Algredo-Badillo Ignacio, Ramírez-Gutiérrez Kelsey A, Morales-Rosales Luis Alberto, Pacheco Bautista Daniel, Feregrino-Uribe Claudia
CONACYT-Instituto Nacional de Astrofísica, Óptica y Electrónica, Puebla 72840, Mexico.
Faculty of Civil Engineering, CONACYT-Universidad Michoacana de San Nicolás de Hidalgo, Morelia 58000, Mexico.
Sensors (Basel). 2021 Aug 22;21(16):5655. doi: 10.3390/s21165655.
Currently, cryptographic algorithms are widely applied to communications systems to guarantee data security. For instance, in an emerging automotive environment where connectivity is a core part of autonomous and connected cars, it is essential to guarantee secure communications both inside and outside the vehicle. The AES algorithm has been widely applied to protect communications in onboard networks and outside the vehicle. Hardware implementations use techniques such as iterative, parallel, unrolled, and pipeline architectures. Nevertheless, the use of AES does not guarantee secure communication, because previous works have proved that implementations of secret key cryptosystems, such as AES, in hardware are sensitive to differential fault analysis. Moreover, it has been demonstrated that even a single fault during encryption or decryption could cause a large number of errors in encrypted or decrypted data. Although techniques such as iterative and parallel architectures have been explored for fault detection to protect AES encryption and decryption, it is necessary to explore other techniques such as pipelining. Furthermore, balancing a high throughput, reducing low power consumption, and using fewer hardware resources in the pipeline design are great challenges, and they are more difficult when considering fault detection and correction. In this research, we propose a novel hybrid pipeline hardware architecture focusing on error and fault detection for the AES cryptographic algorithm. The architecture is hybrid because it combines hardware and time redundancy through a pipeline structure, analyzing and balancing the critical path and distributing the processing elements within each stage. The main contribution is to present a pipeline structure for ciphering five times on the same data blocks, implementing a voting module to verify when an error occurs or when output has correct cipher data, optimizing the process, and using a decision tree to reduce the complexity of all combinations required for evaluating. The architecture is analyzed and implemented on several FPGA technologies, and it reports a throughput of 0.479 Gbps and an efficiency of 0.336 Mbps/LUT when a Virtex-7 is used.
目前,加密算法被广泛应用于通信系统以保证数据安全。例如,在新兴的汽车环境中,连接性是自动驾驶和联网汽车的核心组成部分,保证车内和车外的安全通信至关重要。AES算法已被广泛应用于保护车载网络内及车外的通信。硬件实现采用诸如迭代、并行、展开和流水线架构等技术。然而,使用AES并不能保证安全通信,因为先前的研究表明,硬件中诸如AES之类的秘密密钥密码系统的实现对差分故障分析很敏感。此外,已经证明即使在加密或解密过程中出现单个故障也可能导致加密或解密数据中出现大量错误。尽管已经探索了诸如迭代和并行架构等技术用于故障检测以保护AES加密和解密,但有必要探索其他技术,如流水线技术。此外,在流水线设计中平衡高吞吐量、降低低功耗以及使用更少的硬件资源是巨大的挑战,而在考虑故障检测和纠正时这些挑战会更加困难。在本研究中,我们提出了一种新颖的混合流水线硬件架构,专注于AES加密算法的错误和故障检测。该架构是混合的,因为它通过流水线结构结合了硬件和时间冗余,分析和平衡关键路径并在每个阶段内分配处理元件。主要贡献在于提出一种对相同数据块进行五次加密的流水线结构,实现一个表决模块以在出现错误或输出具有正确加密数据时进行验证,优化过程,并使用决策树来降低评估所需的所有组合的复杂度。该架构在几种FPGA技术上进行了分析和实现,当使用Virtex - 7时,报告的吞吐量为0.479 Gbps,效率为0.336 Mbps/LUT。
