Abstract
In the last decade, it has become apparent that embedded systems are integral parts of our every day lives. The wireless nature of many embedded applications as well as their omnipresence has made the need for security and privacy preserving mechanisms particularly important. Thus, as field programmable gate arrays (FPGAs) become integral parts of embedded systems, it is imperative to consider their security as a whole. This contribution provides a state-of-the-art description of security issues on FPGAs, both from the system and implementation perspectives. We discuss the advantages of reconfigurable hardware for cryptographic applications, show potential security problems of FPGAs, and provide a list of open research problems. Moreover, we summarize both public and symmetric-key algorithm implementations on FPGAs.
- Actel Corporation. 2002. Design Security in Nonvolatile Flash and Antifuse. Avaialble at http://www.actel.com/appnotes/DesignSecurity.pdf.]]Google Scholar
- Agrawal, D., Archambeault, B., Rao, J. R., and Rohatgi, P. 2002. The EM side-channel(s). In Workshop on Cryptographic Hardware and Embedded Systems---CHES 2002, Ç. K. Koç and C. Paar, eds. Lecture Notes in Computer Science, vol. 2523. Springer-Verlag, Berlin, 29--45.]] Google ScholarDigital Library
- Ajluni, C. 1995. Two new imaging techniques to improve IC defect indentification. Electron. Des. 43, 14 (July), 37--38.]]Google Scholar
- Algotronix Ltd. Method and Apparatus for Secure Configuration of a Field Programmable Gate Array. PCT Patent Application PCT/GB00/04988.]]Google Scholar
- Altera Corporation 2000. Nios Soft Core Embeded Processor. Altera Corporation. Available at http://www.altera.com/products/devices/nios/nio-index.html.]]Google Scholar
- Altera Corporation 2002a. Excalibur Device Overview. Altera Corporation. Available at http:// www.altera.com/products/devices/arm/arm-index.html.]]Google Scholar
- Altera Corporation 2002b. Stratix FPGA Family. Altera Corporation. Available at http://www. altera.com/products/devices/dev-index.jsp.]]Google Scholar
- American National Standards Institute. 1998. ANSI X9.52-1998, Triple Data Encryption Algorithm Modes of Operation. American National Standards Institute. Available at http://webstore.ansi.org/ansidocstore/dept.asp?dept_id=80.]]Google Scholar
- Amphion. High Performance AES Encryption Cores. Available at http://www.chipcenter.com/ networking/images/prod/prod226.pdf.]]Google Scholar
- Anderson, R. and Kuhn, M. 1997. Low cost attacks on tamper resistant devices. In 5th International Workshop on Security Protocols, B. Christianson, B. Crispo, T. M. A. Lomas, and M. Roe, eds. Lecture Notes in Computer Science, vol. 1361. Springer-Verlag, Berlin, 125--136.]] Google ScholarDigital Library
- Ansi. 1981. American National Standards Data Encryption Algorithm X3.92-1981. American National Standards Association.]]Google Scholar
- Aplan, J. M., Eaton, D. D., and Chan, A. K. 1999. Security Antifuse that Prevents Readout of some but not other Information from a Programmed Field Programmable Gate Array. United States Patent, Patent Number 5898776.]]Google Scholar
- Aritome, S., Shirota, R., Hemink, G., Endoh, T., and Masuoka, F. 1993. Reliability issues of flash memory cells. Proc. IEEE 81, 5 (May), 776--788.]]Google ScholarCross Ref
- Athanas, P. and Abbott, A. 1995. Real-time image processing on a custom computing platform. IEEE Comput. 28, 2 (Feb.), 16--24.]] Google ScholarDigital Library
- Austin, K. 1995. Data Security Arrangements for Semicondutor Programmable Devices. United States Patent, Patent Number 5388157.]]Google Scholar
- Barrett, P. 1986. Implementing the Rivest Shamir and Adleman public key encryption algorithm on a standard digital signal processor. In Advances in Cryptology---CRYPTO '86, A. M. Odlyzko, ed. Lecture Notes in Computer Science, vol. 263. Springer-Verlag, Berlin, Germany, 311--323.]] Google ScholarDigital Library
- Benaloh, J. and Dai, W. Fast modular reduction. Rump session of CRYPTO '95.]]Google Scholar
- Biham, E. and Shamir, A. 1997. Differential fault analysis of secret key cryptosystems. In Advances in Cryptology---CRYPTO '97, B. Kaliski, Jr., ed. Lecture Notes in Computer Science, vol. 1294. Springer-Verlag, Berlin, 513--525.]] Google ScholarDigital Library
- Blake, I., Seroussi, G., and Smart, N. 1999. Elliptic Curves in Cryptography. London Mathematical Society Lecture Notes Series, vol. 265, Cambridge University Press.]] Google ScholarDigital Library
- Blum, T. 1999. Modular Exponentiation on Reconfigurable Hardware. M.S. thesis, ECE Department, Worcester Polytechnic Institute, Worcester, Massachusetts, USA.]]Google Scholar
