Fault-Resilient Lightweight Cryptographic Block Ciphers for Secure Embedded Systems

The development of extremely-constrained environments having sensitive nodes such as RFID tags and nano-sensors necessitates the use of lightweight block ciphers. Indeed, lightweight block ciphers are essential for providing low-cost confidentiality to such applications. Nevertheless, providing the required security properties does not guarantee their reliability and hardware assurance when the architectures are prone to natural and malicious faults. In this thesis, considering false-alarm resistivity, error detection schemes for the lightweight block ciphers are proposed with the case study of XTEA (eXtended TEA). We note that lightweight block ciphers might be better suited for low-resource environments compared to the Advanced Encryption Standard, providing low complexity and power consumption. To the best of the author\u27s knowledge, there has been no error detection scheme presented in the literature for the XTEA to date. Three different error detection approaches are presented and according to our fault-injection simulations for benchmarking the effectiveness of the proposed schemes, high error coverage is derived. Finally, field-programmable gate array (FPGA) implementations of these proposed error detection structures are presented to assess their efficiency and overhead. The proposed error detection architectures are capable of increasing the reliability of the implementations of this lightweight block cipher. The schemes presented can also be applied to lightweight hash functions with similar structures, making the presented schemes suitable for providing reliability to their lightweight security-constrained hardware implementations

Hardware Engines for Bus Encryption: a Survey of Existing Techniques

International audienceHardware Engines for Bus Encryption: a Survey of Existing Technique

Implementation of an FPGA based accelerator for virtual private networks.

Cheung Yu Hoi Ocean.Thesis (M.Phil.)--Chinese University of Hong Kong, 2002.Includes bibliographical references (leaves 65-70).Abstracts in English and Chinese.Chapter 1 --- Introduction --- p.1Chapter 1.1 --- Motivation --- p.1Chapter 1.2 --- Aims --- p.2Chapter 1.3 --- Contributions --- p.3Chapter 1.4 --- Thesis Outline --- p.3Chapter 2 --- Virtual Private Network and FreeS/WAN --- p.4Chapter 2.1 --- Introduction --- p.4Chapter 2.2 --- Internet Protocol Security (IPSec) --- p.4Chapter 2.3 --- Secure Virtual Private Network --- p.6Chapter 2.4 --- LibDES --- p.9Chapter 2.5 --- FreeS/WAN --- p.9Chapter 2.6 --- Commercial VPN solutions --- p.9Chapter 2.7 --- Summary --- p.11Chapter 3 --- Cryptography and Field-Programmable Gate Arrays (FPGAs) --- p.12Chapter 3.1 --- Introduction --- p.12Chapter 3.2 --- The Data Encryption Standard Algorithm (DES) --- p.12Chapter 3.2.1 --- The Triple-DES Algorithm (3DES) --- p.14Chapter 3.2.2 --- Previous work on DES and Triple-DES --- p.16Chapter 3.3 --- The IDEA Algorithm --- p.17Chapter 3.3.1 --- Multiplication Modulo 2n + 1 --- p.20Chapter 3.3.2 --- Previous work on IDEA --- p.21Chapter 3.4 --- Block Cipher Modes of operation --- p.23Chapter 3.4.1 --- Electronic Code Book (ECB) mode --- p.23Chapter 3.4.2 --- Cipher-block Chaining (CBC) mode --- p.25Chapter 3.5 --- Field-Programmable Gate Arrays --- p.27Chapter 3.5.1 --- Xilinx Virtex-E´ёØ FPGA --- p.27Chapter 3.6 --- Pilchard --- p.30Chapter 3.6.1 --- Memory Cache Control Mode --- p.31Chapter 3.7 --- Electronic Design Automation Tools --- p.32Chapter 3.8 --- Summary --- p.33Chapter 4 --- ImplementationChapter 4.1 --- Introduction --- p.36Chapter 4.1.1 --- Hardware Platform --- p.36Chapter 4.1.2 --- Reconfigurable Hardware Computing Environment --- p.36Chapter 4.1.3 --- Pilchard Software --- p.38Chapter 4.2 --- DES in ECB mode --- p.39Chapter 4.2.1 --- Hardware --- p.39Chapter 4.2.2 --- Software Interface --- p.40Chapter 4.3 --- DES in CBC mode --- p.42Chapter 4.3.1 --- Hardware --- p.42Chapter 4.3.2 --- Software Interface --- p.42Chapter 4.4 --- Triple-DES in CBC mode --- p.45Chapter 4.4.1 --- Hardware --- p.45Chapter 4.4.2 --- Software Interface --- p.45Chapter 4.5 --- IDEA in ECB mode --- p.48Chapter 4.5.1 --- Multiplication Modulo 216 + 1 --- p.48Chapter 4.5.2 --- Hardware --- p.48Chapter 4.5.3 --- Software Interface --- p.50Chapter 4.6 --- Triple-DES accelerator in LibDES --- p.51Chapter 4.7 --- Triple-DES accelerator in FreeS/WAN --- p.52Chapter 4.8 --- IDEA accelerator in FreeS/WAN --- p.53Chapter 4.9 --- Summary --- p.54Chapter 5 --- Results --- p.55Chapter 5.1 --- Introduction --- p.55Chapter 5.2 --- Benchmarking environment --- p.55Chapter 5.3 --- Performance of Triple-DES and IDEA accelerator --- p.56Chapter 5.3.1 --- Performance of Triple-DES core --- p.55Chapter 5.3.2 --- Performance of IDEA core --- p.58Chapter 5.4 --- Benchmark of FreeSAVAN --- p.59Chapter 5.4.1 --- Triple-DES --- p.59Chapter 5.4.2 --- IDEA --- p.60Chapter 5.5 --- Summary --- p.61Chapter 6 --- Conclusion --- p.62Chapter 6.1 --- Future development --- p.63Bibliography --- p.6

