SLICED: Slide-based concurrent error detection technique for symmetric block ciphers

Transcription

1 SLICED: Slide-based concurrent error detection technique for symmetric block ciphers Abstract Fault attacks, wherein faults are deliberately injected into cryptographic devices, can compromise their security. Moreover, in the emerging nanometer regime of VLSI, accidental faults will occur at very high rates. While straightforward hardware redundancy based concurrent error detection (CED) can detect transient and permanent faults, it entails 100% area overhead. On the other hand, time redundancy based CED can only detect transient faults with minimum area overhead but entails 100% time overhead. In this paper we present a general time redundancy based CED technique called SLICED for pipelined implementations of symmetric block cipher. SLICED SLIdes one encryption over another and compares their results for CED as a basis for protection against accidental faults and deliberate fault attacks. Keywords: Concurrent Error Detection (CED), Fault Tolerance, Symmetric block ciphers, Sliding, Cryptography. I. INTRODUCTION Fault diagnosis and tolerance are important requirements for sensitive devices such as hardware and software implementations of cryptographic primitives for two reasons: First, in the emerging nanometer regime of VLSI, accidental faults will occur at very high rates. Second, faults are being deliberately injected into cryptographic devices to compromise their security [1] [2] [3] [4]. Duplication in hardware and duplication in time are the most straightforward methods of performing CED. In hardware duplication, two copies of hardware are used to perform the same computation on the same data. At the end of each computation, the results are compared and any discrepancy is reported as an error. This technique has minimum error detection latency and it can detect both transient and permanent faults. A drawback of this technique is that it entails over 100% hardware overhead. In time duplication, the same hardware is used to perform both the normal and the re-computation using the same input data. This technique uses minimum hardware. The drawbacks of this technique are that it entails over 100% time overhead and it can only detect transient faults [5] [6]. Until now many CED methods for cryptographic algorithms have been proposed. In [7], a CED approach for Advanced Encryption Standard (AES) and other symmetric block ciphers, that exploits the inverse relationship between the encryption and decryption at the algorithm, round and individual operation levels, was developed. A drawback of this approach is that it assumes that the cipher device operates in a half-duplex mode (i.e. either encryption or decryption but both are not simultaneously active). In [8], a parity-based CED method is presented. This technique adds one additional parity bit per byte resulting in 16 additional bits for the 128-bit data stream. Each of the sixteen 8-bit 8-bit AES s-boxes is modified into 8-bit 9-bit s-boxes. In addition, this technique adds an extra parity bit per byte to the outputs of the Mix- Column operation, as Mix-Column does not preserve parity. There are also parity based CED techniques in [9] [11]. The main contribution of this paper is using a fault attack concept for CED. Slide-based concurrent error detection (SLICED) is a time-redundancy-based CED technique, targeting pipelined implementations of symmetric block ciphers. SLICED is based on the slide attack on symmetric block ciphers proposed by Biryukov and Wagner in [5]. SLICED slides one encryption over another and compares their results. It can detect permanent and most transient faults. Furthermore, the SLICED technique is independent of the nature of S- box implementation. Transformation in an AES round twice for the same data is reported in [12]. The multiplication scheme presented in [13] is dependent on the type of S-box implementation. A CED using merging S-box and inverse S- box in reported in [14]. More recently, a new scheme detecting faults in S-box and inverse S-box is proposed in [15]. Section II will recapitulate the pipelined implementation of symmetric block ciphers and their applications. In III, the Slide attack is described which is the motivation for this work. In section IV, we will describe the SLICED techniques and the architectures to detect all transient and permanent faults. To obtain the area overhead and time overhead of SLICED, we modeled SLICED AES using VHDL and synthesized these designs using the Cadence RTL compiler synthesis tool for ASIC implementation and synthesized these designs using the Xilinx synthesize tool for FPGA (Virtex-4) implementation. The results of these implementations are presented in section V. Section VI presents the conclusion along with the future work. II. COUNTER MODE AND ELECTRONIC CODE BOOK OPERATION FOR SYMMETRIC BLOCK CIPHERS Symmetric block ciphers can be used either in the feedback modes (Cipher block chaining, Output cipher block, Output feedback) or in the non-feedback modes (Electronic code book and Counter). When a symmetric block cipher is used in one of its feedback modes, its hardware speed is limited by the maximal rate at which the block cipher can compute. This is because it must complete one encryption before it can start the next encryption. In contrast the non-feedback electronic codebook and counter modes can be pipelined and are completely parallelizable /10/$26.00 c 2010 IEEE 70

