Cryptographic functions for constrained processing environments can be devised using lightweight cryptography. For use in safety relevant automotive applications where transient faults can occur at runtime the calcula...
详细信息
Cryptographic functions for constrained processing environments can be devised using lightweight cryptography. For use in safety relevant automotive applications where transient faults can occur at runtime the calculation of a cipher text requires verification. We propose an algorithm to generate a group parity based concurrent error detection for generic ciphers based on addition, rotation and XOR (ARX). The generated function is capable of detecting odd hamming weight faults according to the single event error model used in automotive applications. The the generated fault detection scheme is smaller in circuit size than presently existing concurrent error detection schemes and can be executed parallel to the cryptographic function. We provide a proof for the correctness of the generated prediction function and estimate the circuit complexity in terms of size and depth. We evaluate our solution in terms of gate count and throughput on IC synthesis level.
This article describes a diagnosis-aware hybrid concurrent error detection (DAH-CED) scheme that can facilitate both off-line and on-line test applications. By using the proposed scheme, not only the probability of de...
详细信息
This article describes a diagnosis-aware hybrid concurrent error detection (DAH-CED) scheme that can facilitate both off-line and on-line test applications. By using the proposed scheme, not only the probability of detecting errors (on-line) but also the diagnosability of the target circuit (off-line) can be significantly enhanced. The proposed scheme combines the implication-based method with the parity check method. In particular, novel algorithms are developed to identify specific implications for enhancing the diagnosability for the modeled faults proactively. Furthermore, a reduction algorithm is also presented to minimize the number of the employed implications, while no loss on probability of detecting errors and diagnosability is also guaranteed. To the best of our knowledge, this issue is not addressed in the literature. To validate the proposed scheme, not only stuck-at faults but also transition faults are considered to simulate the timing-related errors. The experimental results on nine ITC'99 benchmark circuits show that the diagnosability for stuck-at (transition) faults is enhanced by 6.88% (7.78%) by applying the proposed scheme. As for the probability of detecting errors, 97.73% (97.10%) is achieved for errors caused by stuck-at (transition) faults. Moreover, only 3.11% of implications are needed.
Implications have been shown to be beneficial for both concurrent error detection and diagnosis. To reduce the incurred hardware cost, one critical issue is selection of a minimum number of appropriate implications. A...
详细信息
ISBN:
(纸本)9781728147185
Implications have been shown to be beneficial for both concurrent error detection and diagnosis. To reduce the incurred hardware cost, one critical issue is selection of a minimum number of appropriate implications. Although the previous work developed several implication selection algorithms, the critical path delay may still be high. This is because the factors related to the critical path delay have not been well studied and considered during implication selection. In this paper, we investigate these factors and develop a new delay-aware implication selection algorithm. A buffer insertion algorithm is also developed such that the minimum number of buffers are inserted to further reduce the delay. This algorithm is integrated with the implication selection algorithm as a delay-aware implementation scheme. Experimental results on 18 ISCAS'85 and ITC'99 benchmark circuits show that 29.02% delay overhead reduction is achieved on average with only additional 0.34% implications selected.
Compared with application specific integrated circuits (ASICs), static random access memory (SRAM)-based field programmable gate arrays (FPGAs) respond differently to radiation due to the configuration memory vulnerab...
详细信息
Compared with application specific integrated circuits (ASICs), static random access memory (SRAM)-based field programmable gate arrays (FPGAs) respond differently to radiation due to the configuration memory vulnerability. In this brief, the differences between the permanent error model for SRAM-based FPGAs due to configuration memory single event upsets (SEUs), and the ASIC SEU error model are put into perspective for errordetection schemes. In particular, a concurrent error detection (CED) technique for finite impulse response filters in ASICs is implemented and evaluated in an SRAM-based FPGA through fault injection emulation. This method is compared with a dual modular redundancy (DMR) scheme in order to obtain a common behavior. The analysis of experimental data indicates that the CED technique has less undetected errors than DMR. However, our exhaustive fault injection tests reveal that false positive detections are more likely to occur in CED, since the errordetection branch uses more FPGA resources than the DMR comparator. This phenomenon, which is negligible in ASICs, implies a partial or complete unnecessary reconfiguration, so it should be considered in SRAM-based FPGAs.
Implication-based concurrent error detection (CED) has been shown to have promising performance for online testing. However, many error indication signals may be required for this CED method, and thus incur much addit...
