14-05-2014, 11:00 AM
A Quantitative Analysis of a Novel SEU-Resistant SHA-2 and HMAC Architecture for Space Missions Security
ABSTRACT
The increasing demand for more secure operation of space
missions has led to emergence of cryptographic mechanisms
aboard spacecrafts. However, cryptographic applications are
extremely sensitive to bit-flips caused by radiation-induced single
event upsets (SEUs). A traditional approach to mitigate SEUs
in space applications has been the triple modular redundancy
(TMR). However, such technique incurs large overheads in
implementation area and power. An efficient approach to achieve
fault tolerance in the secure hash standard (SHS) and in the
keyed-hash message authentication code (HMAC) is introduced.
When compared with TMR the proposed scheme not only
achieves higher resistance against SEUs, but it also reduces
implementation area requirements and power consumption.
Results obtained through field-programmable gate array
(FPGA) implementation show that HMAC/SHA-512 (secure hash
algorithm) utilizes, on average, 53% less area and less power
compared with the traditional TMR technique. Furthermore,
the memory and registers of the HMAC/SHA-512 module are
approximately 171 and 491 times more resistant against SEUs
than TMR. This research is crucial for enabling the efficient
employment of security mechanisms onboard space systems.
INTRODUCTION
Nowadays a wide variety of services are made
possible through the utilization of spacecrafts, which
include communications, meteorology, navigation,
and scientific research. Even commercial satellites
have been used to increase military communications
capabilities [1]. Due to the strategic importance of
these valuable space assets, it is no longer possible to
rely solely on the uniqueness and obscurity of their
designs in order to achieve security. As has been
pointed out by the US General Accounting Office
(GAO), threats to satellites can pose severe risks to
communications infrastructures [1, 2]. It has also
been highlighted by the Consultative Committee for
Space Data Systems (CCSDS) [3] that advances in
technology could allow for more complex attacks to
be easily carried out against spacecrafts. Due to the
lack of appropriate security, it has been reported that
some satellites have already been compromised [4—6].
RELATED WORK
Hardware implementations of the SHS and HMAC
algorithms have been proposed by several works. In
[13] a single chip implementation of SHA-384 and
SHA-512 based on FPGAs is introduced, whereas
a SHA-256 processor is presented in [14]. In [15],
[16] the whole SHA-2 family is implemented in
FPGAs and compared in terms of area, frequency
of operation, and throughput. Other works such
as [17], [18], [19] provide further comparisons of
FPGA-based implementations of hash functions. One
of the earliest hardware designs of HMAC based on
the SHA-1 hash function is reported in [13]. This
processor implements both HMAC/SHA-1 and AES
[9], which therefore provides full hardware support
for internet security protocol (IPsec). Also, the authors
in [20] propose an HMAC processor that integrates
both SHA-1 and MD5 (message-digest) algorithms.
In [21] a high-performance HMAC/SHA-1 design
is presented, but its drawback is the utilization of a
large implementation area. An ASIC implementation
of HMAC, also based on SHA-1, is presented in
[22]. Even though this design is implemented as
an ASIC, it achieves low throughput. Finally, yet
another HMAC design is proposed in [23]. Since
its design comprises three hash functions (SHA-1,
MD5, and RIPEMD (RACE integrity primitives
evaluation message-digest)), it occupies a very
large implementation area. The only hardware
implementation of HMAC based on the SHA-2 family
of hash functions is presented in [24]. That work also
presents an HW/SW (hardware/software) approach
for tailoring a reconfigurable platform to the SHA-2
computation requirements.
In spite of multiple hardware implementations
of SHS and HMAC, very few address the problem
of SEUs. Precisely, only [25] and [26] provide
SHA-2 with fault-tolerance mechanisms. In [25]
error detection is considered for SHA-512 in FPGAs.
Since this approach employs parity prediction for the
internal hash function operations, it is therefore unable
to correct errors. In contrast [26] and [27] present
an efficient fault-tolerant scheme based on HCs for
providing SHA-2 and HMAC with error detection and
correction capabilities. Other fault-tolerant designs of
cryptographic primitives have mainly been proposed
for block encryption algorithms like the AES [9], such
as in [28], [29], [30], in which single bit-flips in the
substitution box of the AES algorithm are detected by
using look-up tables (LUTs) and parity prediction.
Chip fabrication techniques can produce
PROPOSED FAULT-TOLERANCE SCHEMES
Three fault-tolerance techniques based on modular
redundancy and information redundancy are utilized to
devise fault-tolerant schemes for SHA-2 and HMAC.
Namely, TMR (FullTMR), register TMR with encoded
memory (TMRRegs&HCMem), and encoded registers
and memory (HCRegs&HCMem). FullTMR has been a
common technique utilized in space, and it is utilized
as a baseline to compare with the proposed schemes.
The main goal of the fault-tolerant designs considered
in this work is to minimize the implementation area
and power consumption and to maximize resistance
against SEUs. The scheme based on information
redundancy relies on the utilization of HCs to encode
the contents of registers and memory locations. The
HCs considered in this paper are defined according
to the following terminology: (w, v), where v is the
number of data bits and w is the number of data bits
together with their associated parity bits.
EXPERIMENTAL RESULTS
The experimental results presented in this
section are obtained through the VHSIC hardware
description language (VHDL) description and
hardware implementation of the designs introduced
in Appendix II and Section III. The reported results
refer to post place and route and timing analysis
data. Although all the proposed schemes could be
successfully implemented in both ASICs and FPGAs
(SRAM, flash, antifuse), the implementation device
utilized in this research is an Altera SRAM FPGA
CycloneII EP2C35F672C6 [44]. Such an FPGA is
capable of performing automatic CRC checks on its
configuration so that it is possible to reconfigure the
chip in case of errors in the FPGA configuration file.
The tool utilized to describe, synthesize, simulate, and
estimate power consumption of hardware modules is
QuartusII version 9.0 [45].
COMPARISONS AND DISCUSSIONS
Based on the discussion and results presented
in Sections V and IV, it can be observed that
TMRRegs&HCMem provides very high levels of
protection against SEUs. However, this comes at the
cost of utilizing more area than FullTMR. Also, the
former approach provides lower throughput than the
latter one. Consequently, TMRRegs&HCMem ends up not
leading to a good trade-off in terms of implementation
parameters.
In turn the HCRegs&HCMem approach presents
high resistance against SEUs while keeping reduced
requirements in terms of implementation area,
register requirements, and energy consumption.
The utilization of Hamming encoders in the HMAC
datapath lowers its frequency of operation and,
consequently, its throughput. However, the throughput
obtained with the HCRegs&HCMem scheme may satisfy
the requirements of most space systems. Thus, this
approach provides low implementation area, low
register requirements, low energy consumption, and
high resistance against SEUs in detriment of lower
throughput. In general HCRegs&HCMem offers a better
trade-off among the aforementioned parameters
compared with FullTMR and TMRRegs&HCMem.