Low-Cost Concurrent Error Detection for GCM and CCM
Tóm tắt
In many applications, encryption alone does not provide enough security. To enhance security, dedicated authenticated encryption (AE) mode are invented. Galios Counter Mode (GCM) and Counter with CBC-MAC mode (CCM) are the AE modes recommended by the National Institute of Standards and Technology. To support high data rates, AE modes are usually implemented in hardware. However, natural faults reduce its reliability and may undermine both its encryption and authentication capability. We present a low-cost concurrent error detection (CED) scheme for 7 AE architectures. The proposed technique explores idle cycles of the AE mode architectures. Experimental results shows that the performance overhead can be lower than 100 % for all architectures depending on the workload. FPGA implementation results show that the hardware overhead in the 0.1–23.3 % range and the power overhead is in the 0.2–23.2 % range. ASIC implementation results show that the hardware overhead in the 0.1–22.8 % range and the power overhead is in the 0.3–12.6 % range. The underlying block cipher and hash module need not have CED built in. Thus, it allows system designers to integrate block cipher and hash function intellectual property from different vendors.
Tài liệu tham khảo
Agarwal M, Paul BC, Zhang M, Mitra S (2007) Circuit failure prediction and its application to transistor aging. Proc. IEEE 25th VLSI Test Symposium, pp 277–286
Albrecht M, Paterson K, Watson G (2009) Plaintext Recovery Attacks against SSH. Proc. 30th IEEE Symposium on Security and Privacy, pp 16–26
Bar-El H. (2009) Intra-Vehicle Information Security Framework. In: Proceedings of the ESCAR Conference
Bardou R, Focardi R, Kawamoto Y, Simionato L, Steel G, Tsay JK (2012) Efficient Padding Oracle Attacks on Cryptographic Hardware. Advances in Cryptology - CRYPTO, pp 608– 625
Barenghi A, Breveglieri L, Koren I, Naccache D (2012) Fault injection attacks on cryptographic devices: Theory, practice, and countermeasures. Proc IEEE 100(11):3056–3076
Bayat-Sarmadi S, Hasan MA (2007) On Concurrent Detection of Errors in Polynomial Basis Multiplication. IEEE Trans VLSI 15(4):413–426
Bellare M, Canetti R, Krawczyk H. (1996) Keying Hash Functions for Message Authentication. Advances in Cryptology - CRYPTO, pp 1–15
Bertoni G, Breveglieri L, Koren I, Maistri P, Piuri V (2003) Error Analysis and Detection Procedures for a Hardware Implementation of the Advanced Encryption Standard. IEEE Trans Comput 52(4):492–505
Bertoni G, Daemen J, Peeters M, Assche GV Duplexing the Sponge: Single-Pass Authenticated Encryption and Other Applications. http://eprint.iacr.org/2011/499.pdf
Borkar S (2005) Designing Reliable Systems from Unreliable Components: the Challenges of Transistor Variability and Degradation. IEEE Micro 25(6):10–16
CAESAR Competition for authenticated encryption: Security, applicability, and robustness. http://competitions.cr.yp.to/caesar.html
Cadence Encounter rtl compiler. http://www.cadence.com/products/ld/rtl_compiler/pages/default.aspx
Canvel B, Hiltgen A, Vaudenay S, Vuagnoux M (2003) Password Interception in a SSL/TLS Channel. Advances in Cryptology - CRYPTO, pp 583–599
Chih-Hsu Y, Bing-Fei W (2006) Simple Error Detection Methods for Hardware Implementation of Advanced Encryption Standard. IEEE Trans Computers 55(6):730–731
Guo X, Karri R (2012) Invariance-based Concurrent Error Detection for Advanced Encryption Standard. Proc. 49th IEEE/ACM Design Automation Conference, pp 573–578
Guo X, Karri R (2013) Recomputing with permuted operands: A concurrent error detection approach. IEEE Trans Computer-Aided Design of Integrated Circuits and Systems 32(10):1595– 1608
Henzen L, Fichtner W (2010) FPGA Parallel-Pipelined AES-GCM Core for 100G Ethernet Applications. Proc. 40th European Solid-State Circuits Conference, pp 202–205
IEEE (2005) 802.1AE-media access control (MAC) security, draft 3.5. http://www.ieee802.org/1/pages/802.1ae.html
IEEE (2006) IEEE Std. 802.15.4-2006
