Abstract: The tiny encryption algorithm (TEA) was developed by [4] Wheeler and Needham as a simple computer program for encryption. This paper is the first design-space exploration for hardware implementations of the extended tiny encryption algorithm. It presents efficient implementations of XTEA on FPGAs and ASICs for ultra-low power applications such as RFID tags and wireless sensor nodes as well as fully pipelined designs for high speed applications. A novel ultra-low power implementation is introduced which consumes less area and energy than a comparable AES implementation. Furthermore, XTEA is compared with stream ciphers from the eSTREAM portfolio and lightweight ciphers. The high speed implementations of XTEA operate at 20.6 Gbps (FPGA) or 36.6 Gbps (ASIC).

Abstract: This paper presents new speed records for AES software, taking advantage of (1) architecture-dependent reduction of instructions used to compute AES and (2) microarchitecture-dependent reduction of cycles used for those instructions. A wide variety of common CPU architectures--amd64, ppc32, sparcv9, and x86--are discussed in detail, along with several specific microarchitectures.

Abstract: In this paper we show a new differential fault analysis (DFA) on the AES-128 key scheduling process. We can obtain 96 bits of the key with 2 pairs of correct and faulty ciphertexts enabling an easy exhaustive key search of 232keys. Furthermore we can retrieve the entire 128 bits with 4 pairs. To the authors' best knowledge, it is the smallest number of pairs to find the entire AES-128 key with a fault attack on the key scheduling process. Up to now 7 pairs by Takahashi et al. were the best. By corrupting state, not the key schedule, Piret and Quisquater showed 2 pairs are enough to break AES-128 in 2003. The advantage of DFA on the key schedule is that it can defeat some fault-protected AES implementations where the round keys are not rescheduled prior to the check. We implemented our algorithm on a 3.2 GHz Pentium 4 PC. With 4 pairs of correct and faulty ciphertexts, we could find 128 bits less than 2.3 seconds.

Abstract: Graphics processors are continuing their trend of vastly outperforming CPUs while becoming more general purpose. The latest generation of graphics processors have introduced the ability handle integers natively. This has increased the GPU's applicability to many fields, especially cryptography. This paper presents an application oriented approach to block cipher processing on GPUs. A new block based conventional implementation of AES on an Nvidia G80 is shown with 4-10x speed improvements over CPU implementations and 2-4x speed increase over the previous fastest AES GPU implementation. We outline a general purpose data structure for representing cryptographic client requests which is suitable for execution on a GPU. We explore the issues related to the mapping of this general structure to the GPU. Finally we present the first analysis of the main encryption modes of operation on a GPU, showing the performance and behavioural implications of executing these modes under the outlined general purpose data model. Our AES implementation is used as the underlying block cipher to show the overhead of moving from an optimised hard-coded approach to a generalised one.

Abstract: Cryptographic substitution boxes (S-boxes) are an integral part of modern block ciphers like the Advanced Encryption Standard (AES). There exists a rich literature devoted to the efficient implementation of cryptographic S-boxes, wherein hardware designs for FPGAs and standard cells received particular attention, in this paper we present a comprehensive study of different standard-cell implementations of the AES S-box with respect to timing (i.e. critical path), silicon area, power consumption, and combinations of these cost metrics. We examine implementations which exploit the mathematical properties of the AES S-box, construcions based on hardware look-up tables, and dedicated low-power solutions. Our results show that the timing, area, and power properties of the different S-box realizations can vary by up to almost an order of magnitude. In terms of area and area-delay product, the best choice are implementations which calculate the S-box output. On the other hand, the hardware look-up solutions are characterized by the shortest critical path. The dedicated low-power implementations do not only reduce power consumption by a large degree, but they also show good timing properties and offer the best power-delay and power-area product, respectively.

Abstract: The increased need for security in embedded applications in recent years has prompted efforts to develop encryption algorithms capable of running on resource constrained systems The inclusion of the Advanced Encryption Standard (AES) in the IEEE 802154 Zigbee protocol has driven its widespread use in current embedded platforms We propose an implementation of AES in a high-level language (C in this case) that is the first software-based solution for 16-bit microcontrollers capable of matching the communication rate of 250 kbps specified by the Zigbee protocol, while also minimizing RAM and ROM usage We discuss a series of optimizations and their effects that lead to our final implementation achieving an encryption speed of 286 kbps, RAM usage of 260 bytes, and code size of 5160 bytes on the Texas Instruments MSP430 microprocessor We also develop rigorous benchmark experiments to compare other AES implementations on a common platform, and show that our implementation outperforms the best available implementation by 85%

