Soft Error Resistant Design of the AES Cipher Using SRAM-based FPGA by Solmaz Ghaznavi A thesis presented to the University of Waterloo in fulfillment of the thesis requirement for the degree of Doctor of Philosophy in Electrical and Computer Engineering Waterloo, Ontario, Canada, 2011 ©Solmaz Ghaznavi 2011 AUTHOR'S DECLARATION I hereby declare that I am the sole author of this thesis. This is a true copy of the thesis, including any required final revisions, as accepted by my examiners. I understand that my thesis may be made electronically available to the public. ii Abstract This thesis presents a new architecture for the reliable implementation of the symmetric-key algorithm Advanced Encryption Standard (AES) in Field Programmable Gate Arrays (FPGAs). Since FPGAs are prone to soft errors caused by radiation, and AES is highly sensitive to errors, reliable architectures are of significant concern. Energetic particles hitting a device can flip bits in FPGA SRAM cells controlling all aspects of the implementation. Unlike previous research, heterogeneous error detection techniques based on properties of the circuit and functionality are used to provide adequate reliability at the lowest possible cost. The use of dual ported block memory for SubBytes, duplication for the control circuitry, and a new enhanced parity technique for MixColumns is proposed. Previous parity techniques cover single errors in datapath registers, however, soft errors can occur in the control circuitry as well as in SRAM cells forming the combinational logic and routing. In this research, propagation of single errors is investigated in the routed netlist. Weaknesses of the previous parity techniques are identified. Architectural redesign at the register-transfer level is introduced to resolve undetected single errors in both the routing and the combinational logic. Reliability of the AES implementation is not only a critical issue in large scale FPGA-based systems but also at both higher altitudes and in space applications where there are a larger number of energetic particles. Thus, this research is important for providing efficient soft error resistant design in many current and future secure applications. iii Acknowledgements I would like to express my sincere gratitude to my advisor, Professor Catherine Gebotys, for all her support, guidance, and encouragement throughput this research. I am grateful to Professor Mark Aagaard for his discussions and guidance in this research. I would like to thank Professor Andrew Kennings and Professor Doug Stinson for agreeing to read and comment on my thesis. I would also like to thank Professor Howard Heys, my external examiner, for his time and energy so thoughtfully devoted to this endeavor. Susan Xu and Hugh Pollitt-Smith with the CMC Microsystems were extremely helpful with their support for the tools and equipment. I would also like to thank my colleagues Reouven Elbaz, Marcio Juliato, Patrick Longa, and Dave Kenney for useful discussions we have had in our research group. My special thanks to Amir Khatib Zadeh, my parents and brother for their invaluable support. iv Table of Contents AUTHOR'S DECLARATION...............................................................................................................ii Abstract .................................................................................................................................................iii Acknowledgements ...............................................................................................................................iv Table of Contents ...................................................................................................................................v List of Figures .....................................................................................................................................viii List of Tables.........................................................................................................................................xi Chapter 1 Introduction............................................................................................................................1 1.1 Thesis Organization......................................................................................................................5 Chapter 2 Radiation Effects on Devices.................................................................................................7 2.1 Radiation Sources and Soft Error Mechanisms............................................................................7 2.2 Comparison of Soft Errors to Other Faults.................................................................................14 2.2.1 Manufacturing Faults...........................................................................................................14 2.2.2 Fault Attacks........................................................................................................................16 2.3 Estimating Soft Error Rates of a Device ....................................................................................20 2.4 Technology Trends and Soft Errors ...........................................................................................23 2.5 Summary ....................................................................................................................................25 Chapter 3 Previous Research on Tackling Soft Errors.........................................................................26 3.1 Fabrication Process Level Techniques to Tackle Soft Errors.....................................................27 3.2 Circuit and System Level Techniques to Tackle Soft Errors .....................................................29 3.3 Tackling Soft Errors by Architectural Methods .........................................................................37 3.4 Soft Errors in FPGA vs. ASIC ...................................................................................................40 3.5 Summary ....................................................................................................................................42 Chapter 4 Security Needs of Data Systems..........................................................................................44 4.1 Security Needs and Cryptographic Algorithms..........................................................................44 4.1.1 Advanced Encryption Standard...........................................................................................47 4.2 Block Cipher Modes...................................................................................................................51 4.2.1 Confidentiality Modes.........................................................................................................52 4.2.2 Authentication Mode...........................................................................................................55 4.2.3 Authentication and Confidentiality Modes..........................................................................56 4.3 Previous Research on AES Design.............................................................................................56 4.3.1 SubBytes implementations in AES ......................................................................................58 v 4.3.2 MixColumns implementations in AES................................................................................ 62 4.4 SEU-resistant AES..................................................................................................................... 63 4.5 Summary.................................................................................................................................... 64 Chapter 5 Proposed AES with Error Detection.................................................................................... 65 5.1 Error Detection in AES Logic Blocks........................................................................................ 66 5.1.1 SubBytes Logic Blocks and Error Detection ...................................................................... 68 5.1.2 MixColumns Logic Blocks and Error Detection ................................................................. 69 5.1.3 AddRoundKey Logic Blocks and Error Detection .............................................................. 74 5.2 Error Detection in Routing of AES............................................................................................ 74 5.2.1 Error in Routing and Modeling........................................................................................... 75 5.2.2 MixColumns Routing and Error Detection.......................................................................... 76 5.2.3 AddRoundKey Routing and Error Detection...................................................................... 93 5.2.4 Control Circuit and Error Detection.................................................................................... 94 5.3 Soft Error Resistant AES for Different Key Sizes and Decryption ........................................... 94 5.4 Summary.................................................................................................................................... 95 Chapter 6 Comparison with Previous Research................................................................................... 97 6.1 AES Hardware Design............................................................................................................... 97 6.2 Experimental Results of MixColumns