This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Double-Data-Rate Computation as a Countermeasure against Fault Analysis
November 2008 (vol. 57 no. 11)
pp. 1528-1539
ASCII Text
x 
 
Paolo Maistri, Régis Leveugle, "Double-Data-Rate Computation as a Countermeasure against Fault Analysis," IEEE Transactions on Computers, vol. 57, no. 11, pp. 1528-1539, November, 2008.
 
 
BibTex
x
 
@article{ 10.1109/TC.2008.149,
author = {Paolo Maistri and Régis Leveugle},
title = {Double-Data-Rate Computation as a Countermeasure against Fault Analysis},
journal ={IEEE Transactions on Computers},
volume = {57},
number = {11},
issn = {0018-9340},
year = {2008},
pages = {1528-1539},
doi = {http://doi.ieeecomputersociety.org/10.1109/TC.2008.149},
publisher = {IEEE Computer Society},
address = {Los Alamitos, CA, USA},
}
 
 
RefWorks Procite/RefMan/Endnote
x 
 
TY - JOUR
JO - IEEE Transactions on Computers
TI - Double-Data-Rate Computation as a Countermeasure against Fault Analysis
IS - 11
SN - 0018-9340
SP1528
EP1539
EPD - 1528-1539
A1 - Paolo Maistri,
A1 - Régis Leveugle,
PY - 2008
KW - AES
KW - DFA
KW - Fault detection
KW - Redundancy
VL - 57
JA - IEEE Transactions on Computers
ER -
 
Paolo Maistri, TIMA Laboratory, Grenoble
Régis Leveugle, TIMA Laboratory, Grenoble
Differential Fault Analysis (DFA) is one of the most powerful techniques to attack cryptosystems. Several countermeasures have been proposed, which are based either on information or temporal redundancy. In this work, we propose a novel approach based on a Double-Data-Rate (DDR) computation template. A few sample architectures have been implemented: they are compared to other existing architectures and countermeasures, and a thorough dependability analysis is given.