2 (a) Fig. 1: Pipelined implementation of a symmetric block cipher in (a) ECB mode and (b) Counter mode When a symmetric block cipher is used in the counter mode it essentially operates as a stream cipher. Encryption of a plain text M with a secret key K is done using an n-bit counter ctr. The cipher text is (ctr, C) where C is the exclusive-or of M and the first M bits of E K (ctr), where E K (X) denote encipherment of an n-bit block X using a key K and a block cipher E. Decryption in the counter mode is performed by exclusive-or ing C with the first M bits of E K (ctr). Obviously, the counter mode encryption and decryption can be pipelined and are fully parallelizable; several blocks can be encrypted at the same time and the depth of pipeline is constrained only by the amount of available hardware. The counter mode is used in applications where it needs high throughput and where high security is needed. Counter mode has significant efficiency advantages over other encryption modes without reducing security. The electronic code book (ECB) mode is also parallelizable. The ECB mode is used in applications where it needs high throughput. In this paper we will focus on pipelined implementations. The counter mode encryption and decryption depends only on the underlying block cipher encryption. Consequently, the block cipher decryption and the associated round key generation need not be implemented. This further simplifies the implementation. Extremely high-speed implementations of symmetric block ciphers in counter mode have been proposed and implemented [16] [17] [18]. In this paper, we implemented ECB based AES. But the SLICED technique is also applicable to counter mode AES and ECB mode AES. The SLICED technique is also applicable to other symmetric block ciphers. Figure 1 (a) shows an r-stage pipelined architecture for ECB mode encryption and Figure 1 (b) shows the counter mode. REG indicates the inter-stage register to hold the intermediate values. In the ECB mode, as shown in Figure 1 (a), the plain text is fed as the input to the encryption algorithm and the cipher text is obtained at the end of the r cipher rounds. On the other hand as shown in Figure 1 (b), in Counter mode, the (b) input to the encryption algorithm is the value of the counter output. At the end of r cipher rounds, the encrypted value of the counter is obtained. This encrypted value is simply XORed with the plain text to obtain the corresponding cipher text. For simplicity of explanation in the rest of the paper, we do not consider the pre- round, which is different from the remaining rounds, the key-generation and the counter modules. We will also assume that each round operation takes one clock cycle. Since all rounds are identical in a symmetric block cipher encryption, all hardware stages in the ECB mode pipeline are identical. The round functionality implemented by a stage in the pipeline, differs from the round function implemented by any other stage, only by the round key used in the key mixing function (except the 10 th round which does not have Mix- Column operation). Based on this observation, we propose a simple time redundancy based CED technique that can detect both permanent and transient faults in such pipelines. III. SLIDE BASED CED FOR SYMMETRIC BLOCK CIPHERS (SLICED) In this section, we will first describe the Slide attack, which is the motivation for the SLICED mechanism. A. Slide attack Biryukov and Wagner proposed the Slide attack against symmetric block ciphers in [5]. The Slide attack exploits the self-similarity property of symmetric block ciphers i.e., the fact that the cipher text is a result of identical transformation rounds. The attack can be illustrated by sliding the encryption of a plain text P 1 against the encryption of another plain text P 2 using the same user key as shown below. R (x,y) stands for performing round x while encrypting the y th plain text and Ci (x,y) stands for intermediate cipher text after performing encryption round x on y th plain text. P 1 R (1,1) R (2,1) R (3,1) R (r,1) C 1 P 2 R (1,2) R (2,2) R (3,2) R (r,2) C 2 The key observation to performing a Slide attack is that if P 2 = Ci (1,1) i.e., the plain text 2 is the intermediate cipher text after performing round 1 on plain text P 1, then, Ci r,2 = Ci (r+1,1), i.e., the intermediate cipher text after performing round r on plain text P 2 and the