| | This Article | |
| |
| |
| | Share | |
| |
| |
| | Bibliographic References | |
| |
| |
| | Add to: | |
| |
 Digg
 Furl
 Spurl
 Blink
 Simpy
 Google
 Del.icio.us
 Y!MyWeb
| |
| | Search | |
| |
| |
| | |
Sequential Circuit Design for Embedded Cryptographic Applications Resilient to Adversarial Faults
January 2008 (vol. 57 no. 1)
pp. 126-138
In the relatively young field of fault tolerant cryptography the main research effort has focused exclusively on the protection of the data-path of cryptographic circuits. To date, however, we have not found any work that aims at protecting the control logic of these circuits against fault attacks, which thus remained as Achilles' proverbial heel. Motivated by an example of a hypothetical attack on an otherwise protected modular exponentiation engine we set out to close this remaining gap. In this paper we present guidelines for the design of t-fault resilient sequential control logic based on Error Detecting Codes (EDC). Our method allows to trade area overhead against fault resilience, and has the added benefit that the detection circuit does not add to the critical path.
[1] 126 D. Boneh, R. DeMillo, and R. Lipton, “On the Importance of Checking Cryptographic Protocols for Faults,” Advances in Cryptology—Proc. EuroCrypt '97, W. Fumy, ed., pp. 37-51, 1997.[2] M. Joye, A. Lenstra, and J. Quisquater, “Chinese Remaindering Based Cryptosystem in the Presence of Faults,” J. Cryptology, vol. 4, no. 12, pp. 241-245, 1999.[3] E. Biham and A. Shamir, “Differential Fault Analysis of Secret Key Cryptosystems,” Advances in Cryptology—Proc. 17th Ann. Int'l Cryptology Conf. (CRYPTO '97), B. Kaliski Jr., ed., pp. 513-525, 1997.[4] G. Piret and J. Quisquater, “A Differential Fault Attack Technique against SPN Structures, with Application to the AES and Khazad,” Proc. Fifth Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '03), C. Walter, Ç.K. Koç, and C. Paar, eds., pp. 77-88, 2003.[5] H. Choukri and M. Tunstall, “Round Reduction Using Faults,” Proc. Second Int'l Workshop Fault Diagnosis and Tolerance in Cryptography (FDTC '05), Sept. 2005.[6] M. Joye and S.-M. Yen, “The Montgomery Powering Ladder,” Proc. Fourth Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '02), B. Kaliski Jr., Ç.K. Koç, and C. Paar, eds., pp.291-302, 2002.[7] A. Reyhani-Masoleh and M. Hasan, “Towards Fault-Tolerant Cryptographic Computations over Finite Fields,” ACM Trans. Embedded Computing Systems, vol. 3, pp. 593-613, Aug. 2004.[8] G. Gaubatz and B. Sunar, “Robust Finite Field Arithmetic for Fault-Tolerant Public-Key Cryptography,” Proc. Second Workshop Fault Diagnosis and Tolerance in Cryptography (FDTC '05), L.Breveglieri and I. Koren, eds., Sept. 2005.[9] G. Bertoni, L. Breveglieri, I. Koren, P. Maistri, and V. Piuri, “On the Propagation of Faults and Their Detection in a Hardware Implementation of the Advanced Encryption Standard,” Proc. IEEE Int'l Conf. Application-Specific Systems, Architectures, and Processors (ASAP '02), M. Schulte, S. Bhattacharyya, N. Burgess, and R. Schreiber, eds., pp. 303-314, July 2002.[10] C. Aumüller, P. Bier, W. Fischer, P. Hofreiter, and J.-P. Seifert, “Fault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures,” Proc. Fourth Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '02), B. Kaliski Jr., Ç. Koç, and C.Paar, eds., pp. 260-275, 2002.[11] D. Rennels, “Architectures for Fault-Tolerant Spacecraft Computers,” Proc. IEEE, vol. 66, pp. 1255-1268, Oct. 1978.[12] M. Chen and E.A. Trachtenberg, “Permutation Codes for the State Assignment of Fault Tolerant Sequential Machines,” Proc. 10th Digital Avionics Systems Conf. (DASC '91), pp. 85-89, Oct. 1991.[13] M. Berg, “Fault Tolerant Design Techniques for Asynchronous Single Event Upsets within Synchronous Finite State Machine Architectures,” Proc. Seventh Int'l Military and Aerospace Programmable Logic Devices Conf. (MAPLD '04), Sept. 2004.[14] Fault Tolerant Computing—Theory and Techniques, D. Pradhan, ed., first ed., vol. 1. Prentice Hall, 1986.[15] S. Skorobogatov and R. Anderson, “Optical Fault Induction Attacks,” Proc. Fourth Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '02), B. Kaliski Jr., Ç.K. Koç, and C. Paar, eds., pp. 2-12, Aug. 2002.[16] R. Anderson and M. Kuhn, “Tamper Resistance—A Cautionary Note,” Proc. Second Usenix Workshop Electronic Commerce, pp. 1-11, Nov. 1996.[17] G. Gaubatz, “Versatile Montgomery Multiplier Architectures,” master's thesis, Worcester Polytechnic Inst., Worcester, Mass., May 2002.[18] S. Mitra and E. McCluskey, “Which Concurrent Error Detection Scheme to Choose,” Proc. Int'l Test Conf. (ITC '00), pp. 985-994, 2000.[19] A. Hopkins Jr. and T. Smith III, “The Architectural Elements of a Symmetric Fault-Tolerant Multiprocessor,” IEEE Trans. Computers, vol. 24, no. 5, pp. 498-505, May 1975.[20] H. Helgert and R. Stinaff, “Minimum-Distance Bounds for Binary Linear Codes,” IEEE Trans. Information Theory, vol. 19, pp. 344-356, May 1973.[21] N. Das and N. Touba, “Weight-Based Codes and Their Application to Concurrent Error Detection of Multilevel Circuits,” Proc. 17th VLSI Test Symp. (VTS '99), 1999.
Index Terms:
Hardware, Control Structure Reliability, Testing, and Fault-Tolerance
Citation:
Berk Sunar, Gunnar Gaubatz, Erkay Savas, "Sequential Circuit Design for Embedded Cryptographic Applications Resilient to Adversarial Faults," IEEE Transactions on Computers, vol. 57, no. 1, pp. 126-138, Jan. 2008, doi:10.1109/TC.2007.70784
