Incorporating error detection and online reconfiguration into a regular architecture for the advanced encryption standard

Fault injection based attacks on cryptographic devices aim at recovering the secret keys by inducing an error in the computation process. They are now considered a real threat and countermeasures against them must be taken. In this paper, we describe an extension to an existing AES architecture proposed by Mangard et al. (2003), which provides error detection and fault tolerance by exploiting the high regularity of the architecture. The proposed design is capable of performing online error detection and reconfiguring internal data paths to protect against faults occurring in the computation process. We also describe how different redundancy levels provide protection against different numbers of errors. The presented design incorporating fault detection and tolerance has the same throughput as the base architecture but incurs a nonnegligible area overhead. This overhead is about 40% for the fault detection circuitry and 134% for the entire fault detection and tolerance (through reconfiguration). Although quite high, this overhead is still lower than for reference solutions such as duplication (providing detection) and triple modular redundancy (providing fault masking).

[1]  Keshab K. Parhi,et al.  High-speed VLSI architectures for the AES algorithm , 2004, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[2]  Ramesh Karri,et al.  Fault-based side-channel cryptanalysis tolerant Rijndael symmetric block cipher architecture , 2001, Proceedings 2001 IEEE International Symposium on Defect and Fault Tolerance in VLSI Systems.

[3]  Jean-Didier Legat,et al.  Efficient Implementation of Rijndael Encryption in Reconfigurable Hardware: Improvements and Design Tradeoffs , 2003, CHES.

[4]  Jean-Pierre Seifert,et al.  Fault Based Cryptanalysis of the Advanced Encryption Standard (AES) , 2003, Financial Cryptography.

[5]  Christophe Giraud,et al.  DFA on AES , 2004, AES Conference.

[6]  Ramesh Karri,et al.  Parity-Based Concurrent Error Detection of Substitution-Permutation Network Block Ciphers , 2003, CHES.

[7]  Israel Koren,et al.  Detecting and locating faults in VLSI implementations of the Advanced Encryption Standard , 2003, Proceedings 18th IEEE Symposium on Defect and Fault Tolerance in VLSI Systems.

[8]  Ramesh Karri,et al.  Parity-based concurrent error detection in symmetric block ciphers , 2003, International Test Conference, 2003. Proceedings. ITC 2003..

[9]  Israel Koren,et al.  Error Analysis and Detection Procedures for a Hardware Implementation of the Advanced Encryption Standard , 2003, IEEE Trans. Computers.

[10]  Ingrid Verbauwhede,et al.  Minimum area cost for a 30 to 70 Gbits/s AES processor , 2004, IEEE Computer Society Annual Symposium on VLSI.

[11]  S. Kung,et al.  VLSI Array processors , 1985, IEEE ASSP Magazine.

[12]  Israel Koren,et al.  An efficient hardware-based fault diagnosis scheme for AES: performances and cost , 2004, 19th IEEE International Symposium on Defect and Fault Tolerance in VLSI Systems, 2004. DFT 2004. Proceedings..

[13]  Patrick Schaumont,et al.  Design and performance testing of a 2.29-GB/s Rijndael processor , 2003, IEEE J. Solid State Circuits.

[14]  William Stallings,et al.  THE ADVANCED ENCRYPTION STANDARD , 2002, Cryptologia.

[15]  Sandra Dominikus,et al.  A Highly Regular and Scalable AES Hardware Architecture , 2003, IEEE Trans. Computers.

[16]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[17]  Jean-Jacques Quisquater,et al.  A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD , 2003, CHES.