This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Simple Error Detection Methods for Hardware Implementation of Advanced Encryption Standard
June 2006 (vol. 55 no. 6)
pp. 720-731
In order to prevent the Advanced Encryption Standard (AES) from suffering from differential fault attacks, the technique of error detection can be adopted to detect the errors during encryption or decryption and then to provide the information for taking further action, such as interrupting the AES process or redoing the process. Because errors occur within a function, it is not easy to predict the output. Therefore, general error control codes are not suited for AES operations. In this work, several error-detection schemes have been proposed. These schemes are based on the (n+1,n) cyclic redundancy check (CRC) over GF(2^8), where n\in \{4,8,16\}. Because of the good algebraic properties of AES, specifically the MixColumns operation, these error detection schemes are suitable for AES and efficient for the hardware implementation; they may be designed using round-level, operation-level, or algorithm-level detection. The proposed schemes have high fault coverage. In addition, the schemes proposed are scalable and symmetrical. The scalability makes these schemes suitable for an AES circuit implemented in 8-bit, 32-bit, or 128-bit architecture. Symmetry also benefits the implementation of the proposed schemes to achieve that the encryption process and the decryption process can share the same error detection hardware. These schemes are also suitable for encryption-only or decryption-only cases. Error detection for the key schedule in AES is also proposed and is based on the derived results in the data procedure of AES.

[1] G. Bertoni, L. Brevegelieri, I. Koren, P. Maistri, and V. Piuri, “Error Analysis and Detection Procedures for a Hardware Implementation of the Advanced Encryption Standard,” IEEE Trans. Computers, vol. 52, no. 4, pp. 492-505, Apr. 2003.
[2] G. Bertoni, L. Brevegelieri, I. Koren, P. Maistri, and V. Piuri, “Detecting and Locating Faults in VLSI Implementations of the Advanced Encryption Standards,” Proc. 18th IEEE Int'l Symp. Defect and Fault Tolerance in VLSI Systems, pp. 105-113, Nov. 2003.
[3] G. Bertoni, L. Brevegelieri, I. Koren, and P. Maistri, “An Efficient Hardware-based Fault Diagnosis Scheme for AES: Performances and Cost,” Proc. 19th IEEE Int'l Symp. Defect and Fault Tolerance in VLSI Systems, pp. 130-138, Oct. 2004.
[4] E. Biham and A. Shamir, “Differential Fault Analysis of Secret Key Cryptosystems,” Advances in Cryptology— Proc. CRYPTO '97, pp. 513-525, 1997.
[5] P. Dusart, G. Letourneux, and O. Vivolo, “Differential Fault Analysis on A.E.S,” Applied Cryptography and Network Security, pp. 293-306, 2003.
[6] M. Feldhofer, S. Dominikus, and J. Wolkerstorfer, “Strong Authentication for RFID Systems Using the AES Algorithm,” Proc. Cryptographic Hardware and Embedded Systems (CHES '04), pp. 357-370, 2004.
[7] R. Karri, K. Wu, P. Mishra, and Y. Kim, “Concurrent Error Detection Schemes for Fault-Based Side-Channel Cryptanalysis of Symmetric Block Ciphers,” IEEE Trans. Computer-Aided Design of Integrated Circuits and Systems, vol. 21, no. 12, pp. 1509-1517, Dec. 2002.
[8] R. Karri, G. Kuznetsov, and M. Goessel, “Parity-Based Concurrent Error Detection of Subsititution-Permutation Network Block Ciphers,” Proc. Cryptographic Hardware and Embedded Systems (CHES '03), pp. 113-124. 2003.
[9] S. Mangard, M. Aigner, and S. Dominikus, “A Highly Regular and Scalable AES Hardware Architecture,” IEEE Trans. Computers, vol. 52, no. 4, pp. 483-491, Apr. 2003.
[10] US Nat'l Inst. of Standards and Tech nology, “Federal Information Processing Standards Publication 197— Announcing the ADVANCED ENCRYPTION STANDARD (AES),” 2001, http://csrc.nist.gov/publications/fips/fips197 fips-197.pdf.
[11] G. Piret and J.J. Quisquater, “A Differential Fault Attack Technique against SPN Structures, with Application to the AES and Khazad,” Proc. Cryptographic Hardware and Embedded Systems (CHES '03), pp. 77-88, 2003.
[12] J. Daemen and V. Rijmen, “AES Proposal: Rijndael,” AES Algorithm Submission, Sept. 1999.
[13] A. Satoh, S. Morioka, K. Takano, and S. Munetoh, “A Compact Rijndael Hardware Architecture with S-Box Optimization,” Proc. Advances in Cryptology (ASIACRYPT '01), pp. 171-184, 2001.
[14] K. Wu, R. Karri, G. Kuznetsov, and M. Goessel, “Low Cost Concurrent Error Detection for the Advanced Encryption Standard,” Proc. Int'l Test Conf. (ITC '04), pp. 1242-1248, 2004.

Index Terms:
Advanced encryption standard, error control code, CRC, differential fault attacks.
Citation:
Chih-Hsu Yen, Bing-Fei Wu, "Simple Error Detection Methods for Hardware Implementation of Advanced Encryption Standard," IEEE Transactions on Computers, vol. 55, no. 6, pp. 720-731, June 2006, doi:10.1109/TC.2006.90
Usage of this product signifies your acceptance of the Terms of Use.