intermediate cipher text after performing round r +1 on plain text P 1 are equal. For simplicity, let us call Ci (r+1,1) as Ci (C1,1). For the slide attack to work, Ci (r+1,1) or Ci (C1,1) should be equal to C 2. Biryukov and Wagner call the values (P 1,C 1 ) and (P 2,C 2 ) a slid pair of plain texts and cipher texts if P 2 = Ci (1,1) and C 2 = Ci (C1,1). We refer the encryption of the plain text P 2 as slid encryption. The key to this attack is finding such slid pairs. If K 1 and K r are the round keys for round R 1 and round R r respectively, slid pairs enable the attacker to solve the following two equations to extract the round keys K 1 and K r. Ci (1,1) = P 2 Ci (C1,1) = C IEEE International Symposium on Hardware-Oriented Security and Trust (HOST) 71

3 While Biryukov and Wagner used sliding to attack symmetric block ciphers, we propose to use the sliding to strengthen the hardware implementation of any symmetric block cipher against fault-based attacks. IV. BASIC SLICED AND MODIFIED SLICED ARCHITECTURES A. Key idea The key idea that we adapt from the slide attack is sliding one encryption against another. We modify the pipeline architecture to perform two encryptions (a normal encryption and a slid encryption) in a pipelined manner using the same plain text and the same user key obtain two cipher texts. If these cipher texts are identical, then there is no fault in the pipeline, otherwise, a fault is detected. We call this SLIdingbased CED technique as SLICED. The SLICED mechanism is independent of the implementation scheme of round operations of the symmetric block cipher such as Shift-Rows and Mixcolumn. B. Basic SLICED The basic SLICED pipeline architecture shown in Figure 2 slides one encryption over the other using the extra multiplexers. Although the normal and the slid encryptions operate on the same plain text and use the same key, in this architecture all the round operations in the slid encryption and the corresponding round operations in the normal encryption are performed on different stages of the hardware. resulting cipher texts are compared with a mismatch indicating a fault in the pipeline. Fig. 3: Pipelined operation of the SLICED architecture from Figure 2. The solid arrow is the trajectory of the normal encryption and the dotted arrow is the trajectory of the slid encryption of 1st Plain text The path traversed by the 1st plain text for normal encryption is shown by a thick arrow and the path traversed by the 1st plain text for slid encryption is shown by a dotted arrow. While the unshaded cells in the Figure 3 indicate the round operations in the normal encryption, the shaded cells indicate the round operations in the slid encryption. R (x,y) stands for performing round x while encrypting the y th plain text. At the end of the 6th clock cycle, the encrypted value corresponding to normal encryption of the 1st plain text is obtained as the output of Stage 6. Similarly, at the end of the 6th clock cycle, the encrypted value corresponding to the slid encryption of the 1st plain text is obtained as the output of Stage 5. Since the round operations in the normal encryption and the corresponding round operations in the slid encryption are performed on different stages of hardware, permanent faults in the architecture can also be detected. Fig. 2: Pipelined implementation of a symmetric block cipher in the ECB mode to support SLICED For simplicity, we will consider a 6-stage pipeline operation as shown in Figure 3, but the same can be extended to 10-stage pipeline. In the normal encryption, Round 1 is performed on Stage 1, Round 2 also on Stage 2, Round 3 on Stage 3 and Round 4 on Stage 4, Round 5 on Stage 5 and Round 6 on Stage 6. In the slid encryption, Round 1 is performed on Stage 1, Round 2 on Stage 1, Round 3 on Stage 2 and Round 4 on Stage 3, Round 5 on Stage 4 and Round 6 on Stage 5. The Fig. 4: Pipelined architecture of a symmetric block cipher with modifications to support SLICED. This architecture can detect all faults in the pipeline. If we look carefully at the pipeline in Figure 3, we can observe that Round 1 is performed only once (on Stage 1) and IEEE International Symposium on Hardware-Oriented Security and Trust (HOST)