详细信息
ISBN:
(纸本)9781538651803
Implication-based concurrent error detection (CED) has been shown to have promising performance for online testing. However, many error indication signals may be required for this CED method, and thus incur much additional interconnection. This would result in not only complicated error checking circuits, but also a large compactor design to process the error indication signals. Both would incur high area overhead. In this paper, we present a collapsing technique that can significantly reduce the total number of required error indication signals for implications. This issue has never been addressed in the literature. We find that equivalence and dominance relationships exist between error indication signals, which are quite helpful for signal reduction. Therefore we develop an efficient algorithm to first identify these relationships, and then make good use of them to merge error indication signals without sacrificing the probability of detecting errors. We also employ 19 ISCAS'85 and ITC'99 benchmark circuits to evaluate the effectiveness of the proposed technique. The results show that 48.48% of error indication signals are reduced by our technique on average. This also leads to 39.23% and 34.52% averaged area overhead reduction to the error checking circuit and the compactor design, respectively.
A floating-point multiplier with concurrent error detection capability by partial duplication is proposed. It uses a truncated multiplier for checking of the significand (mantissa) multiplication instead of full dupli...
详细信息
A floating-point multiplier with concurrent error detection capability by partial duplication is proposed. It uses a truncated multiplier for checking of the significand (mantissa) multiplication instead of full duplication. The proposed multiplier can detect any erroneous output with error larger than one unit in the last place (1 ulp) of the significand, which may be overlooked by residue checking. Its circuit area is smaller than that of a fully duplicated one. Area overhead of a single-precision multiplier is about 78% and that of a double-precision one is about 65%.
Developed were new sum codes detecting efficiently twofold errors in the data vectors. A method of constructing concurrenterror-detection systems of the logical combination devices with detection of all single malfun...
详细信息
Developed were new sum codes detecting efficiently twofold errors in the data vectors. A method of constructing concurrenterror-detection systems of the logical combination devices with detection of all single malfunctions based on decomposing the outputs into individual groups and checking them with the use of new sum codes was proposed.
Differential fault analysis (DFA) poses a significant threat to advanced encryption standard (AES). Only a single faulty ciphertext is required to extract the secret key. concurrent error detection (CED) is widely use...
详细信息
Differential fault analysis (DFA) poses a significant threat to advanced encryption standard (AES). Only a single faulty ciphertext is required to extract the secret key. concurrent error detection (CED) is widely used to protect AES against DFA. Traditionally, these CEDs are evaluated with uniformly distributed faults, the resulting fault coverage indicates the security of CEDs against DFA. However, DFA-exploitable faults, which are a small subspace of the entire fault space, are not uniformly distributed. Therefore, fault coverage does not accurately measure the security of the CEDs against DFA. We provide a systematic study of DFA of AES and show that an attacker can inject biased faults to improve the success rate of the attacks. We propose fault entropy (FE) and fault differential entropy (FDE) to evaluate CEDs. We show that most CEDs with high fault coverage are not secure when evaluated with FE and FDE. This work challenges the traditional use of fault coverage for uniformly distributed faults as a metric for evaluating the security of CEDs against DFA.
In many applications, encryption alone does not provide enough security. To enhance security, dedicated authenticated encryption (AE) mode are invented. Galios Counter Mode (GCM) and Counter with CBC-MAC mode (CCM) ar...
详细信息
In many applications, encryption alone does not provide enough security. To enhance security, dedicated authenticated encryption (AE) mode are invented. Galios Counter Mode (GCM) and Counter with CBC-MAC mode (CCM) are the AE modes recommended by the National Institute of Standards and Technology. To support high data rates, AE modes are usually implemented in hardware. However, natural faults reduce its reliability and may undermine both its encryption and authentication capability. We present a low-cost concurrent error detection (CED) scheme for 7 AE architectures. The proposed technique explores idle cycles of the AE mode architectures. Experimental results shows that the performance overhead can be lower than 100 % for all architectures depending on the workload. FPGA implementation results show that the hardware overhead in the 0.1-23.3 % range and the power overhead is in the 0.2-23.2 % range. ASIC implementation results show that the hardware overhead in the 0.1-22.8 % range and the power overhead is in the 0.3-12.6 % range. The underlying block cipher and hash module need not have CED built in. Thus, it allows system designers to integrate block cipher and hash function intellectual property from different vendors.
Modular multiplication is essential in cryptographic algorithms (e.g. RSA), as it determines the performance of the entire cryptographic operation and its reliability is crucial for the system security. In this paper,...
详细信息
ISBN:
(纸本)9781479982004
Modular multiplication is essential in cryptographic algorithms (e.g. RSA), as it determines the performance of the entire cryptographic operation and its reliability is crucial for the system security. In this paper, we propose a high-radix Montgomery Modular Multiplication (MMM) implementation and conduct an exploration to find the optimal radix. Also, a concurrent error detection circuit with 99.9% detection rate, small area and power overheads (2.24% and 1.46% respectively) is proposed to protect the MMM against fault attacks and natural faults.
暂无评论