- Blum, T. and Paar, C. 1999. Montgomery modular multiplication on reconfigurable hardware. In Proceedigns of the 14th IEEE Symposium on Computer Arithmetic (ARITH-14). 70--77.]] Google ScholarDigital Library
- Blum, T. and Paar, C. 2001. High radix Montgomery modular exponentiation on reconfigurable hardware. IEEE Trans. Comput. 50, 7 (July), 759--764.]] Google ScholarDigital Library
- Bondalapati, K. and Prasanna, V. 2002. Reconfigurable computing systems. Proc. IEEE.]]Google Scholar
- Boneh, D., DeMillo, R. A., and Lipton, R. J. 1997. On the importance of checking cryptographic protocols for faults (extended abstract). In Advances in Cryptology---EUROCRYPT '97, W. Fumy, ed. Lecture Notes in Computer Science, vol. 1233. Springer-Verlag, Berlin, 37--51.]] Google ScholarDigital Library
- Bora, P. and Czajka, T. 1999. Implementation of the Serpent Algorithm Using Altera FPGA Devices. Available at http://csrc.nist.gov/encryption/aes/round2/pubcmnts.htm.]]Google Scholar
- Borriello, G. and Want, R. 2000. Embedded computation meets the world wide web. Commun. ACM 43, 5 (May), 59--66.]] Google ScholarDigital Library
- Brickell, E. F. 1982. A fast modular multiplication algorithm with applications to two key cryptography. In Advances in Cryptology---CRYPTO '82, D. Chaum and R. L. Rivest, and A. T. Sherman, eds. Plenum Publishing, New York, USA, 51--60.]]Google Scholar
- Buell, D., Arnold, J., and Kleinfelder, W. 1996. Splash 2: FPGAs in a Custom Computing Machine. John Wiley and Sons.]]Google Scholar
- Chameleon Systems Inc. Available at http://www.chameleonsystems.com/.]]Google Scholar
- Chari, S., Jutla, C. S., Rao, J. R., and Rohatgi, P. 1999a. A cauttionary note regarding the evaluation of AES condidates on smart cards. In Proceedings of the Second AES Candidate Conference (AES2), Rome, Italy.]]Google Scholar
- Chari, S., Jutla, C. S., Rao, J. R., and Rohatgi, P. 1999b. Towards sound approaches to counteract power-analysis attacks. In Advances in Cryptology---CRYPTO '99, M. Wiener, ed. Lecture Notes in Computer Science, vol. 1666. Springer-Verlag, Berlin, 398--412.]] Google ScholarDigital Library
- Chodowiec, P. and Gaj, K. 2003. Very compact FPGA implementation of the AES algorithm. In Workshop on Cryptographic Hardware and Embedded Systems---CHES 2003, C. Walter, Ç. K. Koç, and C. Paar, eds. Lecture Notes in Computer Science, vol. 2779. Springer-Verlag, Berlin, 319--333.]]Google Scholar
- Chudnovsky, D. and Chudnovsky, G. 1986. Sequences of numbers generated by addition in formal groups and new primality and factorization tests. Adv. Appl. Math. 7, 4, 385--434.]] Google ScholarDigital Library
- Clavier, C., Coron, J., and Dabbous, N. 2000. Differential power analysis in the presence of hardware countermeasures. In Workshop on Cryptographic Hardware and Embedded Systems---CHES 2000, Ç. K. Koç and C. Paar, eds. Lecture Notes in Computer Science, vol. 1965. Springer-Verlag, Berlin, 252--263.]] Google ScholarDigital Library
- Clavier, C. and Coron, J.-S. 2000. On Boolean and arithmetic masking against differential power analysis. In Workshop on Cryptographic Hardware and Embedded Systems---CHES 2000, Ç. K. Koç and C. Paar, eds. Lecture Notes in Computer Science, vol. 1965. Springer-Verlag, Berlin, 231--237.]] Google ScholarDigital Library
- Compton, K. and Hauck, S. 2002. Reconfigurable computing: A survey of systems and software. ACM Comput. Surveys 34, 2 (June), 171--210.]] Google ScholarDigital Library
- Dandalis, A., Prasanna, V. K., and Rolim, J. D. P. 2000a. A comparative study of performance of AES final candidates using FPGAs. In Workshop on Cryptographic Hardware and Embedded Systems---CHES 2000, Ç. Koç and C. Paar, eds. Lecture Notes in Computer Science, vol. 1965. Springer-Verlag, Worcester, Massachusetts, USA, 125--140.]] Google ScholarDigital Library
- Dandalis, A., Prasanna, V. K., and Rolim, J. D. P. 2000b. An adaptive cryptographic engine for IPSec architectures. In Eighth Annual IEEE Symposium on Field-Programmable Custom Computing Machines, FCCM '00, K. L. Pocek and J. M. Arnold, eds.]] Google ScholarDigital Library
- Davies, N. and Gellersen, H.-W. 2002. Beyond prototypes: Challenges in deploying ubiquitous systems. IEEE Pervasive Computing 1, 1 (Jan.--Mar.), 26--35.]] Google ScholarDigital Library
- de Waleffe, D. and Quisquater, J.-J. 1990. CORSAIR: A smart card for public key cryptosystems. In Advances in Cryptology---CRYPTO '90, A. J. Menezes and S. A. Vanstone, eds. Lecture Notes in Computer Science, vol. 537. Springer-Verlag, Berlin, 502--514.]] Google ScholarDigital Library
- Dhem, J.-F. 1994. Modified version of the Barret modular multiplication algorithm. UCL Technical Report CG-1994/1, Université Catholique de Louvain.]]Google Scholar
