fault detection scheme for aes using composite field
DESCRIPTION
The cipher Rijndael is one of the five finalists of the Advanced Encryption Standard (AES) The algorithm has been designed by Joan Daemen and Vincent Rijmen It is a Block cipher. The hardware implementation with 128-bit blocks and 128-bit keys is presented. VLSI optimizations of the Rijndael algorithm are discussed and several hardware design modifications and techniques are used, such as memory sharing and parallelism.TRANSCRIPT
Fault Detection Scheme for AES Using Composite Field
BY
AJAL.A.J EPGPM – IIM K
•SYSTEM ARCHITECTURE•SYSTEM ARCHITECTURE
•SIMULATION RESULTS•SIMULATION RESULTS
•RIJNDAEL ALGORITHM•RIJNDAEL ALGORITHM
FUTURE DEVELOPMENTFUTURE DEVELOPMENT
PRESENTATION OVERVIEW
INTRODUCTION
• The cipher Rijndael is one of the five finalists of the Advanced Encryption Standard (AES)
• The algorithm has been designed by Joan Daemen and Vincent Rijmen
• It is a Block cipher. • The hardware implementation with 128-bit blocks
and 128-bit keys is presented. • VLSI optimizations of the Rijndael algorithm are
discussed and several hardware design modifications and techniques are used, such as memory sharing and parallelism.
Critical communications private
(confidentiality)
Know who we are dealing with (identity)
Guarantee messages unaltered (integrity)
Assert rights over content use (authorization)
All critical systems up-and-running
(availability)
Critical N/W Security Elements
The Rijndael Chip
6
1. Rijndael2. Serpent3. Two fish4. RC 65. MARS
AES 128bit implementation
Selected by AES (Advanced Encryption Standard, part of NIST) as the new private-key encryption standard.
Add Round KeySub BytesShift RowsMix ColumnsAdd Round Key
Sub BytesShift RowsMix ColumnsAdd Round KeySub BytesShift RowsAdd Round Key
Add Round KeyInv Sub BytesInv Shift RowsInv Mix ColumnsAdd Round Key
Inv Sub BytesInv Shift RowsInv Mix ColumnsAdd Round KeyInv Sub BytesInv Shift RowsAdd Round Key
1
9
101
2
10
9
Encryption Decryption
Partition of the rounds not suited for intraround pipelining
Rijndael Algorithm – Round
Rijndael Architecture - Overview
ParallelRound 1
Round KeyRegister
ParallelRound 2
KeyGenerator
Add
Key
Dat
a R
egK
ey R
eg
Con
trol
ler
128
12832
32
32128
128 128
128 128
Dat
a R
eg
Largest potential for optimizations in rounds
It all starts with a key• What is a key? • Encryption algorithm is like a recipe for
spaghetti. Key is like the choice of sauce that changes the end result.
Encrypt – Garble so it’s unreadable
Decrypt – Ungarble so it can be read again
Plain text
I am going to the market
encrypt algorithm – add x letters
key - 2 hard to read, UNLESS you
know the key
Cipher text
K co iqkpi vq vjg octmgv
Encrypting Text
Plain text
I am going to the market
CipherText
K co iqkpi vq vjg octmgv
decryption algorithm – subtract x
letters
key - 2
Decrypting Text
That’s encryption!
BLOCK DIAGRAM - DECRYPTION CORES
EncryptionPath
DecryptionPath
SubBytes
Inv SubBytes
Inv
Aff
Tra
ns
Mul
t Inv
erse
Aff
Tra
ns
Rijndael S-box consists of two operations
Parallel impletation of S-Boxes
Multiplicative inverse can be shared
Mul
t Inv
erse
Encryption Simulation Result
Decryption Simulation Result
Synthesis Report And Result Of AES Fault Detection Schemes
Comparison of s- box
Design Area Delay Power
LUT-Based 262144 31.824ns 35mw
Composite Field Based
28514 8.129ns 34mw
Output Waveform for composite field s-box without error
Output wave form of encryption algorithm for composite field s-box
without error
Output wave form decryption algorithm for composite field s-box
without error
Output wave form decryption algorithm for composite field s-box
with error
Map report--------------
• Number of errors: 0
• Number of warnings: 0
HDL SYNTHESIS REPORT
Macro Statistics# ROMs : 5616x128-bit ROM : 56# Multiplexers : 668-bit 10-to-1 MUX : 108-bit 16-to-1 MUX : 56# XORs : 171128-bit xor2 : 118-bit xor2 : 1508-bit xor3 : 10
Implementation Encryption Speed
Software implementation (ANSI C)
27Mb/s
Visual C++ 70.5Mb/s
Hardware Implementation (Altra)
268Mb/s
Proposed VHDL (Virtex II)
2.18Gb/s
Performance Comparison
FUTURE DEVELOPMENT
• For future development, estimation on the real time required for key initialization and time for a whole encryption should be done on the real chip.
• Research is still going on the encryptor core for higher bit lengths.
• FPGA based solutions have shown significant speedups compared with software based approaches
• The widespread adoption of distributed, wireless, and mobile computing makes the inclusion of privacy, authentication and security
• Power consumption will remain a critical factor ,especially when cryptographic applications will move into embedded context
CONCLUSION• In this paper, a VLSI implementation for the Rijndael
encryption algorithm is presented • The combination of security, and high speed implementation,
makes it a very good choice for wireless systems.• The whole design was captured entirely in VHDL language
using a bottom-up design and verification methodology • The proposed VLSI implementation of the algorithm reduces the
covered area and achieves a data throughput up to 2.18Gbit/sec.• An optimized coding for the implementation of Rijndael
algorithm for 128 bits has been developed • Architectural innovations like on the fly round key generation,
which facilitates simultaneous execution of sub bytes, shift rows and mix columns and round key generation has been incorporated in our coding.