Abstract: Hardware implementation of cryptographic algorithms are widely used to secure wireless networks. They guarantee good security performance at low processing and energy costs. However, unlike traditional implementations, they are vulnerable to side channel attacks. Particularly, fault attacks have proved their efficiency in cracking hardware implementation of some robust symmetric and asymmetric encryption algorithms. In this paper, we develop an FPGA version of the attack proposed by Piret and Quisquater against the AES (Advanced Encryption Standard) algorithm. Through temporal and spatial analyses of the rounds that have been affected by the fault injection process, we adapt the aforementioned attack to our context. The results obtained in this paper can serve to design a more secure FPGA implementation of AES.

Abstract: Advance Encryption Standard (AES) hardware implementation in FPGA as well as in ASIC has been intensely discussing, especially in high-throughput (over several tens Gbps). However, low area designs have also been investigated in recent years for the embedded hardware applications. This paper presents a 32-bit AES implementation with a low area of 156 slices and a throughput of 876 Mbps, which outperformed the best reported result of 648 Mbps throughput found in literature.

Abstract: The substitution box (S-box) of the Advanced Encryption Standard (AES) is based on the multiplicative inversion s(x) = xi¾? 1in GF(256) and followed by an affine transformation in GF(2). The S-box is the most expansive building block of any hardware implementation of the AES, and the multiplicative inversion is the most costly step of the S-box transformation. There exist many publications about hardware implementations of the S-box and the smallest known implementations are based on normal bases. In this paper, we introduce a new method to implement the multiplicative inversion over GF(256) based on normal bases that have not been considered before in the context of AES implementations.

Abstract: In today's world most of the communication is done using electronic media Data Security plays a vital role in such communication Hence, there is a need to protect data from malicious attacks Advanced Encryption Standard (AES), also known as Rijndael, is an encryption standard used for securing information AES is a block cipher algorithm that has been analyzed extensively and is now used widely The hardware implementation of AES algorithm is faster and more secure than software implementation There are different hardware models to implement the Rijndael Encryption core This paper addresses the performance of Rijndael AES Encryption algorithm of key length 128 bits Two hardware models based on HDL and IP core are used to evaluate the performance of the algorithm The encryption time and also the performance metrics such as size, speed and memory utilization are evaluated, using these models Results are compared to a reference model and have shown an increase in the throughput per slice measure

Abstract: This paper presents a new algorithm for error detection and error correction in the data encrypted with the Advanced Encryption Standard (AES). The algorithm detects any byte error and over 99% of word errors affecting the data being encrypted. It is also capable of correcting all bit errors of odd multiplicity that are inducted into not more then four bytes of the data. Consequently the immunity of the AES to the fault analysis is improved.

Abstract: This article presents a new compact architecture, consisting of two independent cores that process encryption and decryption simultaneously, for the Advanced Encryption Standard (AES) algorithm. The corresponding new compact key generation unit with 32-bit datapath is also explored to provide round keys on the fly for encryption and decryption. A novel way to implement ShiftRows/InvShiftRows, one of the key designs in the compact 32-bit architecture, is proposed. The new AES implementation requires only 16 629 gate equivalents on the 0.35 mum CMOS technology from CSMC Technologies Corporation, while providing encryption and decryption in parallel with 335 Mbits/s throughput.

Abstract: This paper describes an AES smart card implementation highly tamper resistant to side channel attacks. Smart cards are gaining popularity in applications that require high security and store sensitive information. Modern smart cards, highly capable of complicated cryptology, provide a high assurance of tamper resistance and thus commonly used in payment application. Although advanced smart cards can not protect attackers from being defrauded by different side channel attacks. Small, embedded integrated circuits (ICs) such as smart cards are vulnerable to side-channel attacks (SCAs). We describe the development of differential power attacks and describe how to perform differential power kind of side-channel attack on an AES implementation, using simulated power traces. We also discusses the security prevention from such corresponding attacks, such as randomized masking techniques for software implementations.

Abstract: In this work, we present a novel core implementation of the Advanced Encryption Standard with an integrated countermeasure against side channel attacks, which can theoretically increase the complexity of a DPA attack by a factor of 240. This countermeasure is based on mathematical properties of the Rijndael algorithm, and retains compatibility with the published Standard. The entire system was designed from the ground up to allow the reutilization of the building blocks in many different combinations, thus providing for design space exploration. Synthesis results show that the protected core can perfectly meet the performance constraints of currently used smart cards.