Efficient Error detection Architectures for Low-Energy Block Ciphers with the Case Study of Midori Benchmarked on FPGA

Achieving secure, high performance implementations for constrained applications such as implantable and wearable medical devices is a priority in efficient block ciphers. However, security of these algorithms is not guaranteed in presence of malicious and natural faults. Recently, a new lightweight block cipher, Midori, has been proposed which optimizes the energy consumption besides having low latency and hardware complexity. This algorithm is proposed in two energy-efficient varients, i.e., Midori64 and Midori128, with block sizes equal to 64 and 128 bits. In this thesis, fault diagnosis schemes for variants of Midori are proposed. To the best of the our knowledge, there has been no fault diagnosis scheme presented in the literature for Midori to date. The fault diagnosis schemes are provided for the nonlinear S-box layer and for the round structures with both 64-bit and 128-bit Midori symmetric key ciphers. The proposed schemes are benchmarked on field-programmable gate array (FPGA) and their error coverage is assessed with fault-injection simulations. These proposed error detection architectures make the implementations of this new low-energy lightweight block cipher more reliable

Cryptarray A Scalable And Reconfigurable Architecture For Cryptographic Applications

Cryptography is increasingly viewed as a critical technology to fulfill the requirements of security and authentication for information exchange between Internet applications. However, software implementations of cryptographic applications are unable to support the quality of service from a bandwidth perspective required by most Internet applications. As a result, various hardware implementations, from Application-Specific Integrated Circuits (ASICs), Field-Programmable Gate Arrays (FPGAs), to programmable processors, were proposed to improve this inadequate quality of service. Although these implementations provide performances that are considered better than those produced by software implementations, they still fall short of addressing the bandwidth requirements of most cryptographic applications in the context of the Internet for two major reasons: (i) The majority of these architectures sacrifice flexibility for performance in order to reach the performance level needed for cryptographic applications. This lack of flexibility can be detrimental considering that cryptographic standards and algorithms are still evolving. (ii) These architectures do not consider the consequences of technology scaling in general, and particularly interconnect related problems. As a result, this thesis proposes an architecture that attempts to address the requirements of cryptographic applications by overcoming the obstacles described in (i) and (ii). To this end, we propose a new reconfigurable, two-dimensional, scalable architecture, called CRYPTARRAY, in which bus-based communication is replaced by distributed shared memory communication. At the physical level, the length of the wires will be kept to a minimum. CRYPTARRAY is organized as a chessboard in which the dark and light squares represent Processing Elements (PE) and memory blocks respectively. The granularity and resource composition of the PEs is specifically designed to support the computing operations encountered in cryptographic algorithms in general, and symmetric algorithms in particular. Communication can occur only between neighboring PEs through locally shared memory blocks. Because of the chessboard layout, the architecture can be reconfigured to allow computation to proceed as a pipelined wave in any direction. This organization offers a high computational density in terms of datapath resources and a large number of distributed storage resources that easily support a high degree of parallelism and pipelining. Experimental prototyping a small array on FPGA chips shows that this architecture can run at 80.9 MHz producing 26,968,716 outputs every second in static reconfiguration mode and 20,226,537 outputs every second in dynamic reconfiguration mode

Design and analysis of an FPGA-based, multi-processor HW-SW system for SCC applications

The last 30 years have seen an increase in the complexity of embedded systems from a collection of simple circuits to systems consisting of multiple processors managing a wide variety of devices. This ever increasing complexity frequently requires that high assurance, fail-safe and secure design techniques be applied to protect against possible failures and breaches. To facilitate the implementation of these embedded systems in an efficient way, the FPGA industry recently created new families of devices. New features added to these devices include anti-tamper monitoring, bit stream encryption, and optimized routing architectures for physical and functional logic partition isolation. These devices have high capacities and are capable of implementing processors using their reprogrammable logic structures. This allows for an unprecedented level of hardware and software interaction within a single FPGA chip. High assurance and fail-safe systems can now be implemented within the reconfigurable hardware fabric of an FPGA, enabling these systems to maintain flexibility and achieve high performance while providing a high level of data security. The objective of this thesis was to design and analyze an FPGA-based system containing two isolated, softcore Nios processors that share data through two crypto-engines. FPGA-based single-chip cryptographic (SCC) techniques were employed to ensure proper component isolation when the design is placed on a device supporting the appropriate security primitives. Each crypto-engine is an implementation of the Advanced Encryption Standard (AES), operating in Galois/Counter Mode (GCM) for both encryption and authentication. The features of the microprocessors and architectures of the AES crypto-engines were varied with the goal of determining combinations which best target high performance, minimal hardware usage, or a combination of the two