FUTURE WORK
• We have presented a high performance parity based low complexity fault detection scheme for the AES using the S-box and the inverse S-box in composite fields.
• In our implementations, we used parity method in case of s box and ensured that error detection at s box takes two times which improves the fault coverage to a great extent. According to our simulation results, with acceptable error coverage, the structure-independent schemes proposed in this paper have the highest efficiencies, showing reasonable area and time complexity overheads. Based on the AES structure chosen, the performance goals to achieve, and the resources available, one can use combinations of the presented schemes in order to have much more reliable AES encryption and decryption structure.
FUTURE WORK
[1] National Institute of Standards and Technologies, Announcing the Advanced Encryption Standard (AES) FIPS 197, Nov. 2001.[2] R. Karri, K. Wu, P. Mishra, and K. Yongkook, “Fault-based side-channel cryptanalysis tolerant Rijndael symmetric block cipher architecture,” in Proc. DFT, Oct. 2001, pp. 418–426.[3] R. Karri, K. Wu, P. Mishra, and Y. Kim, “Concurrent error detection schemes for fault-based side-channel cryptanalysis of symmetric block ciphers,” IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst., vol. 21, no. 12, pp. 1509–1517, Dec. 2002.[4] A. Satoh, T. Sugawara, N. Homma, and T. Aoki, “High-performance concurrent error detection scheme for AES hardware,” in Proc. CHES, Aug. 2008, pp. 100–112.
[5] L. Breveglieri, I. Koren, and P. Maistri, “Incorporating error detection and online reconfiguration into a regular architecture for the advanced encryption standard,” in Proc. DFT, Oct. 2005, pp. 72–80.[6] M. Karpovsky, K. J. Kulikowski, and A. Taubin, “Differential fault analysis attack resistant architectures for the advanced encryption standard,” in Proc. CARDIS, Aug. 2004, vol. 153, pp. 177–192.[7] P. Maistri and R. Leveugle, “Double-data-rate computation as a countermeasure against fault analysis,” IEEE Trans. Computers, vol. 57, no. 11, pp. 1528–1539, Nov. 2008.[8] C. H. Yen and B. F.Wu, “Simple error detection methods for hardwareimplementation of advanced encryption standard,” IEEE Trans. Computers, vol. 55, no. 6, pp. 720–731, Jun. 2006.[9] G. Bertoni, L. Breveglieri, I. Koren, P. Maistri, and V. Piuri, “A parity code based fault detection for an implementation of the advanced encryption standard,” in Proc. DFT, Nov. 2002, pp. 51–59.[10] G. Bertoni, L. Breveglieri, I. Koren, P. Maistri, and V. Piuri, “Error analysis and detection procedures for a hardware implementation of the advanced encryption standard,” IEEE Trans. Computers, vol. 52, no. 4, pp. 492–505, Apr. 2003.[11] C. Moratelli, F. Ghellar, E. Cota, and M. Lubaszewski, “A fault-tolerant DFA-resistant AES core,” in Proc. ISCAS, 2008, pp. 244–247.[12] M. Mozaffari-Kermani and A. Reyhani-Masoleh, “Parity-based fault detection architecture of S-box for advanced encryption standard,” in Proc. DFT, Verbauwhede, “A systematic evaluation of compact hardware implementations for the Rijndael S-box,” in Proc. CT-RSA, Feb. 2005, pp. 323–333. Oct. 2006, pp. 572 580.
[13] S.-Y. Wu and H.-T. Yen, “On the S-box architectures with concurrent error detection for the advanced encryption standard,” IEICE Trans. Fundam. Electron., Commun. Comput. Sci., vol. E89-A, no. 10, pp. 2583–2588, Oct. 2006.
[14] A. E. Cohen, “Architectures for Cryptography Accelerators,” Ph.D. dissertation, Univ. Minnesota, Twin Cities, Sep. 2007.
[15] M. Mozaffari-Kermani and A. Reyhani-Masoleh, “A lightweight concurrent fault detection scheme for the AES S-boxes using normal basis,” in Proc. CHES, Aug. 2008, pp. 113–129.
[16] D. Canright, “A very compact S-box for AES,” in Proc. CHES, Aug. 2005, pp. 441–455.
[17] A. Satoh, S. Morioka, K. Takano, and S. Munetoh, “A compact Rijndael hardware architecture with S-box optimization,” in Proc. ASIACRYPT, Dec. 2001, pp. 239–254.
[18] J.Wolkerstorfer, E. Oswald, and M. Lamberger, “An ASIC implementation of the AES SBoxes,” in Proc. CT-RSA, 2002, pp. 67–78.
[19] V. Rijmen, Dept. ESAT, Katholieke Universiteit Leuven, Leuven, Belgium, Efficient Implementation of the Rijndael S-Box, 2000.
[20] X. Zhang and K. K. Parhi, “High-speed VLSI architectures for the AES algorithm,” IEEE Trans. Very Large Scale Integr. (VLSI) Syst., vol. VLSI-12, no. 9, pp. 957–967, Sep. 2004.
[21] X. Zhang and K. K. Parhi, “On the optimum constructions of composite field for the AES algorithm,” IEEE Trans. Circuits Syst. II, Exp. Briefs, vol. 53, no. 10, pp. 1153–1157, Oct. 2006.
[22] N. Mentens, L. Batina, B. Preneel, and I. Verbauwhede, “A systematic evaluation of compact hardware implementations for the Rijndael S-box,” in Proc. CT-RSA, Feb. 2005, pp. 323–333.
QUERRIES ? ? ?
AJAL.A.J
MOB: 0-8907305642