Alain Aubert

Contactless electromagnetic active attack on ring oscillator based true random number generator

True random number generators (TRNGs) are ubiquitous in data security as one of basic cryptographic primitives. They are primarily used as generators of confidential keys, to initialize vectors, to pad values, but also as random masks generators in some side channel attacks countermeasures. As such, they must have good statistical properties, be unpredictable and robust against attacks. This paper presents a contactless and local active attack on ring oscillators (ROs) based TRNGs using electromagnetic fields. Experiments show that in a TRNG featuring fifty ROs, the impact of a local electromagnetic emanation on the ROs is so strong, that it is possible to lock them on the injected signal and thus to control the monobit bias of the TRNG output even when low power electromagnetic fields are exploited. These results confirm practically that the electromagnetic waves used for harmonic signal injection may represent a serious security threat for secure circuits that embed RO-based TRNG.

Modeling and observing the jitter in ring oscillators implemented in FPGAs

Random number generators represent one of basic cryptographic primitives used to compose cryptographic protocols. While field programmable gate arrays (FPGAs) are well suited for implementing algorithmic random number generators (pseudo-random number generators), generating fast and secured true random bitstreams inside FPGAs is an open problem. Most of true random number generators in FPGAs employ the timing jitter present in ring oscillator clocks as a source of randomness. The paper analyses the jitter generated in ring oscillators and presents a simple physical model of its sources. The jitter generated in MATLAB in accordance with the proposed model is then used as an input in VHDL simulations. To evaluate the model, we use an embedded technique of jitter measurement. The principle is simulated in VHDL and validated by experiments using different FPGA technologies.

A very high speed true random number generator with entropy assessment

The proposed true random number generator (TRNG) exploits the jitter of events propagating in a self-timed ring (STR) to generate random bit sequences at a very high bit rate. It takes advantage of a special feature of STRs that allows the time elapsed between successive events to be set as short as needed, even in the order of picoseconds. If the time interval between the events is set in concordance with the clock jitter magnitude, a simple entropy extraction scheme can be applied to generate random numbers. The proposed STR-based TRNG (STRNG) follows AIS31 recommendations: by using the proposed stochastic model, designers can compute a lower entropy bound as a function of the STR characteristics (number of stages, oscillation period and jitter magnitude). Using the resulting entropy assessment, they can then set the compression rate in the arithmetic post-processing block to reach the required security level determined by the entropy per output bit. Implementation of the generator in two FPGA families confirmed its feasibility in digital technologies and also confirmed it can provide high quality random bit sequences that pass the statistical tests required by AIS31 at rates as high as 200 Mbit/s.

A Self-Timed Ring Based True Random Number Generator

Self-timed rings are oscillators in which several events can evolve evenly-spaced in time thanks to analog effects inherent to the ring stage structure. One of their interesting features is that they provide precise high-speed multiphase signals. This paper presents a true random number generator that exploits the jitter of events propagating in a self-timed ring with a high entropy. Designs implemented in Alter a Cyclone III and Xilinx Virtex 5 devices provide high quality random bit sequNIST SP 800-22 statistical testsences passing FIPS 140-1 and NIST SP 800-22 statistical tests at a high bit rate.

Characterization of randomness sources in ring oscillator-based true random number generators in FPGAs

The paper deals with the characterization of sources of randomness in true random number generators aimed at cryptographic applications implemented in Field Programmable Gate Arrays (FPGA). One of the most often used source of randomness in logic devices is the timing jitter present in clock signals, generated using ring oscillators (RO). In order to estimate the entropy of the generated random bit-stream, it is necessary to characterize the employed timing jitter. Using the simulation of the clock jitter injection into the gates of RO we show that the proportion of jitter from uncorrelated and correlated noise sources on the overall period jitter depends on the number of delay elements (inverters). We also propose a new and precise method of the jitter measurement outside the device based on the use of the differential device outputs in conjunction with a differential oscilloscope probe. The measured standard deviation of the clock period is more than two times smaller than the one obtained using traditional methods. Employing the proposed measurement method we show that the jitter profile of the RO-generated clock and its sensitivity to global jitter sources (e. g. deterministic jitter) is strongly dependent on the architecture and topology of the oscillator.

Comparison of self-timed ring and inverter ring oscillators as entropy sources in FPGAs

Many True Random Numbers Generators (TRNG) use jittery clocks generated in ring oscillators as a source of entropy. This is especially the case in Field Programmable Gate Arrays (FPGA), where sources of randomness are very limited. Inverter Ring Oscillators (IRO) are relatively well characterized as entropy sources. However, it is known that they are very sensitive to working conditions. This fact makes them vulnerable to attacks. On the other hand, Self-Timed Rings (STR) are currently considered as a promising solution to generate robust clock signals. Although many studies deal with their temporal behavior and robustness in Application Specific Integrated Circuits (ASIC), equivalent study does not exist for FPGAs. Furthermore, these oscillators were not analyzed and characterized as entropy sources aimed at TRNG design. In this paper, we analyze STRs as entropy sources for TRNGs implemented in FPGAs. Next, we compare STRs and IROs when serving as sources of randomness. We show that STRs represent very interesting alternative to IROs: they are more robust to environmental fluctuations and they exhibit lower extra-device frequency variations.

Electromagnetic analysis on ring oscillator-based true random number generators

Security of implementation of ciphers in hardware has already been well studied, nevertheless ciphers are not the only hardware block used for cryptography. True random number generators (TRNGs) are also significant cryptography blocks since they are used to provide secret keys, random protection masks, initial values to other security blocks such as ciphers. The security of TRNG implementations is thus of paramount importance. Recently, electromagnetic channel has been used to efficiently attack ring oscillator based TRNG by fault injection. The work presented in this paper shows that by analyzing electromagnetic emanation of the TRNG under attack in varying conditions, it is possible to obtain significant information on the TRNG such as its position and oscillator frequency, in order to improve the previously published electromagnetic attack.

Enhanced TRNG based on the coherent sampling

The paper presents several modifications of the True Random Number Generator proposed by Kohlbrenner and Gaj in 2004. The generator is based on a coherent sampling principle and it is aimed at cryptographic applications. It uses the timing jitter present in two clock signals with close frequencies as entropy source. The proposed enhancements are related to the setting of generator parameters (e. g. the frequency of the clock signals) and configuration (simple or mutual sampling) depending on size and composition of the clock jitters. Several versions of the generator have been implemented in two FPGA families, giving the output bit-rate up to 2 Mbits/s. Three generator configurations deliver a high-quality unbiased raw bit-stream, so that post-processing is not necessary and the generated raw random data pass both the FIPS 140-2 and NIST statistical tests. One of the proposed configurations can be fully automated and does not need manual intervention during placement and routing.

Secure embedded verification of print signatures

This work aims to embed an object authentication process in a secure electronic architecture for distant verification via imaging. Firstly, the extraction of print signatures [1] is revisited for an implementation in a logical hardware system. Secondly, a protocol scheme to authenticate the verification device and to ensure its integrity is suggested.

Electromagnetic analysis and fault injection onto secure circuits

Implementation attacks are a major threat to hardware cryptographic implementations. These attacks exploit the correlation existing between the computed data and variables such as computation time, consumed power, and electromagnetic (EM) emissions. Recently, the EM channel has been proven as an effective passive and active attack technique against secure implementations. In this paper, we resume the recent results obtained on this subject, with a particular focus on EM as a fault injection tool.