Reliable Testable Secure Systems

Part of the Embedded Systems book series (EMSY)


Although reliability has been extensively studied for decades in the space industry, it is now becoming evident that even ground-based embedded systems are facing similar reliability issues. This chapter will briefly discuss the single-event-upset (SEU) phenomena, also known as soft errors, and provide several examples of how reliability can be designed into secure embedded systems. The chapter will also discuss testability issues that relate to security and present some recent research in this area.

Reliable security is an extremely important area of engineering. Failure of a security application may have significant consequences, such as significant financial losses, personal injury in automobiles, losing control of a nuclear station, etc. Not only do security functions require rigorous testing before being put into the field but they also should be as reliable as possible. There is no room for errors in security. For example, a single error in AES causing one bit flip causes over 50% of the ciphertext bits to be in error. This is a result of the diffusion property of ciphers, which increases the effect of one bit over many bits in the output.

Ross Anderson reported the interesting case of a credit card, which was read by a misaligned card reader (Anderson 2001). The card reader should have detected errors in both the cryptographic computation (to detect forgery) as well as the simpler exclusive-or checksum computation (to detect errors). Instead and most unfortunate for the card owner, the cryptographic checksum successfully detected errors but the simpler checksum did not. This indicated incorrectly that the card was a forged card and the owner was “…arrested…and beaten up by the police.” ( Anderson 2001). The error apparently had been masked in the checksum causing much pain for the owner. This is likely not the first example of the disastrous impact of unreliablesecurity. Clearly designing for security includes designing for reactions to errors as well as resistance to attacks.


Embed System Error Detection Soft Error Storage Element Triple Modular Redundancy 


