The three previous feedback implementations, feedback mode (FB), feedback mode with fault detection (FB_FD), and feedback mode with fault tolerance (FB_FT), have been considered for the definition of the whole AES security primitive. We have defined three reconfigurable modules which are the datapath, the SPC, and the SSC. An area constraint has been associated to each module as shown in Fig. 1. In this experiment, we have considered a single primitive but there is no limitation regarding that point.
The communication between the modules have been performed through three bus macro which are predefined Xilinx hard IPs. One bus macro is used to provide the fault signal between the datapath and the SSC. The two others are used between the datapath and the SPC and correspond to control signals (e.g., start, reset, done). The reconfiguration is performed by the SPC through the ICAP interface which allows for the dynamic and partial self-reconfiguration of the FPGA. Fig. 1 shows the three possible configurations. The area
overhead for the fault tolerant implementation is high compared to the two other solutions. The SPC and SSC modules are very small and remain constant for the three configurations. Their complexity is small compared to the datapath so that they represent a negligible area overhead. For this study, we have considered very simple performance and security policies which are basically based on a threshold crossing or on an attack or a fault detection. For real embedded systems, these policies might use more advanced techniques. However, the overhead costs should remain small compared to the datapath.
Fig. 1. Layout of the three configurations of the AES reconfigurable security primitive. Three modules are defined which are the datapath, the SPC, and the SSC.
Concerning the performance of such a solution, the reconfiguration time is directly related to the size of the bitstream. The full bitstream which is used at power-up represents 1415 kB and the three partial bitstreams for the FB, FB_FD, FB_FT configurations are respectively equal to 356, 356, and 463 kB. In our case, the clock of the ICAP interface is 50 MHz which leads to an average reconfiguration time around 8 ms. Each time a reconfiguration is performed there is also an overhead cost in terms of power. However, this overhead is negligible for the FPGA power core and represents an increase of around 6% for the FPGA power supply.