IEEE (2006) P1619.1/d12astandard for authenticated encryption with length expansion for storage devices. http://grouper.ieee.org/groups/1619/email/bin00084.bin
Information technology-security techniques-authenticated encryption. 19772 2009. ISO/IEC. Retrieved March 12 (2013)
Karaklajić D, Schmidt JM, Verbauwhede I (2013) Hardware designer’s guide to fault attacks. IEEE Trans VLSI 21(12):2295–2306
Karpovsky M, Kulikowski KJ, Taubin A (2004) Robust Protection Against Fault-Injection Attacks of Smart Cards Implementing the Advanced Encryption Standard. Proc. Dependable Systems and Networks, pp 93–101
Karri R, Wu K, Mishra P, Kim Y (2002) Concurrent error detection schemes of fault based side-channel cryptanalysis of symmetric block ciphers. IEEE Trans Computer-Aided Design of Integrated Circuits and Systems 21(12):1509–1517
Katz J, Lindell Y (2007) Introduction to Modern Cryptography: Principles and Protocols. Chapman and Hall/CRC
Kohno T, Viega J, Whiting D (2003) The CWC Authenticated Encryption (associated data) Mode. http://eprint.iacr.org/
Lee CY, Chiou CW, Lin JM (2006) Concurrent Error Detection in a Polynomial Basis Multiplier over GF(2m). Journal of Electronic Testing: Theory and Applications 22(2):143–150
López-Trejo E, Rodríguez-Henríquez F, Díaz-Pérez A (2005) An Efficient FPGA Implementation of CCM Mode using AES. Proc. Information Security and Cryptology, pp 322–334
McGrew D, Viega J (2005) The Galios/Counter Mode of Operation (Full Version). http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/-gcm/gcm-revised-spec.pdf
Mentor Graphics. Modelsim. http://model.com/
Mozaffari-Kermani M., Reyhani-Masoleh A (2010) Concurrent structure-independent fault detection schemes for the Advanced Encryption Standard. IEEE Trans Computers 59(5):608–622
Mozaffari-Kermani M, Reyhani-Masoleh A (2011) A lightweight high-performance fault detection scheme for the Advanced Encryption Standard using composite field. IEEE Trans VLSI 19(1):85–91
Mukherjee SS, Emer J, Reinhardt SK (2005) The Soft Error Problem: An Architectural Perspective. Proc. 20th IEEE Intl. Symposium on High Performance Computer Architecture, pp 243–247
Natale GD, Flottes ML, Rouzeyre B (2007) A Novel Parity Bit Scheme for SBox in AES Circuits. Proc. IEEE Design and Diagnosis of Electronic Circuits and Systems, pp 1–5
National Institute of Standards and Technology (NIST) (2001) Recommendation for Block Cipher Modes of Operation - Methods and Techniques. http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
National Institute of Stardards and Technology (NIST) (2001) Advanced Encryption Standard (AES). http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
Rogaway P, Bellare M, Black J, Krovetz T (2001) OCB: A Block-Cipher Mode of Operation for Efficient Authenticated Encryption. http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/-proposedmodes/ocb/ocb-spec.pdf
Satoh A, Sugawara T, Aoki T (2009) High-Performance Hardware Architectures for Galois Counter Mode. IEEE Trans Computers 58(7):917–930
Satoh A, Sugawara T, Homma N, Aoki T (2008) High-performance concurrent error detection scheme for AES hardware. In: Proceedings of the Workshop on Cryptographic Hardware and Embedded Systems, pp 100–112
Vaudenay S (2002) Security Flaws Induced by CBC Padding - Applications to SSL, IPSEC, WTLS. Advances in Cryptology - EUROCRYPT, pp 534–546
Viega J, McGrew D (2005) The Use of Galois/Counter Mode (GCM) in IPsec Encapsulating Security Payload (EPS). http://www.faqs.org/rfcs/rfc4106.htm
Whiting D, Housley R, Ferguson N (2002) Counter with CBC-MAC (CCM). http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/ccm/ccm.pdf
Wu K, Karri R, Kuznetsov G, Goessel M (2004) Low Cost Concurrent Error Detection for the Advanced Encryption Standard. Proc. International Test Conference, pp 1242–1248
Xilinx. http://www.xilinx.com/
Yang B, Mishra S, Karri R (2005) High Speed Architecture for Galois/Counter Mode of Operation (GCM). Cryptography ePrint Archive: Report 2005/146
http://www.caida.org/data/passive/trace_stats/