1. What is AES?

2. Different AES modes

3. Design challenges for embedded systems

1. What is AES?

The Advanced Encryption Standard (AES) is one of the most widely used cryptographic algorithms in modern embedded systems. It is a symmetric encryption algorithm, which means the same secret key is used for both encryption and decryption. AES was standardized by the National Institute of Standards and Technology (NIST) in 2001 and is specified in FIPS 197. It supports key sizes of 128, 192, and 256 bits and operates on fixed 128-bit data blocks. In embedded systems, AES is used whenever confidential data must be protected:

• Data in transit between components and devices e.g. encrypting data streams between an FPGA-based processing unit and an external communication module over internal high-speed interfaces.
• Data at rest in storage or memory subsystems e.g. protecting sensitive configuration or mission data stored in external flash that is accessed by an FPGA-controlled boot and runtime flow.
• Device-to-device communication channels for control and telemetry e.g. securing command and telemetry traffic between an FPGA-based edge controller and a remote supervisory system.

2. Different AES modes

AES itself only encrypts individual blocks of data. Real systems usually process streams, packets, or files, which is why AES is combined with different operating modes. An AES mode defines how multiple blocks are encrypted and how security features such as authentication and integrity protection are provided.

Common AES modes include:

• ECB (Electronic Codebook): Simple but generally insecure for real-world applications.
• CBC (Cipher Block Chaining): Historically popular, but less suitable for modern high-performance systems.
• CTR (Counter Mode): Converts AES into a stream cipher and supports parallel processing.
• XTS (XEX-based Tweaked Codebook Mode): Commonly used for storage and disk encryption.
• GCM (Galois/Counter Mode): Provides both encryption and authentication.

AES-GCM (Galois/Counter Mode) is a mode of operation for block ciphers such as AES. In practical terms, it combines confidentiality (encryption) with authentication (integrity protection via an authentication tag) in one construction. This is relevant for modern embedded communication paths where teams need both encrypted payloads and tamper detection. Instead of handling confidentiality and integrity as two separate mechanisms, AES-GCM provides an integrated approach for many system designs.

Typical use cases are securing high-speed telemetry streams from an FPGA-based data acquisition pipeline where payload confidentiality and authenticity must both be guaranteed, or protecting command-and-control channels between an FPGA edge controller and a host processor, where tamper detection is required before control actions are accepted.

3. Design challenges for embedded systems

Although AES is well established, implementing it correctly in embedded systems is not always straightforward. Common design challenges include:

• Key management: Encryption is only as secure as the protection of the secret keys.
• Nonce and IV handling: Modes such as AES-GCM require unique nonces, Reusing a nonce can completely break security.
• Resource constraints: Small microcontrollers and low-cost FPGAs often have limited memory and logic resources.
• Performance requirements: High-throughput communication systems may require hardware acceleration.
• Side-channel attacks: Power analysis, timing attacks, and fault injection can target poorly protected implementations.

For most embedded products, choosing the correct AES mode and integrating it securely is often more important than the AES algorithm itself.

AES remains one of the fundamental building blocks of embedded security, but its effectiveness depends heavily on how it is implemented and used within the overall system architecture.

KiviCrypt-AES-GCM IP Core

Secure your FPGA and ASIC designs with AES-GCM authenticated encryption.