4 its result is used for both the normal and the slid encryption. Thus, the transient faults in this unit cannot be detected but the permanent faults in this unit can be detected. A closer look at Figure 3 reveals that Stage 6 remains idle when Round 1 is performed during the normal encryption. In general, for an r- round cipher, Stage r remains idle when Round 1 is performed for the normal encryption. Hence, this can be used to perform Round 1 for the slid encryption. C. Modified SLICED architecture The architecture of basic SLICED is slightly modified so that the transient faults in all stages can be detected. This architecture is shown in Figure 4. In this modified architecture, Round 1 of the normal encryption is performed on Stage 1 while the Round 1 of the slid encryption is performed on Stage r. All round operations during the normal encryption and the corresponding round operations during the slid encryption are now performed on distinct stage hardware and hence, all permanent and transient faults in all stages in this modified pipeline are detected. Fig. 5: Pipelined operation of the modified SLICED architecture. The solid arrow is the trajectory of the normal encryption and the dotted arrow is the trajectory of the slid encryption of the 1 st Plain text The pipelined operation of this modified architecture is shown in Figure 5. Again, consider a 6-Stage pipeline. In the normal encryption, Round 1 is performed on Stage 1, Round 2 is performed on Stage 2, Round 3 is performed on Stage 3, Round 4 is performed on Stage 4, Round 5 is performed on Stage 5 and Round 6 is performed on Stage 6. In the slid encryption, Round 1 is now performed on Stage 6 by selecting the left input of multiplexer MUX 2. Round 2 is then performed on Stage 1 by selecting the left input of multiplexer MUX 1. Round 3 is performed on Stage 2,Round 4 is performed on Stage 3, Round 5 is performed on Stage 4 and Round 6 is performed on Stage 5. From this figure, it can be seen that all round operations in the normal encryption and the corresponding round operations in the slid encryption are performed on different stage hardware. All faults in this modified architecture can now be detected by comparing the two encrypted values obtained in the 6 th clock cycle at Stages 5 and 6 respectively. This modified architecture will not work if the number of stages is odd. This is because in this case, Stage r will not be idle when Round 1 is being performed on Stage 1. Since almost all symmetric block ciphers use an even number of rounds, this modified SLICED technique is applicable. TABLE I: Percentage overhead for the basic SLICED and modified SLICED AES for ASIC and FPGA implementations (Decrease is denoted by using - sign). ASIC FPGA Architecture Basic SLICED Modified SLICED Area 2.1% 2.3% Power 19.8% 2.61% Max. Freq % % Throughput -50% -50% No. of slices -6.77% -6.50% No. of 4 input LUTs 4.13% 7.58% Max. Freq. -15% % V. IMPLEMENTATION BASED VALIDATION We used the popular symmetric block cipher Advanced Encryption Standard (AES) to evaluate SLICED. We evaluated both the ASIC and the FPGA implementations. A. Overview of AES AES [19] is a symmetric block cipher with a data block length of 128 bits. The key block length can be 128, 192 and 256 bits. In this paper, we will consider a key block length of 128 bits. The AES algorithm encrypts a 128-bit input plain text into a 128-bit output cipher text using a 128 bit user key (for a 128-bit key length the total number of rounds is 10, whereas for the 192-bit and 256-bit key length the number of rounds are 12 and 14 respectively). The algorithm uses 10 almost identical iterative rounds. The concurrent error checking described in this paper is applicable to other key block lengths of AES as well. Each round consists of the following four steps: Sub- Bytes, Shift-Rows, Mix-Column, and Add-key. In the last round the Mix-Column step is not used. B. Experimental set-up We modeled the basic ECB-mode based AES using with VHDL. For ASIC evaluation, we synthesized the VHDL code using OSU-45nm library and Cadence RTL Compiler for synthesis. Then we implemented the basic SLICED and the modified SLICED architecture for the ECB-mode based AES and synthesized them for the same technology library using Cadence RTL compiler. For FPGA evaluation, we synthesized the VHDL codes for Xilinx Virtex-4 (xc4vlx25) using Xilinx tools to get the results. C. Performance overhead Table I shows the details of the percentage overhead when compared to AES without any CED mechanism for both ASIC and FPGA implementations. Area (ASIC): It can be seen that the area increases due to the introduction of the 128-bit multiplexers and multiplexers for the round keys. Power (ASIC): Even though the power consumed in both the normal and SLICED mode is same, the user can tune the amount of energy that is spent on normal AES operation and on SLICED operation. For example, if the SLICED operation is applied on every plain text, then 50% of energy is spent on normal AES operation and 50% of energy is spent on SLICED operation. If the SLICED operation is applied on every ninth plain text, 2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST) 73

