Securing AES Accelerator from Key-Leaking Trojans on FPGA

Abstract

Reconfigurable hardware presents a useful platform for building systems with high performance and a secured nature. A new method for protecting 128-bit AES accelerator on FPGA for embedded systems and cloud servers is proposed. One of the major issues faced by the AES accelerator is the security of the key stored inside the FPGA memory. The article proposes a masking scheme which makes the secret key unidentifiable. With the new method of masking scheme, there is no way for an attacker to leak and identify the secret key from the working device through undetected hardware unit. To work with the masked key, a modified key expansion that maintains the throughput through a properly designed multistage pipelining is proposed. The proposed method takes the advantage of reconfigurable computing for flexible and provides security against key-leaking Trojans. The efficiency of the masked AES implementation is found to be 28.5 Mbps, which is 17.87% higher than the existing best wok. The security of the proposed masked scheme is validated through correlation and hamming distance.