Transparent Serial Encryption

What is claimed: 1 . An encryption device comprising at least a processor configured to: receive a serial data stream; generate a keystream using a block cipher operating in counter mode, wherein the keystream is generated based on at least a key value and a count value; encrypt the serial data stream using the keystream; insert a framed cryptographic synchronization message into the encrypted serial data stream, wherein the framed cryptographic synchronization message comprises an escape sequence and an indication of a count value to be used to generate keystream data; and output the encrypted serial data and the framed cryptographic synchronization message. 2 . The encryption device as in claim 1 , wherein data framing information is not added to the serial data stream in order to encrypt the serial data stream using the keystream generated using the block cipher. 3 . The encryption device as in claim 1 , wherein at least the processor is further configured to: determine that an idle period in the serial data stream is sufficiently large to accommodate the framed cryptographic synchronization message; and inserting the framed cryptographic synchronization message into the encrypted serial data stream at a position corresponding to the idle period. 4 . The encryption device as in claim 1 , wherein at least the processor is further configured to: maintain a shift register with a length that is greater than or equal to a length of the framed cryptographic synchronization message; cycle units of the encrypted serial data stream through the shift register; and determine to insert the framed cryptographic synchronization message into the encrypted serial data stream based on the shift register having sufficient space available for the framed cryptographic synchronization message due to idle periods in the encrypted serial data stream. 5 . The encryption device as in claim 1 , wherein at least the processor is further configured to adjust the relative timing of one or more portions of the encrypted serial data stream in order to accommodate insertion of the framed cryptographic synchronization message. 6 . The encryption device as in claim 1 , wherein at least the processor is configured to maintain a relative timing of data within the serial data stream when encrypting the serial data stream and when inserting the framed cryptographic synchronization message. 7 . The encryption device as in claim 1 , wherein the framed cryptographic synchronization message further comprises an authentication field, and a value of the authentication field is determined based on the indication of the count value included in the framed cryptographic synchronization message. 8 . The encryption device as in claim 1 , wherein the processor is configured to insert an instance of framed cryptographic synchronization data into the encrypted serial data stream at the first opportunity where: sufficient idle space is available in the encrypted serial data stream to accommodate the instance of the frame cryptographic synchronization data; and keystream data generated from a preceding count value was used to encrypt data. 9 . The encryption device as in claim 1 , wherein at least the processor is further configured to ensure that the escape sequence does not occur in the encrypted serial data stream unless the escape sequence is indicating the presence of an instance of a framed cryptographic synchronization message. 10 . A decryption device comprising at least a processor configured to: receive an encrypted serial data stream, wherein one or more instances of a framed cryptographic synchronization messages are included within the encrypted serial data stream; detect an escape sequence within the encrypted serial data stream; determine a count value based on detecting the escape sequence; generate a keystream using a block cipher operating in counter mode, wherein the keystream is generated based on at least a key value and the count value; decrypt at least a portion of the encrypted serial data stream using the keystream; and output an unencrypted serial data stream that corresponds to at least the portion of the encrypted serial data stream. 11 . The decryption device as in claim 10 , wherein the wherein the block cipher is configured to implement the Advanced Encryption Standard (AES) and the keystream is generated based further on a nonce value. 12 . The decryption device as in claim 10 , wherein the count value and the escape sequence are included in a first framed cryptographic synchronization message, and the first framed cryptographic synchronization message further comprises an authentication field that includes at least one of a checksum or a cyclic redundancy check (CRC). 13 . The decryption device as in claim 10 , wherein at least the processor is further configured to validate the first framed cryptographic synchronization message based on at least one of the checksum or the CRC. 14 . The decryption device as in claim 10 , wherein at least the processor is configured to decrypt the portion of the encrypted serial data stream using the keystream by XORing the portion of the encrypted serial data stream with data from the keystream. 15 . The decryption device as in claim 10 , wherein the decryption device is implemented on a field programmable gate array (FPGA). 16 . The decryption device as in claim 15 , wherein the decryption device is configured to provide a traffic throughput of at least 10 Mb/sec while consuming 300 mW or less power and while weighing 20 grams or less. 17 . The decryption device as in claim 10 , wherein at least the processor is further configured to: determine that all of the keystream data generated based on a given count value has been used to decrypt data; increment the count value based on determining that all of the keystream data generated based on the given count value has been used to decrypt data; generate additional keystream data using the block cipher based on the key value and the incremented count value; and decrypt subsequent serial data based using the additional keystream. 18 . A method for using block ciphering techniques to cryptographically protect serial data, the method comprising: receiving a first serial data stream; generating a first keystream using the block cipher operating in counter mode, wherein the keystream is generated based on at least a first key value and a first count value; encrypting the first serial data stream using the keystream to produce a first encrypted serial data stream; inserting a first framed cryptographic synchronization message into the first encrypted serial data stream, wherein the first framed cryptographic synchronization message comprises a first escape sequence and an indication of a first count value to be used to generate keystream data; and outputting the first encrypted serial data and the first framed cryptographic synchronization message. 19 . The method as in claim 18 , further comprising: receiving a second encrypted serial data stream, wherein a second framed cryptographic synchronization message is included within the second encrypted serial data stream; detecting the escape sequence within the second encrypted serial data stream; determining a second count value based on detecting the escape sequence; generating a second keystream using the block cipher operating in counter mode, wherein the second keystream is generated based on at least a second key value and the second count value; decry