5 TABLE II: Comparison of previous CED mechanisms with the SLICED mechanisms Scheme %increase in slices Throughput (Gbps) Algorithm Tunable? (Energy, Throughput) Hardware redundancy 99.6% 14.6 All ciphers Yes [7] (algorithm-level) 127.7% 14.6 AES No [13] 37.9% 12.3 AES No [15] 21.7% 12.3 AES No Basic SLICED -6.8% a 20.5 b Pipelined symmetric block ciphers Yes Modified SLICED -6.5% a b Pipelined symmetric Yes a Activated for every plain text b Activated for every ninth plain text then 90% of energy is spent on normal operations. Hence, depending upon the users security requirements, one can tune the energy consumed by the normal and SLICED operations. Maximium Frequency (ASIC): The maximum frequency decreased for both basic SLICED and modified SLICED architectures because the critical path increased due to the introduction of multiplexers. Throughput (ASIC): In the extreme case, when SLICED is used to detect errors while encrypting each plain text, the throughput reduces by half. But, if SLICED is applied on every other plain text, then the throughput is reduced by a third. If SLICED is applied on every ninth plain text, then there is only a 10% reduction in throughput. Once again, the throughput can be tuned based on the users security needs. Number of Slices and look-up-tables (FPGA): It can be seen that the number of slices decreased. But the number of LUTs increased. Maximum frequency (FPGA): The decrease in the maximum frequency for FPGA implementation is high when compared to ASIC implementation. This is because, the multiplexers in the critical path are mapped to LUTs within the same slice and so the increase in delay due to the introduction of multiplexer is low. Delay in FPGA is mostly due to interconnection delay. D. Comparison with previous work We also compared the SLICED mechanism with some of the other previous CED mechanisms for FPGA implementation and the results are shown in table II. The percentage increase in number of slices and throughput of other CED schemes are obtained from [15]. Number of slices: It can be seen that the SLICED architectures occupy less number of slices than the other CED mechanisms. Applicability to different algorithms: SLICED is applicable to all pipelined symmetric block ciphers, while the previous CED mechanisms are either algorithm or architecture specific. Most of the CED mechanisms are based on the mathematical properties of the cryptographic algorithm. Hence, they are algorithm dependent. Throughput: Throughput for basic SLICED and modified SLICED are calculated by number of bits that can be encrypted per second. Since, the architecture is pipelined one can encrypt 128 bits per clock cycle in normal mode. If the SLICED operation is activated for every plain text, the 128 bits are encrypted per two clock cycle. If the SLICED operation is activated for ninth every plain text, the = 1152 bits are encrypted per ten clock cycle. Tunability for security and performance: The last column tells whether the energy and throughput can be tuned for different security and performance needs. For the proposed architectures, CED mechanism can be activated often for high security needs. The CED mechanism can be activated rarely for high performance needs. E. Fault Detection Capability The AES implementation with SLICED scheme has an error signal, which indicates whether the cipher text is faulty or not and the basic cipher text as output. All the possible combinations of the output cipher text and the error signal status are summarized in Table III. TABLE III: Possible combinations of output cipher text and the error signal Case Output cipher text Error signal Remark 1 Correct Not asserted Correct operation 2 Correct Asserted Bad CED scheme 3 Faulty Not asserted Fault not detected 4 Faulty Asserted Fault detected Case 1 occurs when the AES implementation operates correctly. Case 1 can also occur if a fault occurs in such a way that it does not affect the output cipher text i.e., the correct cipher text is obtained even in the presence of a fault. If there is no error in the output cipher text, but the error signal goes high (false-positive) then Case 2 occurs. For a well-designed CED technique, Case 2 will never occur. Case 3 occurs when there is an error in the output cipher text but the error signal is low (fault is not detected). In Case 4, there is an error in the output cipher text and the error signal goes high. The fault coverage of a CED scheme can hence be defined as the percentage of the faults that are detected by the CED technique when the output is faulty. So the fault coverage is only determined by, #Case4 F aultcoverage = #Case3+#Case4 Case 3 and Case 4 and can be calculated as: For example, consider a run of 1000 encryptions with faults injected into the AES implementation with CED in every run. Among the 1000 runs, consider that faulty outputs are obtained in 800 runs. Suppose that the error signal is asserted 600 times (which IEEE International Symposium on Hardware-Oriented Security and Trust (HOST)