- Dhem, J.-F. 1998. Design of an Efficient Public-key Cryptographic Library for RISC-Based Smart Cards. Ph.D. thesis, UCL---Université Catholique de Louvain, Louvain-la-Neuve, Belgium.]]Google Scholar
- Dierks, T. and Allen, C. 1999. RFC 2246: The TLS Protocol Version 1.0. Corporation for National Research Initiatives, Internet Engineering Task Force, Network Working Group, Reston, Virginia, USA.]] Google ScholarDigital Library
- Diffie, W. and Hellman, M. E. 1976. New directions in cryptography. IEEE Trans. Inf. Theory IT-22, 644--654.]]Google ScholarDigital Library
- Dipert, B. 2000. Cunning Circuits Confound Crooks. Available at http://www.e-insite.net/ ednmag/contents/images/21df2.pdf.]]Google Scholar
- Dussé, S. R. and Kaliski, B. S. 1990. A cryptographic library for the Motorola DSP56000. In Advances in Cryptology---EUROCRYPT'90, I. B. Damgård, ed. Lecture Notes in Computer Science, vol. 473. Springer-Verlag, Berlin, Germany, 230--244.]] Google ScholarDigital Library
- Dworkin, M. 2001. NIST SP 800-38A, Recommendation for Block Cipher Modes of Operation---Methods and Techniques. National Institute of Standards and Technology/U.S. Department of Commerce. Available at http://csrc.nist.gov/encryption/tkmodes.html.]] Google ScholarDigital Library
- Dworkin, M. 2002. Draft NIST SP 800-38B, Recommendation for Block Cipher Modes of Operation: The RMAC Authentication Mode---Methods and Techniques. National Institute of Standards and Technology/U.S. Department of Commerce. Available at http://csrc.nist.gov/encryption/tkmodes.html.]]Google Scholar
- Elbirt, A. 1999. An FPGA Implementation and Performance Evaluation of the CAST-256 Block Cipher. Tech. Rep., Cryptography and Information Security Group, ECE Department, Worcester Polytechnic Institute, Worcester, Massachusetts, USA. May.]]Google Scholar
- Elbirt, A. and Paar, C. 2000. An FPGA implementation and performance evaluation of the serpent block cipher. In FPGA '00---ACM/SIGDA International Symposium on Field Programmable Gate Arrays. ACM, Monterey, CA, USA, 33--40.]] Google ScholarDigital Library
- Elbirt, A. and Paar, C. 2001. An FPGA-based performance evaluation of the AES block cipher candidate algorithm finalists. IEEE Trans. Very Large Integ. (VLSI) Syst. 4, 9, 545--557.]] Google ScholarDigital Library
- Elbirt, A., Yip, W., Chetwynd, B., and Paar, C. 2000. An FPGA implementation and performance evaluation of the AES block cipher candidate algorithm finalists. In The Third Advanced Encryption Standard Candidate Conference. National Institute of Standards and Technology, New York, New York, USA, 13--27.]]Google Scholar
- Elbirt, A., Yip, W., Chetwynd, B., and Paar, C. 2001. An FPGA-based performance evaluation of the AES block cipher candidate algorithm finalists. IEEE Trans. VLSI Des. 9, 4 (Aug.), 545--557.]] Google ScholarDigital Library
- Eldridge, S. E. and Walter, C. D. 1993. Hardware implementation of Montgomery's modular multiplication algorithm. IEEE Trans. Comput. 42, 6 (July), 693--699.]] Google ScholarDigital Library
- Erickson, C. R. 1999. Configuration Stream Encryption. United States Patent, Patent Number 5970142.]]Google Scholar
- Federal Information Processing Standards. 1977. NIST FIPS PUB 46, Data Encryption Standard. Federal Information Processing Standards, National Bureau of Standards, U.S. Department of Commerce.]]Google Scholar
- Ferreira, R., Malzahn, R., Marissen, P., Quisquater, J.-J., and Wille, T. 1996. FAME: A 3rd generation coprocessor for optimising public key cryptosystems in smart card applications. In Proceedings of CARDIS 1996, Smart Card Research and Advanced Applications, P. H. Hartel, P. Paradinas, and J.-J. Quisquater, eds. Stichting Mathematisch Centrum, CWI, Amsterdam, The Netherlands, 59--72.]]Google Scholar
- Fischer, V. and Drutarovsky, M. 2001. Two methods of Rijndael implementation in reconfigurable hardware. In Workshop on Cryptographic Hardware and Embedded Systems---CHES 2001, Ç. K. Koç, D. Naccache, and C. Paar, eds. Lecture Notes in Computer Science, vol. 2162. Springer-Verlag, Berlin, 77--92.]] Google ScholarDigital Library
- Frecking, W. and Parhi, K. K. 1999. A unified method for iterative computation of modular multiplications and reduction operations. In International Conference on Computer Design---ICCD '99. 80--87.]] Google ScholarDigital Library
- Freier, A. O., Karlton, P., and Kocher, P. C. 1996. The SSL Protocol Version 3.0. Transport Layer Security Working Group INTERNET-DRAFT.]]Google Scholar