  1. Actel (2005) Radiation-hardened FPGAs.
  2. Actel (2009) RTAX-S/SL RadTolerant FPGAs.
  3. Ahmad I, Das AS (2007) Analysis and detection of errors in implementation of SHA-512 algorithms on FPGAs. Comput J 50(6):728–738CrossRefGoogle Scholar
  4. Altera (2008) Error detection and recovery using CRC in Altera FPGA devices. Application Note 357, Vers. 1.4,
  5. Anderson R (2001) Security engineering a guide to building dependable distributed systems. John Wiley, New YorkGoogle Scholar
  6. Arslan M, Alagoz F (2006) Security issues and performance study of key management techniques over satellite links. In: 11th intenational workshop on computer-aided modeling, analysis and design of communication links and networks, 122–128Google Scholar
  7. Badrignans B, Elbaz R, Torres L (2008) Secure FPGA configuration technique preventing system downgrade. In: Proc. of the 18th IEEE international conference on field programmable logic and applications (FPL)Google Scholar
  8. Baumann R (2005) Soft errors in advanced computer systems. IEEE Des test comput 22(3): 258–266CrossRefGoogle Scholar
  9. Bertoni G, Breveglieri L, Koren I, Maistri P, Piuri V (2003) Error analysis and detection procedures for a hardware implementation of the advanced encryption standard, IEEE Trans Comput 52(4):492–505CrossRefGoogle Scholar
  10. Blain P, Carmichael C, Fuller E, Caffrey M (1999) SEU mitigation techniques for Virtex FPGAs in space applications. In: MAPLD Proceedings, September 1999Google Scholar
  11. Breveglieri L and Maistri P (2007) An operation-centered approach to fault detection in symmetric cryptography ciphers, IEEE Transactions on Computers, 56(5):635–649CrossRefMathSciNetGoogle Scholar
  12. Butterworth P and Palmer D (2005) Ask an Astrophysicist.
  13. Carmichael C et al (1999) SEU Mitigation techniques for Virtex FPGAs in space applications. MAPLD 1999,
  14. Cataldo A (2004) In Hot market, only reliable Rad-hard need apply. EE Times 05/24/04 articleID=20900592Google Scholar
  15. Dodd P, Massengill L (2003) Basic mechanisms and modeling of singe-event upset in digital microelectronics. IEEE Trans Nucl sci 50:583–602CrossRefGoogle Scholar
  16. Drimer S (2007) Volatile FPGA design security – a survey,
  17. .
    Eisenbarth T, Güneysu T, Paar C, Sadeghi A, Schellekens D, Wolf M (2007) Reconfigurable trusted computing in hardware. In: Proc. of the ACM workshop on scalable trusted computing, 15–20, 2007Google Scholar
  18. Flanigan J (2007) U.S. working to develop and launch cheaper satellites. New York Times,
  19. Gaisler J (2005) LEON3-FT-RTAX SEU Test results. Issue 1, Gaisler research
  20. Ghaznavi S, Gebotys C (2008) A SEU-resistant, FPGA-based implementation of the substitution transformation in AES for security on satellites. In: Proc of Int’l workshop on Signal processing for space communications, SPSC 2008:1–5CrossRefGoogle Scholar
  21. Ghaznavi S, Gebotys C (2009) Error Detectino of AES implemented on an SRAM FPGA. CACR Tech Rept, University of WaterlooGoogle Scholar
  22. Gold M (2007) Atmel offers Rad-Hard 16-Mbit SRAM for space apps.
  23. Helvajian (1997) Microengineering technology for space systems. Aerospace press.Google Scholar
  24. Ingemarsson I, Wong C (1981) Encryption and authentication in on-board processing satellite communication systems. IEEE Trans Commun 29(11):1684–1687CrossRefGoogle Scholar
  25. Johnston AH (2000) Scaling and technology issues for soft error rates. 4th Annual Research Conference on Reliability, Stanford University,
  26. Juliato M, Gebotys C (2008) An approach for recovering satellites and their cryptographic capabilities in the presence of SEUs and attacks. In: Proc of NASA/ESA conference on adaptive hardware and systems, AHS, Issue 22–25, doi 10.1109/AHS.2008.57, pp 101–108Google Scholar
  27. Juliato M, Gebotys C, Elbaz R (2009) Efficient fault tolerant SHA-2 hash functions for space applications. Proc of IEEE Aerosp Conf. doi 10.1109/AERO.2009.4839503, pp 1–16Google Scholar
  28. Karri R, Wu K, Mishra P, Kim Y (2001) fault-based side-channel crypto-analysis tolerant Rijndael symmetric block cipher architecture, DFT’01, IEEE Int’l Symp on defect and fault tolerance in VLSI Sys. 427–435Google Scholar
  29. Kent J (2006) Security fears raised at conference,
  30. Kent, Williams (1993) Encyclopedia of microcomputers, CRC PressGoogle Scholar
  31. Ma TP, Dressendorfer PV (1989) Ionizing radiation effects in MOS devices and circuits. Chapter 9. Transient-ionization and single-event phenomena by Kerns SE with contributions by Shafer BD.Google Scholar
  32. MILSTD (1996) Department of defense test method standard microcircuits,
  33. Nystedt D (2007) DRAM price crashes through $2.
  34. Ohring M (1998) Reliability and failure of electronic materials and devices. Academic Press, USAGoogle Scholar
  35. Papoutsis E, Howells G, Hopkins A, McDonald- Maier K (2007) Key generation for secure inter-satellite communication. In: Second NASA/ESA conference on adaptive hardware and systems, AHS 2007, IEEE Computer Society, 671–681Google Scholar
  36. Roosta R (2004) A comparison of radiation-hard and radiation-tolerant FPGAs for space applications, NASA JPL, JPL D-31228Google Scholar
  37. Roy-Chowdhury A, Baras J, Hadjitheodosiou M, Papademetriou S (2005) Security issues in hybrid networks with a satellite component. IEEE Wireless Commun 12(6):50–61CrossRefGoogle Scholar
  38. Samudrala P, Ramos J, Katkoori S (2004) Selective triple modular redundancy (STMR) based single-event upset (SEU) tolerant synthesis for FPGAs. IEEE Trans Nucl Sci 51:2957–2969CrossRefGoogle Scholar
  39. Satoh A, Morioka S, Takano K, Munetoh S (2001) A compact rijndael hardware architecture with s-box optimization. ASIACRYPT’01: Proceedings of the 7th international conference on the theory and application of cryptology and information security. Springer, London, UK, 239–254Google Scholar
  40. Schellekens D, Tuyls T, Preneel B (2008) Embedded trusted computing with authenticated non-volatile memory, In Proc. of TRUST 2008, LNCS 4968, Springer, New YorkGoogle Scholar
  41. UCS (2008) U. of Concerned Scientists satellite database,
  42. USGAO (2002) Critical infrastructure protection: commercial satellite security should be more fully addressed. Technical Report GAO-02–781, United States General Accounting Office.
  43. Vladimirova T, Banu R, Sweeting M (2005) On-board security services in small satellites. In MAPLD Proceedings, 2005Google Scholar
  44. Zhang X, Parhi K (2006) On the optimum constructions of composite field for the AES algorithm, IEEE Trans Circuits Syst II Express Briefs 53(10):1153–1157CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC 2010

Authors and Affiliations

  1. 1.Department of Electrical & Computer EngineeringUniversity of WaterlooWaterlooCanada

Personalised recommendations