This Article 
 Bibliographic References 
 Add to: 
Sequential Circuit Design for Embedded Cryptographic Applications Resilient to Adversarial Faults
January 2008 (vol. 57 no. 1)
pp. 1-1
In the relatively young field of fault-tolerant cryptography, the main research effort has focused exclusively on the protection of the data path of cryptographic circuits. To date, however, we have not found any work that aims at protecting the control logic of these circuits against fault attacks, which thus remains the proverbial Achilles' heel. Motivated by a hypothetical yet realistic fault analysis attack that, in principle, could be mounted against any modular exponentiation engine, even one with appropriate data path protection, we set out to close this remaining gap. In this paper, we present guidelines for the design of multifault-resilient sequential control logic based on standard Error-Detecting Codes (EDCs) with large minimum distance. We introduce a metric that measures the effectiveness of the error detection technique in terms of the effort the attacker has to make in relation to the area overhead spent in implementing the EDC. Our comparison shows that the proposed EDC-based technique provides superior performance when compared against regular N-modular redundancy techniques. Furthermore, our technique scales well and does not affect the critical path delay.

[1] D. Boneh, R. DeMillo, and R. Lipton, “On the Importance of Checking Cryptographic Protocols for Faults,” Advances in Cryptology—Proc. EuroCrypt '97, W. Fumy, ed., pp. 37-51, 1997.
[2] M. Joye, A. Lenstra, and J. Quisquater, “Chinese Remaindering Based Cryptosystem in the Presence of Faults,” J. Cryptology, vol. 4, no. 12, pp. 241-245, 1999.
[3] E. Biham and A. Shamir, “Differential Fault Analysis of Secret Key Cryptosystems,” Advances in Cryptology—Proc. 17th Ann. Int'l Cryptology Conf. (CRYPTO '97), B. Kaliski Jr., ed., pp. 513-525, 1997.
[4] G. Piret and J. Quisquater, “A Differential Fault Attack Technique against SPN Structures, with Application to the AES and Khazad,” Proc. Fifth Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '03), C. Walter, Ç.K. Koç, and C. Paar, eds., pp. 77-88, 2003.
[5] H. Choukri and M. Tunstall, “Round Reduction Using Faults,” Proc. Second Int'l Workshop Fault Diagnosis and Tolerance in Cryptography (FDTC '05), Sept. 2005.
[6] M. Joye and S.-M. Yen, “The Montgomery Powering Ladder,” Proc. Fourth Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '02), B. Kaliski Jr., Ç.K. Koç, and C. Paar, eds., pp.291-302, 2002.
[7] A. Reyhani-Masoleh and M. Hasan, “Towards Fault-Tolerant Cryptographic Computations over Finite Fields,” ACM Trans. Embedded Computing Systems, vol. 3, pp. 593-613, Aug. 2004.
[8] G. Gaubatz and B. Sunar, “Robust Finite Field Arithmetic for Fault-Tolerant Public-Key Cryptography,” Proc. Second Workshop Fault Diagnosis and Tolerance in Cryptography (FDTC '05), L.Breveglieri and I. Koren, eds., Sept. 2005.
[9] G. Bertoni, L. Breveglieri, I. Koren, P. Maistri, and V. Piuri, “On the Propagation of Faults and Their Detection in a Hardware Implementation of the Advanced Encryption Standard,” Proc. IEEE Int'l Conf. Application-Specific Systems, Architectures, and Processors (ASAP '02), M. Schulte, S. Bhattacharyya, N. Burgess, and R. Schreiber, eds., pp. 303-314, July 2002.
[10] C. Aumüller, P. Bier, W. Fischer, P. Hofreiter, and J.-P. Seifert, “Fault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures,” Proc. Fourth Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '02), B. Kaliski Jr., Ç. Koç, and C.Paar, eds., pp. 260-275, 2002.
[11] D. Rennels, “Architectures for Fault-Tolerant Spacecraft Computers,” Proc. IEEE, vol. 66, pp. 1255-1268, Oct. 1978.
[12] M. Chen and E.A. Trachtenberg, “Permutation Codes for the State Assignment of Fault Tolerant Sequential Machines,” Proc. 10th Digital Avionics Systems Conf. (DASC '91), pp. 85-89, Oct. 1991.
[13] M. Berg, “Fault Tolerant Design Techniques for Asynchronous Single Event Upsets within Synchronous Finite State Machine Architectures,” Proc. Seventh Int'l Military and Aerospace Programmable Logic Devices Conf. (MAPLD '04), Sept. 2004.
[14] Fault Tolerant Computing—Theory and Techniques, D. Pradhan, ed., first ed., vol. 1. Prentice Hall, 1986.
[15] S. Skorobogatov and R. Anderson, “Optical Fault Induction Attacks,” Proc. Fourth Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '02), B. Kaliski Jr., Ç.K. Koç, and C. Paar, eds., pp. 2-12, Aug. 2002.
[16] R. Anderson and M. Kuhn, “Tamper Resistance—A Cautionary Note,” Proc. Second Usenix Workshop Electronic Commerce, pp. 1-11, Nov. 1996.
[17] G. Gaubatz, “Versatile Montgomery Multiplier Architectures,” master's thesis, Worcester Polytechnic Inst., Worcester, Mass., May 2002.
[18] S. Mitra and E. McCluskey, “Which Concurrent Error Detection Scheme to Choose,” Proc. Int'l Test Conf. (ITC '00), pp. 985-994, 2000.
[19] A. Hopkins Jr. and T. Smith III, “The Architectural Elements of a Symmetric Fault-Tolerant Multiprocessor,” IEEE Trans. Computers, vol. 24, no. 5, pp. 498-505, May 1975.
[20] H. Helgert and R. Stinaff, “Minimum-Distance Bounds for Binary Linear Codes,” IEEE Trans. Information Theory, vol. 19, pp. 344-356, May 1973.
[21] N. Das and N. Touba, “Weight-Based Codes and Their Application to Concurrent Error Detection of Multilevel Circuits,” Proc. 17th VLSI Test Symp. (VTS '99), 1999.

Index Terms:
Circuit faults,Cryptography,Fault tolerance,Fault tolerant systems,Registers,Sequential circuits,Public key,Pipelines,and Fault-Tolerance,Hardware,Control Structure Reliability,Testing
"Sequential Circuit Design for Embedded Cryptographic Applications Resilient to Adversarial Faults," IEEE Transactions on Computers, vol. 57, no. 1, pp. 1-1, Jan. 2008, doi:10.1109/TC.2007.70784
Usage of this product signifies your acceptance of the Terms of Use.