- Gaj, K. and Chodowiec, P. 2000. Comparison of the hardware performance of the AES candidates using reconfigurable hardware. In The Third Advanced Encryption Standard Candidate Conference. National Institute of Standards and Technology, New York, New York, USA, 40--54.]]Google Scholar
- Gaj, K. and Chodowiec, P. 2001. Fast implementation and fair comparison of the final candidates for advanced encryption standard using field programmable gate arrays. In Topics in Cryptology---CT-RSA 2001, D. Naccache, ed. Lecture Notes in Computer Science, vol. 2020. Springer-Verlag, Berlin, 84--99.]] Google ScholarDigital Library
- Gordon, D. M. 1998. A survey of fast exponentiation methods. J. Algorithms 27, 129--146.]] Google ScholarDigital Library
- Goubin, L. and Patarin, J. 1999. DES and differential power analysis. In Workshop on Cryptographic Hardware and Embedded Systems---CHES 1999, Ç. K. Koç and C. Paar, eds. Lecture Notes in Computer Science, vol. 1717. Springer-Verlag, Berlin, 158--172.]] Google ScholarDigital Library
- Guccione, S. A. and Levi, D. Jbits: A Java-Based Interface to FPGA Hardware. Tech. rep., Xilinx Corporation, San Jose, CA, USA. Available at http://www.io.com/guccione/Papers/Papers.html.]]Google Scholar
- Gutmann, P. 1996. Secure deletion of data from magnetic and solid-state memory. In Sixth USENIX Security Symposium. 77--90.]] Google ScholarDigital Library
- Gutmann, P. 2001. Data remanence in semiconductor devices. In 10th USENIX Security Symposium. 39--54.]] Google ScholarDigital Library
- Haddad, S., Chang, C., Swaminathan, B., and Lien, J. 1989. Degradations due to hole trapping in flash memory cells. IEEE Electron Dev. Lett. 10, 3 (Mar.), 117--119.]]Google ScholarCross Ref
- Hauser, J. and Wawrzynek, J. 1997. Garp: A MIPS processor with reconfigurable coprocessor. In IEEE Symposium on FPGAs for Custom Computing Machines, K. Pocek and J. Arnold, eds. 12--21.]] Google ScholarDigital Library
- Järvinen, K. U., Tommiska, M., and Skyttä, J. 2003. A fully pipelined memoryless 17.8 Gbps AES-128 encryptor. In 2003 ACM/SIGDA 11th International Symposium on Field programmable Gate Arrays---FPGA 2003. ACM Press, 207--215.]] Google ScholarDigital Library
- Jeffrey, G. P. 2002. Field Programmable Gate Arrays. United States Patent, Patent Number 6356637.]]Google Scholar
- Kaliski, Jr., B. S., Koç, Ç. K., and Paar, C., eds. 2002. Workshop on Cryptographic Hardware and Embedded Systems---CHES 2002. Lecture Notes in Computer Science, vol. 2523. Springer-Verlag, Berlin, Germany.]] Google ScholarDigital Library
- Kaps, J. P. 1998. High speed FPGA architectures for the Data Encryption Standard. M.S. thesis, ECE Department, Worcester Polytechnic Institute, Worcester, Massachusetts, USA.]]Google Scholar
- Kaps, J. P. and Paar, C. 1998. Fast DES implementation on FPGAs and its application to a universal key-search machine. In Fifth Annual Workshop on Selected Areas in Cryptography, Queen's University, Kingston, Ontario, Canada. S. Tavares and H. Meijer, eds. Lecture Notes in Computer Science, vol. 1556. Springer-Verlag, Berlin, Germany.]] Google ScholarDigital Library
- Kaps, J.-P. and Paar, C. 1999. DES auf FPGAs (DES on FPGAs, in German). Datenschutz Datensicherheit 23, 10, 565--569. Invited contribution.]]Google Scholar
- Kean, T. 2001. Secure configuration of field programmable gate arrays. In International Conference on Field-Programmable Logic and Applications 2001 (FPL 2001). Lecture Notes in Computer Science, vol. 2147. Springer-Verlag, Berlin, 142--151.]] Google ScholarDigital Library
- Kelem, S. H. and Burnham, J. L. 2000. System and Method for PLD Bitstram Encryption. United States Patent, Patent Number 6118868.]]Google Scholar
- Kent, S. and Atkinson, R. 1998. RFC 2401: Security Architecture for the Internet Protocol. Corporation for National Research Initiatives, Internet Engineering Task Force, Network Working Group, Reston, Virginia, USA.]] Google ScholarDigital Library
- Kessner, D. 2000. Copy Protection for SRAM based FPGA Designs. Available at http://www. free-ip.com/copyprotection.html.]]Google Scholar
- Knuth, D. E. 1981. The Art of Computer Programming. vol. 2: Seminumerical Algorithms, 2nd ed. Addison-Wesley, Reading, Massachusetts, USA.]] Google ScholarDigital Library
- Koblitz, N. 1987. Elliptic curve cryptosystems. Math. Comput. 48, 203--209.]]Google ScholarCross Ref
- Koç, Ç. K. and Hung, C. Y. 1991. Bit-level systolic arrays for modular multiplication. J. VLSI Signal Proces. 3, 3, 215--223.]]Google ScholarDigital Library
- Koç, Ç. K., Naccache, D., and Paar, C., eds. 2001. Workshop on Cryptographic Hardware and Embedded Systems---CHES 2001. Lecture Notes in Computer Science, vol. 2162. Springer-Verlag, Berlin, Germany.]]Google Scholar
