Innovative Research in Science, Engineering and Technology, vol. 04, no. 03, pp. 1028–1031, Mar. 2015.
[6] R. Sultana and T. Shahid, “A Survey on Digital Signatures,” International Journal of Research Publication and Reviews, vol. 02, no. 02, pp. 279-288, Feb. 2021.
[7] FIPS Publication 197, Advanced Encryption Standard (AES), U.S. DoC/NIST, Nov. 2001.
[8] D. Whiting, R. Housley and N. Ferguson, Counter with CBC-MAC (CCM), Sep. 2003. https://www.rfc-editor.org/rfc/rfc3610
[9] NIST Special Publication 800-67, Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher, U.S., May. 2004.
[10] NIST Special Publication 800-38A, Recommendation for Block Cipher Modes of Operation, U.S., Dec. 2001.
[11] A. Joshi, P. K. Dakhole and A. Thatere, "Implementation of S-Box for Advanced Encryption Standard," in Proceedings of the 2015 IEEE International Conference on Engineering and Technology (ICETECH), pp. 1-5, Coimbatore, India, Sep. 2015.
[12] X. Zhang and K. K. Parhi, “High-Speed VLSI Architectures for the AES Algorithm,” IEEE Transactions on Very Large Scale Integration (VLSI) Systems, vol. 12, no. 9, pp. 957-967, Sept. 2004.
[13] J. D. Ji, S. W. Jung, E. -A. Jun and J. Lim, "Efficient Sequential Architecture for the AES CCM Mode in the 802.16e Standard," in Proceedings of the 2009 Second International Conference on Intelligent Networks and Intelligent Systems, pp. 253-256, Tianjian, China, Nov. 2009.
[14] H. Y. Jang, J. H. Shim, J. H. Suk, I. C. Hwang and J. R. Choi, "Compatible design of CCMP and OCB AES cipher using separated encryptor and decryptor for IEEE 802.11i," in Proceedings of the 2004 IEEE International Symposium on Circuits and Systems (ISCAS), pp. III-645, Vancouver, BC, Canada, May. 2004.
[15] I. Tsekoura et al., "Exploration of cryptographic ASIP designs for wireless sensor nodes," in Proceedings of the 2010 17th IEEE International Conference on Electronics, Circuits and Systems, pp. 827-830, Athens, Greece, Dec. 2010.
[16] 陳思云，設計與實現一個高效能AES-CCM 加密驗證演算法之IP，碩士論文－國立台灣科技大學電子工程系，2021 年。
[17] 莊任華，設計與實現一個高效能AES-GCM加密認證演算法之IP，碩士論文－國立台灣科技大學電子工程系，2022年。