Abstract: Side channel attacks are a significant threat to the deployment of secure embedded systems. Differential power analysis is one of the powerful power analysis attacks, which can be exploited in secure devices such as smart cards, PDAs and mobile phones. Several researchers in the past have presented experiments and countermeasures for differential power analysis in AES cryptography, though none of them have described the attack in a step by step manner, covering all the aspects of the attack. Some of the important missing segments are the consideration of pipelines, analysis of the power profile to locate the points of attack, the correspondence of the source code, its assembly representation, and the point of attack. In this paper we describe in detail a step-wise explanation of the differential power analysis of an AES implementation, with all of the aspects identified above.

Abstract: We implement a set of relatively low-cost enhancement techniques to accelerate certain arithmetic operations common in cryptographic applications on an extensible, embedded processor core. The enhancements are generic in the sense that they can be applied in many RISC processors beneficially. We organize these enhancements into a cryptographic unit (CU) that offers an extended ISA to the programmer. We then present the speedup values obtained for various arithmetic and public key cryptography operations through these enhancements. We also give the hardware overhead of integrating the CU to the embedded processor in terms of chip area. Our experimental results show that the proposed architectural enhancements provide significant amount of speedup values in elliptic curve cryptography and RSA with a conservative increase in hardware. We also demonstrate that the proposed enhancements facilitate protection of cryptographic algorithms against certain side-channel attacks by reporting our case study of AES implementation hardened against cache-based attacks.

Abstract: We present a set of low-cost architectural enhancements to accelerate the execution of certain arithmetic operations common in cryptographic applications on an extensible embedded processor core. The proposed enhancements are generic in the sense that they can be beneficially applied in almost any RISC processor. We implemented the enhance- ments in form of a cryptographic unit (CU) that offers the programmer an extended instruction set. The CU features a 128-bit wide register file and datapath, which enables it to process 128-bit words and perform 128-bit loads/stores. We analyze the speed-up factors for some arithmetic operations and public-key cryptographic algorithms obtained through these enhancements. In addition, we evaluate the hardware overhead (i.e. silicon area) of integrating the CU into an embedded RISC processor. Our experimental results show that the proposed architectural enhancements allow for a significant performance gain for both RSA and ECC at the expense of an acceptable increase in silicon area. We also demonstrate that the proposed enhancements facilitate the protection of cryptographic algorithms against certain types of side-channel attacks and present an AES implementation hardened against cache-based attacks as a case study.

Abstract: This paper presents an effective way to enhance power analysis attacks on AES hardware implementations. The proposed attack adopts hamming difference of intermediate results as power mode. It arranges plaintext inputs to differentiate power traces to the maximal probability. A simulation-based AES ASIC implementation and experimental platform are built. Various power attacks are conducted on our AES hardware implementation. Unlike on software implementations, conventional power attacks on hardware implementations may not succeed or require more computations. However, the method we proposed effectively improves the success rate using acceptable number of power traces and fewer computations. Furthermore from experimental data, the correlation factor between the hamming distance of key guesses and the difference of DPA traces has the value 0.9233 to validate power model and attack results.

Abstract: H264/AVC is the newest video coding standard There are many new features in it which can be easily used for video encryption In this paper, we propose a new scheme to do video encryption for H264/AVC video compression standard We define Unequal Secure Encryption (USE) as an approach that applies different encryption schemes (with different security strength) to different parts of compressed video data This USE scheme includes two parts: video data classification and unequal secure video data encryption Firstly, we classify the video data into two partitions: Important data partition and unimportant data partition Important data partition has small size with high secure protection, while unimportant data partition has large size with low secure protection Secondly, we use AES as a block cipher to encrypt the important data partition and use LEX as a stream cipher to encrypt the unimportant data partition AES is the most widely used symmetric cryptography which can ensure high security LEX is a new stream cipher which is based on AES and its computational cost is much lower than AES In this way, our scheme can achieve both high security and low computational cost Besides the USE scheme, we propose a low cost design of hybrid AES/LEX encryption module Our experimental results show that the computational cost of the USE scheme is low (about 25% of naive encryption at Level 0 with VEA used) The hardware cost for hybrid AES/LEX module is 4678 Gates and the AES encryption throughput is about 50 Mbps

Abstract: This paper describes differential power analysis (DPA) of encryption algorithms hardware implementations. Proposed DPA-resistant design method combines power equalization for synchronous and combinatorial circuits. AES algorithm has been implemented in Xilinx Spartan II-E field programmable gate array (FPGA) device using the standard and DPA-resistant methods. XPower tool has been introduced to collect power traces for DPA. Results show that the standard AES implementation can be broken using DPA in N=2000 encryption operations. At the same time DPA of modified AES implementation for N=2000 encryption operations does not show any correlation between power consumption and the cipher key.