- Koç, Ç. K. and Paar, C., eds. 1999. Workshop on Cryptographic Hardware and Embedded Systems---CHES'99. Lecture Notes in Computer Science, vol. 1717. Springer-Verlag, Berlin, Germany.]]Google Scholar
- Koç, Ç. K. and Paar, C., eds. 2000. Workshop on Cryptographic Hardware and Embedded Systems---CHES 2000. Lecture Notes in Computer Science, vol. 1965. Springer-Verlag, Berlin, Germany.]]Google Scholar
- Kocher, P., Jaffe, J., and Jun, B. 1999. Differential power analysis. In Advances in Cryptology---CRYPTO '99, M. Wiener, ed. Lecture Notes in Computer Science, vol. 1666. Springer-Verlag, Berlin, 388--397.]] Google ScholarDigital Library
- Kommerling, O. and Kuhn, M. 1999. Design principles for tamper-resistant smartcard processors. In USENIX Workshop on Smartcard Technology (Smartcard '99) 9--20.]] Google ScholarDigital Library
- Kornerup, P. 1994. A systolic, linear-array multiplier for a class of right-shift algorithms. IEEE Trans. Comput. 43, 8 (Aug.), 892--898.]] Google ScholarDigital Library
- Lai, X. and Massey, J. 1990. A proposal for a new block encryption standard. In Advances in Cryptology---EUROCRYPT '90, I. B. Damgård, ed. Lecture Notes in Computer Science, vol. 473. Springer-Verlag, Berlin, Germany, 389--404.]] Google ScholarDigital Library
- Lai, X. and Massey, J. L. 1991. Markov ciphers and differential cryptanalysis. In Advances in Cryptology---EUROCRYPT '91, D. W. Davies, ed. Lecture Notes in Computer Science, vol. 547. Springer-Verlag, Berlin, Germany, 17--38.]]Google Scholar
- Lai, X., Massey, Y., and Murphy, S. 1991. Markov ciphers and differential cryptoanalysis. In Advances in Cryptology---EUROCRYPT '91, D. W. Davies, ed. Lecture Notes in Computer Science, vol. 547. Springer-Verlag, Berlin, Germany.]]Google Scholar
- Lenstra, A. and Verheul, E. 2001. Selecting cryptographic key sizes. J. Cryptol. 14, 4, 255--293.]]Google ScholarDigital Library
- Leonard, J. and Magione-Smith, W. 1997. A case study of partially evaluated hardware circuits: Keyspecific DES. In Field-Programmable Logic and Applications, 7th International Workshop, FPL '97, W. Luk, P. Cheung, and M. Glesner, eds. Springer-Verlag, London, UK.]] Google ScholarDigital Library
- Lipmaa, H. 2002. Fast Software Implementations of AES. Available at http://www.tcs.hut. fi/helger/aes/rijndael.html.]]Google Scholar
- Massey, J. L. and Lai, X. 1992. Device for Converting a Digital Block and the use Thereof. European Patent, Patent Number 482154.]]Google Scholar
- McLoone, M. and McCanny, J. 2001. High performance single-chip FPGA rijndael algorithm. In Workshop on Cryptographic Hardware and Embedded Systems---CHES 2001, Ç. K. Koç, D. Naccache, and C. Paar, eds. Lecture Notes in Computer Science, vol. 2162. Springer-Verlag, Berlin, 65--76.]] Google ScholarDigital Library
- Menezes, A. and Johnson, D. 1999. The elliptic curve digitial signature algorithm (ECDSA). Tech. rep. CORR 99-34, Department of C & O, University of Waterloo, Ontario, Canada.]]Google Scholar
- Menezes, A. J., van Oorschot, P. C., and Vanstone, S. A. 1997. Handbook of Applied Cryptography. CRC Press, Boca Raton, Florida, USA.]] Google ScholarDigital Library
- Miller, V. 1986. Uses of elliptic curves in cryptography. In Advances in Cryptology---CRYPTO '85, H. C. WIlliams, ed. Lecture Notes in Computer Science, vol. 218. Springer-Verlag, Berlin, Germany, 417--426.]] Google ScholarDigital Library
- Montgomery, P. L. 1985. Modular multiplication without trial division. Math. Computat. 44, 170 (Apr.), 519--521.]]Google ScholarCross Ref
- Naccache, D. and M'Raïhi, D. 1996. Cryptographic smart cards. IEEE Micro 16, 3, 14--24.]] Google ScholarDigital Library
- Nechvatal, J., Barker, E., Bassham, L., Burr, W., Dworkin, M., Foti, J., and Roback, E. 2000. Report on the Development of the Adavanced Encryption Standard (AES). Available at csrc.nist.gov/encryption/aes/round2/r2report.pdf, National Institute of Standards and Technology/U.S. Department of Commerce. October 2.]]Google Scholar
- Norris, M. J. and Simmons, G. J. 1981. Algorithms for high-speed modular arithmetic. Congressus Numeratium 31, 153--163.]]Google Scholar
- Omura, J. K. 1990. A public key cell design for smart card chips. In International Symposium on Information Theory and its Applications. 983--985.]]Google Scholar
- Orlando, G. and Paar, C. 2001. A scalable GF(p) elliptic curve processor architecture for programmable hardware. In Workshop on Cryptographic Hardware and Embedded Systems---CHES 2001, Ç. K. Koç, D. Naccache, and C. Paar, eds. Lecture Notes in Computer Science, vol. 2162. Springer-Verlag, Berlin, 348--363.]] Google ScholarDigital Library
