Subscribe
Issue No.09 - September (2011 vol.60)
pp: 1327-1340
Mehran Mozaffari-Kermani , The University of Western Ontario, London
Arash Reyhani-Masoleh , University of Western Ontario, London
ABSTRACT
The high level of security and the fast hardware and software implementations of the Advanced Encryption Standard have made it the first choice for many critical applications. Nevertheless, the transient and permanent internal faults or malicious faults aiming at revealing the secret key may reduce its reliability. In this paper, we present a concurrent fault detection scheme for the S-box and the inverse S-box as the only two nonlinear operations within the Advanced Encryption Standard. The proposed parity-based fault detection approach is based on the low-cost composite field implementations of the S-box and the inverse S-box. We divide the structures of these operations into three blocks and find the predicted parities of these blocks. Our simulations show that except for the redundant units approach which has the hardware and time overheads of close to 100 percent, the fault detection capabilities of the proposed scheme for the burst and random multiple faults are higher than the previously reported ones. Finally, through ASIC implementations, it is shown that for the maximum target frequency, the proposed fault detection S-box and inverse S-box in this paper have the least areas, critical path delays, and power consumptions compared to their counterparts with similar fault detection capabilities.
INDEX TERMS
Advanced encryption standard, composite fields, fault detection, S-box, inverse S-box.
CITATION
Mehran Mozaffari-Kermani, Arash Reyhani-Masoleh, "A Low-Power High-Performance Concurrent Fault Detection Approach for the Composite Field S-Box and Inverse S-Box", IEEE Transactions on Computers, vol.60, no. 9, pp. 1327-1340, September 2011, doi:10.1109/TC.2011.85
REFERENCES
 [1] Nat'l Inst. of Standards and Technologies, “Announcing the Advanced Encryption Standard (AES),” Federal Information Processing Standards Publication, no. 197, Nov. 2001. [2] J. Blömer and J.P. Seifert, “Fault Based Cryptanalysis of the Advanced Encryption Standard (AES),” Proc. Financial Cryptography, pp. 162-181, Jan. 2003. [3] G. Piret and J.J. Quisquater, “A Differential Fault Attack Technique against SPN Structures, with Application to the AES and Khazad,” Proc. Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '03), pp. 77-88, Sept. 2003. [4] P. Dusart, G. Letourneux, and O. Vivolo, “Differential Fault Analysis on AES,” Proc. Int'l Conf. Applied Cryptography and Network Security (ACNS '03), pp. 293-306, Oct. 2003. [5] C. Giraud, “DFA on AES,” Proc. Advanced Encryption Standard, pp. 27-41, May 2004. [6] J. Blömer and V. Krummel, “Fault Based Collision Attacks on AES,” Proc. Int'l Workshop Fault Diagnosis and Tolerance in Cryptography (FDTC '06), pp. 106-120, Oct. 2006. [7] J. Takahashi, T. Fukunaga, and K. Yamakoshi, “DFA Mechanism on the AES Key Schedule,” Proc. Int'l Workshop Fault Diagnosis and Tolerance in Cryptography (FDTC '07), pp. 62-72, Sept. 2007. [8] R. Karri, K. Wu, P. Mishra, and K. Yongkook, “Fault-Based Side-Channel Cryptanalysis Tolerant Rijndael Symmetric Block Cipher Architecture,” Proc. IEEE Int'l Symp. Defect and Fault Tolerance in VLSI Systems (DFT '01), pp. 418-426, Oct. 2001. [9] G. Bertoni, L. Breveglieri, I. Koren, P. Maistri, and V. Piuri, “A Parity Code Based Fault Detection for an Implementation of the Advanced Encryption Standard,” Proc. IEEE Int'l Symp. Defect and Fault Tolerance in VLSI Systems (DFT '02), pp. 51-59, Nov. 2002. [10] G. Bertoni, L. Breveglieri, I. Koren, P. Maistri, and V. Piuri, “Error Analysis and Detection Procedures for a Hardware Implementation of the Advanced Encryption Standard,” IEEE Trans. Computers, vol. 52, no. 4, pp. 492-505, Apr. 2003. [11] R. Karri, G. Kuznetsov, and M. Goessel, “Parity-Based Concurrent Error Detection of Substitution-Permutation Network Block Ciphers,” Proc. Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '03), pp. 113-124, Sept. 2003. [12] M. Karpovsky, K.J. Kulikowski, and A. Taubin, “Differential Fault Analysis Attack Resistant Architectures for the Advanced Encryption Standard,” Proc. Conf. Smart Card Research and Advanced Applications (CARDIS '04), vol. 153, pp. 177-192, Aug. 2004. [13] K. Wu, R. Karri, G. Kuznetsov, and M. Goessel, “Low Cost Concurrent Error Detection for the Advanced Encryption Standard,” Proc. Int'l Test Conf., pp. 1242-1248, Oct. 2004. [14] G. Bertoni, L. Breveglieri, I. Koren, and P. Maistri, “An Efficient Hardware-Based Fault Diagnosis Scheme for AES: Performances and Cost,” Proc. IEEE Int'l Symp. Defect and Fault Tolerance in VLSI Systems (DFT '04), pp. 130-138, Oct. 2004. [15] L. Breveglieri, I. Koren, and P. Maistri, “Incorporating Error Detection and Online Reconfiguration into a Regular Architecture for the AES,” Proc. IEEE Int'l Symp. Defect and Fault Tolerance in VLSI Systems (DFT '05), pp. 72-80, Oct. 2005. [16] C.H. Yen and B.F. Wu, “Simple Error Detection Methods for Hardware Implementation of Advanced Encryption Standard,” IEEE Trans. Computers, vol. 55, no. 6, pp. 720-731, June 2006. [17] T.G. Malkin, F.X. Standaert, and M. Yung, “A Comparative Cost/Security Analysis of Fault Attack Countermeasures,” Proc. Int'l Workshop Fault Diagnosis and Tolerance in Cryptography (FDTC '06), pp. 159-172, Oct. 2006. [18] M. Mozaffari-Kermani and A. Reyhani-Masoleh, “Fault Detection Structures of the S-boxes and the Inverse S-boxes for the Advanced Encryption Standard,” J. Electronic Testing, vol. 25, no. 4, pp. 225-245, Aug. 2009. [19] A. Satoh, T. Sugawara, N. Homma, and T. Aoki, “High-Performance Concurrent Error Detection Scheme for AES Hardware,” Proc. Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '08), pp. 100-112, Aug. 2008. [20] M. Mozaffari-Kermani and A. Reyhani-Masoleh, “A Lightweight Concurrent Fault Detection Scheme for the AES S-boxes Using Normal Basis,” Proc. Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '08), pp. 113-129, Aug. 2008. [21] M. Mozaffari-Kermani and A. Reyhani-Masoleh, “A Lightweight High-Performance Fault Detection Scheme for the Advanced Encryption Standard Using Composite Fields,” IEEE Trans. Very Large Scale Integration Systems, vol. 19, no. 1, pp. 85-91, Jan. 2011. [22] G. Di Natale, M. Doulcier, M.L. Flottes, and B. Rouzeyre, “A Reliable Architecture for Parallel Implementations of the Advanced Encryption Standard,” J. Electronic Testing, vol. 25, no. 4, pp. 269-278, Aug. 2009. [23] M. Mozaffari-Kermani and A. Reyhani-Masoleh, “Concurrent Structure-Independent Fault Detection Schemes for the Advanced Encryption Standard,” IEEE Trans. Computers, vol. 59, no. 5, pp. 608-622, May 2010. [24] P. Maistri and R. Leveugle, “Double-Data-Rate Computation as a Countermeasure against Fault Analysis,” IEEE Trans. Computers, vol. 57, no. 11, pp. 1528-1539, Nov. 2008. [25] C. Moratelli, F. Ghellar, E. Cota, and M. Lubaszewski, “A Fault-Tolerant DFA-Resistant AES Core,” Proc. IEEE Int'l Symp. Circuits and Systems (ISCAS '08), pp. 244-247, May 2008. [26] S. Morioka and A. Satoh, “An Optimized S-Box Circuit Architecture for Low Power AES Design,” Proc. Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '02), pp. 172-186, Aug. 2002. [27] A. Hodjat and I. Verbauwhede, “Area-Throughput Trade-Offs for Fully Pipelined 30 to 70 Gbits/s AES Processors,” IEEE Trans. Computers, vol. 55, no. 4, pp. 366-372, Apr. 2006. [28] V. Rijmen, “Efficient Implementation of the Rijndael S-box,” Katholieke Universiteit Leuven, Dept. of ESAT, Belgium, http://www.esat.kuleuven.ac.be/rijmen/rijndael sbox.pdf, 2000. [29] A. Rudra, P.K. Dubey, C.S. Jutla, V. Kumar, J.R. Rao, and P. Rohatgi, “Efficient Rijndael Encryption Implementation with Composite Field Arithmetic,” Proc. Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '01), pp. 171-184, May 2001. [30] A. Satoh, S. Morioka, K. Takano, and S. Munetoh, “A Compact Rijndael Hardware Architecture with S-Box Optimization,” Proc. Seventh Int'l Conf. Theory and Application of Cryptology and Information Security: Advances in Cryptology (ASIACRYPT '01), pp. 239-254, Dec. 2001. [31] J. Wolkerstorfer, E. Oswald, and M. Lamberger, “An ASIC Implementation of the AES SBoxes,” Proc. Cryptographers' Track RSA Conf. Topics in Cryptology (CT-RSA '02), pp. 67-78, Jan. 2002. [32] X. Zhang and K.K. Parhi, “High-Speed VLSI Architectures for the AES Algorithm,” IEEE Trans. Very Large Scale Integration Systems, vol. 12, no. 9, pp. 957-967, Sept. 2004. [33] D. Canright, “A Very Compact S-Box for AES,” Proc. Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '05), pp. 441-455, Aug. 2005. [34] X. Zhang and K.K. Parhi, “On the Optimum Constructions of Composite Field for the AES Algorithm,” IEEE Trans. Circuits and Systems II: Express Briefs, vol. 53, no. 10, pp. 1153-1157, Oct. 2006. [35] S. Nikova, V. Rijmen, and M. Schlaffer, “Using Normal Bases for Compact Hardware Implementations of the AES S-Box,” Proc. Security in Comm. Networks, pp. 236-245, 2008. [36] G. Bertoni, M. Macchetti, and L. Negri, “Power-Efficient ASIC Synthesis of Cryptographic Sboxes,” Proc. ACM 14th Great Lakes Symp. VLSI (GLSVLSI '04), pp. 277-281, Apr. 2004. [37] L. Breveglieri, I. Koren, and P. Maistri, “An Operation-Centered Approach to Fault Detection in Symmetric Cryptography Ciphers,” IEEE Trans. Computers, vol. 56, no. 5, pp. 534-540, May 2007. [38] M. Nicolaidis, R.O. Duarte, S. Manich, and J. Figueras, “Fault-Secure Parity Prediction Arithmetic Operators,” IEEE Design and Test of Computers, vol. 14, no. 2, pp. 60-71, Apr.-June 1997. [39] N.A. Touba and E.J. McCluskey, “Logic Synthesis of Multilevel Circuits with Concurrent Error Detection,” IEEE Trans. Computer-Aided Design of Integrated Circuits and Systems, vol. 16, no. 7, pp. 783-789, July 1997. [40] S. Fenn, M. Goessel, M. Benaissa, and D. Taylor, “On-Line Error Detection for Bit-Serial Multipliers in GF($2^m$ ),” J. Electronic Testing, vol. 13, pp. 29-40, 1998. [41] C. Metra, M. Favalli, and B. Ricco, “Novel Implementation for Highly Testable Parity Code Checkers,” Proc. Int'l Workshop On-Line Testing, pp. 167-171, 1998. [42] A. Reyhani-Masoleh and M.A. Hasan, “Fault Detection Architectures for Field Multiplication Using Polynomial Bases,” IEEE Trans. Computers, vol. 55, no. 9, pp. 1089-1103, Sept. 2006. [43] G.C. Cardarilli, M. Ottavi, S. Pontarelli, M. Re, and A. Salsano, “Fault Localization, Error Correction, and Graceful Degradation in Radix 2 Signed Digit-Based Adders,” IEEE Trans. Computers, vol. 55, no. 5, pp. 534-540, May 2006. [44] M. George and P. Alfke, “Linear Feedback Shift Registers in Virtex Devices,” Xilinx Application Note 210, http://www.xilinx.com/support/documentation/ application_notesxapp210.pdf, 2010. [45] ModelSim, http:/www.model.com/, 2010. [46] STMicroelectronics, http:/www.st.com/, 2010. [47] Synopsys, http:/www.synopsys.com/, 2010.