[1] E. Biham and A. Shamir, Differential Cryptanalysis of the Data Encryption Standard. Springer Verlag, 1993.
[2] D. Boneh, R. DeMillo, and R. Lipton, “On the Importance of Eliminating Errors in Cryptographic Computations,” J. Cryptology, vol. 14, pp. 101-119, 2001.
[3] M. Ciet and M. Joye, “Elliptic Curve Cryptosystems in the Presence of Permanent and Transient Faults,” Designs, Codes, and Cryptography, vol. 36, no. 1, pp. 33-43, 2005.
[4] G. Piret and J.-J. Quisquater, “A Differential Fault Attack Technique against SPN Structures, with Application to the AES and Khazad,” Proc. Fifth Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '03), vol. 2779, pp. 77-88, 2003.
[5] A. Moradi, M.T. Manzuri Shalmani, and M. Salmasizadeh, “A Generalized Method of Differential Fault Attack against AES Cryptosystem,” Proc. Eighth Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '06), vol. 4249, pp. 91-100, 2006.
[6] J. Takahashi, T. Fukunaga, and K. Yamakoshi, “DFA Mechanism on the AES Key Schedule,” Proc. Workshop Fault Diagnosis and Tolerance in Cryptography (FDTC '07), pp. 62-74, 2007.
[7] National Institute Standards and Technology (NIST), FIPS-197: Advanced Encryption Standard, Nov. 2001.
[8] A. Satoh, S. Morioka, K. Takano, and S. Munetoh, “A Compact Rijndael Hardware Architecture with S-Box Optimization,” Advances in Cryptology—ASIACRYPT, pp. 239-254, 2001.
[9] N. Pramstaller, S. Mangard, S. Dominikus, and J. Wolkerstorfer, “Efficient AES Implementations on ASICs and FPGAs,” Proc.Fourth Int'l Conf. Advanced Encryption Standard (AES '04), pp.98-112, 2004.
[10] M. Feldhofer, J. Wolkerstorfer, and V. Rijmen, “AES Implementation on a Grain of Sand,” IEE Proc. Information Security, pp. 13-20, 2005.
[11] I. Verbauwhede, P. Schaumont, and H. Kuo, “Design and Performance Testing of a 2.29-GB/s Rijndael Processor,” IEEE J. Solid-State Circuits, vol. 38, no. 3, pp. 569-572, 2003.
[12] M. Alam et al., “An Area Optimized Reconfigurable Encryptor forAES-Rijndael,” Proc. Design Automation and Test in Europe (DATE '07), pp. 1116-1121, 2007.
[13] A. Hodjat and I. Verbauwhede, “Area-Throughput Trade-Offs for Fully Pipelined 30 to 70 Gbits/s AES Processors,” IEEE Trans. Computers, vol. 55, no. 4, pp. 366-372, Apr. 2006.
[14] E. Trichina and T. Korkishko, “Secure AES Hardware Module for Resource Constrained Devices,” Proc. First European Workshop Security in Ad Hoc and Sensor Networks (ESAS '04), pp. 215-230, 2004.
[15] D.D. Hwang, K. Tiri, A. Hodjat, B.-C. Lai, S. Yang, P. Schaumont, and I. Verbauwhede, “AES-Based Security Coprocessor IC in 0.18-$\mu{\rm m}$ CMOS with Resistance to Differential Power Analysis Side-Channel Attacks,” IEEE J. Solid-State Circuits, vol. 41, no. 4, pp. 781-792, 2006.
[16] D. Shang, F. Burns, A. Bystrov, A. Koelmans, D. Sokolov, and A. Yakovlev, “High-Security Asynchronous Circuit Implementation of AES,” IEE Proc. Computers and Digital Techniques, vol. 153, no. 2, pp. 71-77, 2006.
[17] R. Karri, K. Wu, P. Mishra, and Y. Kim, “Concurrent Error Detection Schemes for Fault-Based Side-Channel Cryptanalysis of Symmetric Block Ciphers,” IEEE Trans. Computer-Aided Design of Integrated Circuits and Systems, vol. 21, no. 12, pp. 1509-1517, 2002.
[18] R. Karri, G. Kuznetsov, and M. Gössel, “Parity-Based Concurrent Error Detection of Substitution-Permutation Network Block Ciphers,” Proc. Fifth Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '03), pp. 113-124, 2003.
[19] L. Breveglieri, I. Koren, and P. Maistri, “Incorporating Error Detection and Online Reconfiguration into a Regular Architecture for the Advanced Encryption Standard,” Proc. 20th IEEE Int'l Symp. Defect and Fault-Tolerance in VLSI Systems (DFT '05), pp. 72-80, 2005.
[20] M.M. Kermani and A. Reyhani-Masoleh, “Parity-Based Fault Detection Architecture of S-Box for Advanced Encryption Standard,” Proc. 21st IEEE Int'l Symp. Defect and Fault-Tolerance in VLSI Systems (DFT '06), pp. 572-580, 2006.
[21] P. Maistri, P. Vanhauwaert, and R. Leveugle, “A Novel Double-Data-Rate AES Architecture Resistant against Fault Injection,” Proc. Fourth Int'l Workshop Fault Diagnosis and Tolerance in Cryptography (FDTC '07), pp. 54-61, Sept. 2007.
[22] M.G. Karpovski, K.J. Kulikowski, and A. Taubin, “Differential Fault Analysis Attack Resistant Architectures for the Advanced Encryption Standard,” Proc. Int'l Conf. Smart Card Research and Advanced Applications (CARDIS '04), pp. 177-192, 2004.
[23] M.G. Karpovski, K.J. Kulikowski, and A. Taubin, “Robust Protection against Fault-Injection Attacks on Smart Cards Implementing the Advanced Encryption Standard,” Proc. Int'l Conf. Dependable Systems and Networks (DSN '04), pp. 93-101, 2004.
[24] C.-H. Yen and B.-F. Wu, “Simple Error Detection Methods for Hardware Implementations of Advanced Encryption Standard,” IEEE Trans. Computers, vol. 55, no. 6, pp. 720-731, June 2006.
[25] R. Leveugle, A. Ammari, V. Maingot, E. Teyssou, P. Moitrel, C. Mourtel, N. Feyt, J.-B. Rigaud, and A. Tria, “Experimental Evaluation of Protections against Laser-Induced Faults and Consequences on Fault Modelling,” Proc. Design, Automation and Test in Europe Conf. (DATE '07), pp. 1587-1592, Apr. 2007.
[26] K. Wu and R. Karri, “Idle Cycles Based Concurrent Error Detection of RC6 Encryption,” Proc. 16th IEEE Int'l Symp. Defect and Fault-Tolerance in VLSI Systems (DFT '01), pp. 200-205, 2001.
[27] L.J. Sigal and C.R. Kime, “Concurrent Off-Phase Built-In Self-Test of Dormant Logic,” Proc. Int'l Test Conf. (ITC '88), pp. 934-941, 1988.
[28] P. Maistri, P. Vanhauwaert, and R. Leveugle, “Evaluation of Register-Level Protection Techniques for the Advanced Encryption Standard by Multi-Level Fault Injections,” Proc. 22nd IEEE Int'l Symp. Defect and Fault-Tolerance in VLSI Systems (DFT '07), pp. 499-507, 2007.
[29] P. Vanhauwaert, R. Leveugle, and P. Roche, “A Flexible SoPC-Based Fault Injection Environment,” Proc. Ninth IEEE Workshop Design and Diagnostics of Electronic Circuits and Systems (DDECS '06), Apr. 2006.

Index Terms:
AES, DFA, Fault detection, Redundancy
Citation:
Paolo Maistri, Régis Leveugle, "Double-Data-Rate Computation as a Countermeasure against Fault Analysis," IEEE Transactions on Computers, vol. 57, no. 11, pp. 1528-1539, Nov. 2008, doi:10.1109/TC.2008.149
Usage of this product signifies your acceptance of the Terms of Use.