- Örs, S., Oswald, E., and Preneel, B. 2003. Power-analysis attacks on an FPGA---First experimental results. In Workshop on Cryptographic Hardware and Embedded Systems---CHES 2003, C. Walter, Ç. K. Koç, and C. Paar, eds. Lecture Notes in Computer Science, vol. 2779. Springer-Verlag, Berlin, 35--50.]]Google Scholar
- Orup, H. 1995. Simplifying quotient determination in high-radix modular multiplication. In Proceedigns of the 12th IEEE Symposium on Computer Arithmetic (ARITH 12). 193--199.]] Google ScholarDigital Library
- Orup, H. and Kornerup, P. 1991. A high-radix hardware algorithm for calculating the exponential ME modulo N. In Proceedigns of the 10th IEEE Symposium on Computer Arithmetic (ARITH 10), P. Kornerup and D. W. Matula, eds. 51--56.]]Google Scholar
- P1363 2000. IEEE P1363-2000: IEEE Standard Specifications for Public Key Cryptography. Available at http://standards.ieee.org/catalog/olis/busarch.html.]]Google Scholar
- Pang, R. C., Wong, J., Frake, S. O., Sowards, J. W., Kondapalli, V. M., Goetting, F. E., Trimberger, S. M., and Rao, K. K. 2000. Nonvolatile/Battery-Backed Key in PLD. United States Patent, Patent Number 6366117.]]Google Scholar
- Papadas, C., Ghibaudo, G., Pananakakis, G., Riva, C., Ghezzi, P., Gounelle, C., and Mortini, P. 1991. Retention characteristics of single-poly EEPROM cells. In European Symposium on Reliability of Electron Devices, Failure Physics and Analysis. 517.]]Google Scholar
- Patterson, C. 2000a. A dynamic implementation of the serpent block cipher. In Workshop on Cryptographic Hardware and Embedded Systems---CHES 2000, Çetin K. Koç and C. Paar, eds. Lecture Notes in Computer Science, vol. 1965. Springer-Verlag, Berlin, 142--156.]] Google ScholarDigital Library
- Patterson, C. 2000b. High Performance DES Encryption in Virtex FPGAs Using JBits. In IEEE Symposium on Field--Programmable Custom Computing Machines (FCCM 2000), K. L. Pocek and J. M. Arnold, eds.]] Google ScholarDigital Library
- Preneel, B., Van Rompay, B., Örs, S., Biryukov, A., Granboulan, L., Dottax, E., Dichtl, M., Schafheutle, M., Serf, P., Pyka, S., Biham, E., Barkan, E., Dunkelman, O., Stolin, J., Ciet, M., Quisquater, J.-J., Sica, F., Raddum, H., and Parker, M. 2003. Performance of Optimized Implementations of the NESSIE Primitives. Tech. rep. February 20. Available at http://www.cryptonessie.org/.]]Google Scholar
- Quisquater, J.-J. Fast modular exponentiation without division. Rump session of EUROCRYPT '90.]]Google Scholar
- Quisquater, J.-J. 1992. Encoding System according to the so-called RSA Method, by Means of a Microcontroller and Arrangement Implementing this System. United States Patent, Patent Number 5166978.]]Google Scholar
- Quisquater, J.-J. and Couvreur, C. 1982. Fast decipherment algorithm for RSA public--key cryptosystem. Electron. Lett. 18, 905--907.]]Google ScholarCross Ref
- Quisquater, J.-J. and Samyde, D. 2001. Electro magnetic analysis (EMA): Measures and countermeasures for smart cards. In International Conference on Research in Smart Cards, E-smart 2001, Cannes, France. 200--210.]] Google ScholarDigital Library
- Rashid, A., Leonard, J., and Mangione-Smith, W. 1998. Dynamic circuit generation for solving specific problem instances of boolean satisfiability. In IEEE Symposium on FPGAs for Custom Computing Machines---FCCM '98, Napa Valley, California, USA. 196--205.]] Google ScholarDigital Library
- Riaz, M. and Heys, H. 1999. The FPGA implementation of RC6 and CAST-256 encryption algorithms. In Proceedings: IEEE 1999 Canadian Conference on Electrical and Computer Engineering, Edmonton, Alberta, Canada.]]Google Scholar
- Richard, G. 1998. Digital Signature Technology Aids IP Protection. In EETimes---News. Available at http://www.eetimes.com/news/98/1000news/digital.html.]]Google Scholar
- Rivest, R. L., Shamir, A., and Adleman, L. 1978. A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21, 2 (Feb.), 120--126.]] Google ScholarDigital Library
- San, K., Kaya, C., and Ma, T. 1995. Effects of erase source bias on flash EPROM device reliability. IEEE Trans. Electron Dev. 42, 1 (Jan.), 150--159.]]Google ScholarCross Ref
- Schaumont, P., Verbauwhede, I., Keutzer, K., and Sarrafzadeh, M. 2001. A quick safari through the reconfiguration jungle. In Proceedings of the 38th Conference on Design Automation---DAC 2001. ACM Press, New York, NY, USA, 172--177.]] Google ScholarDigital Library
- Schneier, B. 1996. Applied Cryptography, 2nd ed. John Wiley & Sons Inc., New York, New York, USA.]]Google Scholar
- Schroder, D. 1998. Semiconducor Material and Device Characterization, 2nd ed. John Wiley and Sons.]] Google ScholarDigital Library
- Seamann, G. 2000. FPGA Bitstreams and Open Designs. Available at http://www. opencollector.org/news/Bitstream.]]Google Scholar
