Fault-based side-channel cryptanalysis tolerant Rijndael symmetric block cipher architecture

Karri, Ramesh; Wu, Kaijie; Mishra, Pooja; Kim, Yongkook

doi:10.1109/dftvs.2001.966796

Cited by 72 publications

(42 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For example, if a device that encrypts a symmetric block cipher also includes an implementation (in hardware or software) of the decryption algorithm, then the calculated ciphertext can be decrypted and if the result of this decryption matches the original plaintext, the ciphertext is considered fault-free and safe to output. In [62], the authors described the application of the above technique at different levels of granularity, i.e., checking against the inverse operation at the operation, round or full cipher level. The proposed scheme allows a precise and early identification of the step during which the fault occurred.…”

Section: B Protection Options For Aes and Desmentioning

confidence: 99%

Fault Injection Attacks on Cryptographic Devices: Theory, Practice, and Countermeasures

et al. 2012

View full text Add to dashboard Cite

Abstract-Implementations of cryptographic algorithms continue to proliferate in consumer products due to the increasing demand for secure transmission of confidential information. Although the current standard cryptographic algorithms proved to withstand exhaustive attacks, their hardware and software implementations have exhibited vulnerabilities to side channel attacks, e.g., power analysis and fault injection attacks. This paper focuses on fault injection attacks that have been shown to require inexpensive equipment and a short amount of time. The paper provides a comprehensive description of these attacks on cryptographic devices and the countermeasures that have been developed against them.After a brief review of the widely used cryptographic algorithms, we classify the currently known fault injection attacks into low cost ones (which a single attacker with a modest budget can mount) and high cost ones (requiring highly skilled attackers with a large budget). We then list the attacks that have been developed for the important and commonly used ciphers and indicate which ones have been successfully used in practice. The known countermeasures against the previously described fault injection attacks are then presented, including intrusion detection and fault detection. We conclude the survey with a discussion on the interaction between fault injection attacks (and the corresponding countermeasures) and power analysis attacks.

show abstract

Section: B Protection Options For Aes and Desmentioning

confidence: 99%

Fault Injection Attacks on Cryptographic Devices: Theory, Practice, and Countermeasures

et al. 2012

View full text Add to dashboard Cite

show abstract

“…2, blocks 2, 3, and 4 of the S-box and the inverse S-box are the same. Therefore, considering [15], the predicted parities of these blocks can be obtained for the inverse S-box.…”

Section: B the S-box And The Inverse S-box Using Normal Basismentioning

confidence: 99%

“…In the schemes proposed in [15] and [22], all the search space of composite fields is considered for presenting optimum lightweight fault detection schemes. The scheme presented in [8] is for all the transformations in the AES encryption/decryption independent of the ways these transformations are implemented.…”

Section: Introductionmentioning

confidence: 99%

Fault Detection Technique for Compact AES Design

Basheer¹,

R²

2013

IOSR-JAC

View full text Add to dashboard Cite

Abstract:Cryptography is a method that has been developed to ensure the secrecy of messages and transfer data securely. Advanced Encryption Standard (AES) has been made as the first choice for many critical applications because of the high level of security and the fast hardware and software implementations, many of which are power and resource constrained and requires reliable and efficient hardware implementations. Naturally occurring and maliciously injected faults reduce the reliability of Advanced Encryption Standard (AES) and may leak confidential information. In this paper, a lightweight concurrent fault detection scheme for the AES is presented. In the proposed approach, the composite field S-box and inverse S-box are divided into blocks and the predicted parities of these blocks are obtained. For high speed applications, S-box implementation based on lookup tables is avoided. Instead, logic gate implementations based on composite fields are utilized. A compact architecture for the AES Mix-columns operation and its inverse is also presented. This parity-based fault detection scheme reaches the maximum fault coverage when compared to other methods of fault detection. The proposed fault detection technique for AES encryption and decryption has the least area and power consumption compared to their counterparts with similar fault detection capabilities.

show abstract

“…Concurrent error detection (CED) techniques have been proposed [9][10] not only to protect the encryption and decryption process from random faults, but also from the intentionally injected faults by attackers. In [11], redundancy-based concurrent error detection techniques have been proposed in two approaches: hardware and time redundancy.…”

Section: Concurrent Error Detection Scheme Design For Camelliamentioning

confidence: 99%

Compact Hardware Implementation of the Block Cipher Camellia with Concurrent Error Detection

Heys

2007

2007 Canadian Conference on Electrical and Computer Engineering

View full text Add to dashboard Cite

Abstract-A compact hardware implementation of a block cipher is attractive for any low-cost embedded application like smart cards. In this paper, a compact hardware architecture for Camellia is investigated. In this architecture, encryption and key scheduling share the same datapath and a four s-box iterative structure is employed. In the hardware design of cryptographic algorithms, concurrent error detection (CED) techniques have been proposed not only to protect the encryption and decryption process from random faults but also from the intentionally injected faults by some attackers. In our design, we also investigate a multiple parity code based error detection scheme. In our CED scheme, all the components are protected and all single-bit faults and most multiple faults will be detected. We study the implementation of the compact architecture for an ASIC and an FPGA. The design requires 14.12K gates with a throughput of 143 Mbps based on 0.18-um CMOS standard cell library and 1052 slices with a throughput of 135 Mbps based on Xilinx Virtex-E v1000efg860 chip. For our concurrent error detection, the hardware overhead is about 83%.

show abstract

Fault-based side-channel cryptanalysis tolerant Rijndael symmetric block cipher architecture

Cited by 72 publications

References 7 publications

Fault Injection Attacks on Cryptographic Devices: Theory, Practice, and Countermeasures

Fault Injection Attacks on Cryptographic Devices: Theory, Practice, and Countermeasures

Fault Detection Technique for Compact AES Design

Compact Hardware Implementation of the Block Cipher Camellia with Concurrent Error Detection

Contact Info

Product

Resources

About