6 means that the faulty cipher text is detected), then number of occurrences of Case 3 is 600 and the number of occurrences of Case 4 is 200 resulting in fault coverage of 75%. In order to evaluate the error detection capability of the SLICED scheme, the architecture was modelled in VHDL. Single-bit stuck-at faults (both stuck-at-0 and stuck-at-1) were injected at RT level in the design, for every input used for testing. This was accomplished by adding a multiplexer with a fault injection control at the point of the fault insertion. The faults are injected only at the ten round operations. Faults are not injected in the key generation and pre-processing modules. Random input patterns were applied to basic SLICED and modified SLICED to obtain the fault coverage. Both the basic SLICED and the modified SLICED gave 100% fault coverage for single- bit permanent faults at RT level. VI. CONCLUSION AND FUTURE WORK We proposed a new CED mechanism based on the Slide attack. This mechanism is independent of the implementation scheme of the S-box. It can be applicable to all the symmetry block ciphers. It is applicable to both the encryption and decryption mechanisms. Two architectures have been proposed. In the first architecture all permanent and most transient faults can be detected. In the second architecture all permanent and transient faults can be detected. We then implemented the SLICED architectures to find their area, power, delay and throughput overheads for ASIC and also for FPGA implementations. The SLICED architectures have less area overhead than previous CED mechanisms. The fault coverage of the SLICED architectures are also evaluated. In the future works, we will work on reducing the delay overhead. We are adapting the SLICED architectures to diagnose faulty stages and to reconfigure around them. [9] G. Bertoni, L. Breveglieri, I. Koren, and P. Maistri, An efficient hardware-based fault diagnosis scheme for aes: performances and cost, Proceedings of IEEE International Symposium on Defect and Fault Tolerance in VLSI Systems,, pp , Oct [10] L. Breveglieri, I. Koren, and P. Maistri, Incorporating error detection and online reconfiguration into a regular architecture for the advanced encryption standard, IEEE International Symposium on Defect and Fault Tolerance in VLSI Systems, pp , Oct [11] R. Karri, G. Kuznetsov, and M. Goessel, Parity-based concurrent error detection in symmetric block ciphers, Proceedings of International Test Conference,, vol. 1, pp , Oct [12] T. G. Malkin, F.-X. St, and M. Yung, A comparative cost/security analysis of fault attack countermeasures, Second Workshop on Fault Detection and Tolerance in Cryptography, pp , Sep [13] M. Karpovsky, K. J. Kulikowski, and E. Taubin, Differential fault analysis attack resistant architectures for the advanced encryption standard, Proceedings of World Computing Congress, pp , [14] A. Satoh, T. Sugawara, N. Homma, and T. Aoki, High-performance concurrent error detection scheme for aes hardware, Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems, pp , Aug [15] M. Mozaffari-Kermani and A. Reyhani-Masoleh, Concurrent structureindependent fault detection schemes for the advanced encryption standard, IEEE Transactions on Computers, vol. 59, no. 5, pp , May [16] A. Elbirt, W. Yip, B. Chetwynd, and C. Paar, An fpga-based performance evaluation of the aes block cipher candidate algorithm finalists, IEEE Transactions on Very Large Scale Integration (VLSI) Systems, vol. 9, no. 4, pp , Aug [17] A. Hodjat and I. Verbauwhede, Minimum area cost for a 30 to 70 gbits/s aes processor, Proceedings of IEEE Computer society Annual Symposium on VLSI, pp , Feb [18] X. Zhang and K. Parhi, High-speed vlsi architectures for the aes algorithm, IEEE Transactions on Very Large Scale Integration (VLSI) Systems, vol. 12, no. 9, pp , Sep [19] Announcing the advanced encryption standard (aes), in Federal Information Processing Standards Publication (FIPS PUB), REFERENCES [1] D. Boneh, R. DeMillo, and R. Lipton, On the importance of checking cryptographic protocols for faults, Proceedings of Eurocrypt, Lecture Notes in Computer Science, vol. 1233, pp , [2] E. Biham and A. Shamir, Differential fault analysis of secret key cryptosystems, Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology, pp , Aug [3] J. Bloemer and J. Seifert, Fault based cryptanalysis of the advanced encryption standard. [Online]. Available: /075.pdf [4] C. Giraud, Differential fault analysis on aes. [Online]. Available: [5] A. Biryukov and D. Wagner, Slide attacks, Proceedings of Workshop on Fast Software Encryption, Lecture Notes in Computer Science, vol. 1636, pp , [6] H. Lipmaa, P. Rogaway, and D. Wagner, Comments to nist concerning aes modes of operations: Ctr-mode encryption. [Online]. Available: lipmaa-ctr.pdf [7] R. Karri, K. Wu, P. Mishra, and Y. Kim, Concurrent error detection schemes for fault-based side-channel cryptanalysis of symmetric block ciphers, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 21, no. 12, pp , Dec [8] G. Bertoni, L. Breveglieri, I. Koren, P. Maistri, and V. Piuri, Error analysis and detection procedures for a hardware implementation of the advanced encryption standard, IEEE Transactions on Computers, vol. 52, no. 4, pp , Apr IEEE International Symposium on Hardware-Oriented Security and Trust (HOST) 75