- Sedlak, H. 1987. The RSA cryptography processor. In Advances in Cryptology---EUROCRYPT '87, D. Chaum and W. L. Price, eds. Lecture Notes in Computer Science, vol. 304. Springer-Verlag, Berlin, Germany, 95--105.]]Google Scholar
- Shamir, A. 2000. Protecting smart cards form power analysis with detached power supplies. In Workshop on Cryptographic Hardware and Embedded Systems---CHES 2000, Ç. K. Koç and C. Paar, eds. Lecture Notes in Computer Science, vol. 1965. Springer-Verlag, Berlin, 71--77.]] Google ScholarDigital Library
- Shand, M. and Vuillemin, J. 1993. Fast implementations of RSA cryptography. In Proceedigns of the 11th IEEE Symposium on Computer Arithmetic (ARITH-11), E. Swartzlander, Jr., M. J. Irwin, and G. Jullien, eds. 252--259.]]Google Scholar
- Shang, L., Kaviani, A., and Bathala, K. 2002. Dynamic power consumption on the Virtex-II FPGA family. In 2002 ACM/SIGDA 10th International Symposium on Field Programmable Gate Arrays. ACM Press, 157--164.]] Google ScholarDigital Library
- Skorobogatov, S. and Anderson, R. 2002. Optical fault induction attacks. In Workshop on Cryptographic Hardware and Embedded Systems---CHES 2002, B. S. Kaliski, Jr., Ç. K. Koç, and C. Paar, eds. Lecture Notes in Computer Science, vol. 2523. Springer-Verlag, Berlin, 2--12.]] Google ScholarDigital Library
- Soden, J. and Anderson, R. 1993. IC failure analysis: techniques and tools for quality and reliability improvement. Proc. IEEE 81, 5 (May), 703--715.]]Google ScholarCross Ref
- Standaert, F.-X., Rouvroy, G., Quisquater, J.-J., and Legat, J.-D. 2003a. A methodology to implement block ciphers in reconfigurable hardware and its application to fast and compact AES RIJNDAEL. In 2003 ACM/SIGDA 11th International Symposium on Field programmable gate arrays---FPGA 2003. ACM Press, 216--224.]] Google ScholarDigital Library
- Standaert, F.-X., Rouvroy, G., Quisquater, J.-J., and Legat, J.-D. 2003b. Efficient implementation of rijndael encryption in reconfigurable hardware: Improvements and design tradeoffs. In Workshop on Cryptographic Hardware and Embedded Systems---CHES 2003, C. Walter, Ç. K. Koç, and C. Paar, eds. Lecture Notes in Computer Science, vol. 2779. Springer-Verlag, Berlin, 334--350.]]Google Scholar
- Standaert, F.-X., van Oldeneel tot Oldenzeel, L., Samyde, D., and Quisquater, J.-J. 2003. Power analysis of FPGAs: How practical is the attack. In 13th International Conference on Field Programmable Logic and Applications---FPL 2003, P. Cheung, G. Constantinides, and J. de Sousa, eds. Lecture Notes in Computer Science, vol. 2778. Springer-Verlag, Berlin.]]Google ScholarCross Ref
- Sung, C. and Wang, B. I. 1999. Method and Apparatus for Securing Programming Data of Programmable Logic Device. United States Patent, Patent Number 5970142.]]Google Scholar
- Tao, J., Cheung, N., and Ho, C. 1993. Metal electromigration damage healing under bidirectional current stress. IEEE Trans. Elecron Dev. 14, 12 (Dec.), 554--556.]]Google Scholar
- Taylor, R. and Goldstein, S. 1999. A high-performance flexible architecture for cryptography. In Workshop on Cryptographic Hardware and Embedded Systems---CHES '99, Ç. Koç and C. Paar, eds. Lecture Notes in Computer Science, vol. 1717. Springer-Verlag, Berlin, Worcester, Massachusetts, USA, 231--245.]] Google ScholarDigital Library
- Tessier, R. and Burleson, W. 2000. Reconfigurable computing for digital signal processing: A survey. J. VLSI Signal Process. 28, 1 (June), 7--27.]] Google ScholarDigital Library
- Thomas, S., Anthony, D., Berson, T., and Gong, G. 2003. The W7 Stream Cipher Algorithm. Available at http://www.watersprings.org/pub/id/draft-thomas-w7cipher-03.txt. Internet Draft.]]Google Scholar
- Trimberger, S., Pang, R., and Singh, A. 2000. A 12 Gbps DES encryptor/decryptor core in an FPGA. In Workshop on Cryptographic Hardware and Embedded Systems---CHES 2000, Ç. K. Koç and C. Paar, eds. Lecture Notes in Computer Science, vol. 1965. Springer-Verlag, Berlin, Worcester, Massachusetts, USA, 157--163.]] Google ScholarDigital Library
- Triscend Corporation. Available at http://www.triscend.com/.]]Google Scholar
- U.S. Department of Commerce/National Institute of Standard and Technology. 2000. FIPS 186-2, Digital Signature Standard (DSS). U.S. Department of Commerce/National Institute of Standard and Technology. Available at http://csrc.nist.gov/encryption.]]Google Scholar
- U.S. Department of Commerce/National Institute of Standard and Technology. 2001. FIPS PUB 197, Specification for the Advanced Encryption Standard (AES). U.S. Department of Commerce/National Institute of Standard and Technology. Available at http://csrc.nist.gov/ encryption/aes.]]Google Scholar