Abstract: Instruction set extensions for a RISC processor are presented to improve the software performance of the Data Encryption Standard (DES), Triple-DES, the International Data Encryption Algorithm (IDEA), and the Advanced Encryption Standard (AES) algorithms. The most computationally intensive operations of each algorithm are off-loaded to a set of newly defined instructions. The additional hardware required to support these instructions is integrated into the processor's datapath. For each of the targeted algorithms, comparisons are presented between traditional software implementations and new implementations that take advantage of the extended instruction set architecture. Results show that utilization of the proposed instructions significantly reduces program code size and improves encryption and decryption throughput. Moreover, the additional hardware resources required to support the instruction set extensions increases the total area of the processor by less than 65%.

Abstract: The use of the Advanced Encryption Standard (AES) has become pervasive in a large number of communication applications. The hardware to implement AES is non trivial and as a result it has a significant overhead in its raw form. Despite the algorithm being inherently secure, side channel attacks have exposed potential weaknesses via the implementation route, particularly power analysis. As a result, much effort has been expended in identifying techniques to mask the power signature that can give away the secret key. Unfortunately, the hardware overhead is usually a significant proportion of the size of the original algorithm and in addition, the key can sometimes still be ascertained due to manufacturing differences (such as track lengths) still delivering aspects of the key in a power signature. This paper describes an approach that requires a simple modification to the implementation of the AES algorithm, without altering its basic characteristics, which provides a significantly improved strength against side channel attacks with a minimal additional hardware overhead.

Abstract: Since its adoption as a new encryption standard by NIST, the Advanced Encryption Standard (AES) has become the default choice for various security services in many applications. On the other hand, a straightforward hardware implementation of the AES may not satisfy the tight constraints of several resource limited devices such as radio frequency identification (RFID) tags and tiny sensor networks. In this paper, we explore several area optimization options for the AES. Our area optimized implementation for AES-128 ECB encryption/decryption engine requires 2732 slices of a Xilinx Virtex-II XC2V1000bg575, runs at a maximum clock speed of 98.95 MHz and produces a throughput of up to 29.32 Mbps.

Abstract: In this paper we propose an on-line self-test architecture for hardware implementations of advanced encryption standard (AES). The solution assumes a parallel architecture and exploits the inherent spatial replications of this implementation. We show that our solution is very effective for on-line fault detection while keeping the area overhead very low. Moreover, it does not weak the device with respect to side-channel attacks based on power analysis.

Abstract: The need for privacy has become a major priority for both governments and civilians desiring protection from signal interception. Widespread use of personal communications devices has only increased demand for a level of security on previously insecure communications. This paper presents a novel low-cost architecture for the Advanced Encryption Standard (AES) algorithm utilizing a field programmable gate array (FPGA). In as much as possible, this architecture uses a bit-serial approach, and it is also suitable for VLSI implementations. In this implementation, the primary objective was not to increase throughput or decrease latency, but to balance these factors in order to lower the cost. A focus on low cost resulted in a design well-suited for SoC implementations. This allows for scaling of the architecture towards vulnerable portable and cost-sensitive communications devices in consumer and military applications.

Abstract: The AES software implementes in the way of looking up tables, while the indices affect the Cache hit and miss, and then the time of the AES encryption, however, the indices have a close connection with the secret key. After analyzing the relationship between the indices, and the ciphertext, and final round sub key in the AES final round encryption, it proposes a novel attack against AES by using the Cache hit information, and validates its feasibility with experiments on Intel Celeron 1.99 GHz and Pentium4 3.6 GHz CPU, recovers the 128 bit AES key in 221 and 225 random plaintexts in 5 min separately, and introduces several countermeasures for protecting the AES.

Abstract: According to the traditional method, the encryption/decryption of AES are designed separately, and it consumes lots of hardware resources. In this paper, on the foundation of analyzing the encryption/decryption of AES, the implementation method of each part about the algorithm is introduced. After analysis, the commonness of encryption/decryption is given, and reconfigurable design for the algorithm is presented. Simulation and validation on FPGA shows that this design can reduce the area cost greatly compared with other traditional design.