- U.S. Department of Commerce/National Institute of Standards and Technology. 1999. NIST FIPS PUB 46-3, Data Encryption Standard (DES). U.S. Department of Commerce/National Institute of Standards and Technology. Available at http://csrc.nist.gov/encryption/ tkencryption.html.]]Google Scholar
- van der Pol, J. and Koomen, J. 1990. Relation between the hot carrier lifetime of transistors and CMOS SRAM products. In International Reliability Physics Symposium (IRPS 1990). 178.]]Google Scholar
- Vuillemin, J. E., Bertin, P., Roncin, D., Shand, M., Touati, H. H., and Boucard, P. 1996. Programmable active memories: Reconfigurable systems come of age. IEEE Trans. VLSI Syst. 4, 1 (Mar.), 56--69.]] Google ScholarDigital Library
- Walter, C. D. 1991. Faster modular multiplication by operand scaling. In Advances in Cryptology---CRYPTO '91, J. Feigenbaum, ed. Lecture Notes in Computer Science, vol. 576. Springer-Verlag, Berlin, 313--323.]] Google ScholarDigital Library
- Weaver, N. and Wawrzynek, J. 2000. A comparison of the AES candidates amenability to FPGA implemenation. In The Third Advanced Encryption Standard Candidate Conference. National Institute of Standards and Technology, New York, New York, USA, 28--39.]]Google Scholar
- Wilcox, D. C., Pierson, L., Robertson, P., Witzke, E., and Gass, K. 1999. A DES ASIC suitable for network encryption at 10 Gbps and beyond. In Workshop on Cryptographic Hardware and Embedded Systems---CHES '99, Ç. Koç and C. Paar, eds. Lecture Notes in Computer Science, vol. 1717. Springer-Verlag, Berlin, Worcester, Massachusetts, USA, 37--48.]] Google ScholarDigital Library
- Williams, T., Kapur, R., Mercer, M., Dennard, R., and Maly, W. 1996. IDDQ testing for high performance CMOS---The next ten years. In IEEE European Design and Test Conference (ED&TC'96). 578--583.]] Google ScholarDigital Library
- Wollinger, T., Wang, M., Guajardo, J., and Paar, C. 2000. How well are high-end DSPs suited for the AES algorithms? In The Third Advanced Encryption Standard Candidate Conference. National Institute of Standards and Technology, New York, New York, USA, 94--105.]]Google Scholar
- Wong, S., Vassiliadis, S., and Cotofana, S. 2002. Future directions of (pprogrammable and reconfigurable) embedded processors. In Embedded Processor Design Challenges, Workshop on Systems, Architectures, Modeling, and Simulation---SAMOS 2002.]]Google Scholar
- Wu, H. 1999. Low complexity bit-parallel finite field arithmetic using polynomial basis. In Workshop on Cryptographic Hardware and Embedded Systems---CHES 1999, Ç. K. Koç and C. Paar, eds. Lecture Notes in Computer Science, vol. 1717. Springer-Verlag, Berlin, 280--291.]] Google ScholarDigital Library
- Xilinx Inc. Using Bitstream Encryption. Handbook of the Virtex II Platform. Available at http://www.xilinx.com.]]Google Scholar
- Xilinx Inc. 1999. XC4000E and XC4000X Series Field Programmable Gate Arrays, Version 1.6. Xilinx Inc., San Jose, California, USA.]]Google Scholar
- Xilinx Inc. 2001. Virtex 2.5V Field Programmable Gate Arrays, Version 2.5. Xilinx Inc., San Jose, California, USA.]]Google Scholar
- Xilinx Inc. 2002. VirtexTM-II Platform FPGA Data Sheet. Xilinx Inc. Available at http://www.xilinx.com/partinfo/databook.htm.]]Google Scholar
- Xilinx Inc. 2003. Virtex-II ProTM Platform FPGAs: Introduction and Overview, Version 2.4. Xilinx Inc. Available at http://direct.xilinx.com/bvdocs/publications/ds083.pdf.]]Google Scholar
- Yip, K.-W. and Ng, T.-S. 2000. Partial-encryption technique for intellectual property protection of FPGA-based products. IEEE Trans. Consumer Electron. 46, 1, 183--190.]] Google ScholarDigital Library
Index Terms
- Security on FPGAs: State-of-the-art implementations and attacks
Recommendations
Self-Reconfigurable Embedded Systems on Low-Cost FPGAs
Hardware acceleration significantly increases the performance of embedded systems built on programmable logic. Allowing a FPGA-based MicroBlaze processor to self-select the coprocessors it uses can help reduce area requirements and increase a system's ...
Reconfigurable hardware for high-security/high-performance embedded systems: the SAFES perspective
Embedded systems present significant security challenges due to their limited resources and power constraints. This paper focuses on the issues of building secure embedded systems on reconfigurable hardware and proposes a security architecture for ...
Compact modular exponentiation accelerator for modern FPGA devices
We present a compact FPGA implementation of a modular exponentiation accelerator suited for cryptographic applications. The implementation efficiently exploits the properties of modern FPGAs. The accelerator consumes 434 logic elements, four 9-bit DSP ...
Comments