Florent Bernard

Modeling and observing the jitter in ring oscillators implemented in FPGAs

Random number generators represent one of basic cryptographic primitives used to compose cryptographic protocols. While field programmable gate arrays (FPGAs) are well suited for implementing algorithmic random number generators (pseudo-random number generators), generating fast and secured true random bitstreams inside FPGAs is an open problem. Most of true random number generators in FPGAs employ the timing jitter present in ring oscillator clocks as a source of randomness. The paper analyses the jitter generated in ring oscillators and presents a simple physical model of its sources. The jitter generated in MATLAB in accordance with the proposed model is then used as an input in VHDL simulations. To evaluate the model, we use an embedded technique of jitter measurement. The principle is simulated in VHDL and validated by experiments using different FPGA technologies.

Observing the Randomness in RO-Based TRNG

The paper deals with true random number generators using a set of ring oscillators as proposed by Sunar et al. in 2007. The original generator has been recently enhanced by Wold and Tan by introducing flip-flops at the output of each ring. We show in the first part of the paper that both original and enhanced architectures have exactly the same behavior when composed of ideal components (they have the same mathematical model), but they have very different behavior in physical devices, as observed by Wold and Tan. However, while reducing the number of rings as they have proposed, the security proof of Sunar et al. does not hold any more. In order to demonstrate that, we will show that the proportion of the pseudo-randomness compared to the true-randomness in the generated random raw signal is much bigger than expected. Our simulation model shows that the generator using more than 18 ideal jitter-free rings having slightly different frequencies and producing thus only pseudo-randomness, will always let the tests pass. We conclude that reducing the number of rings not only makes the security proof of Sunar et al. not hold, but it makes the generator more vulnerable, since the pseudo-randomness is easy to manipulate.

Characterization of randomness sources in ring oscillator-based true random number generators in FPGAs

The paper deals with the characterization of sources of randomness in true random number generators aimed at cryptographic applications implemented in Field Programmable Gate Arrays (FPGA). One of the most often used source of randomness in logic devices is the timing jitter present in clock signals, generated using ring oscillators (RO). In order to estimate the entropy of the generated random bit-stream, it is necessary to characterize the employed timing jitter. Using the simulation of the clock jitter injection into the gates of RO we show that the proportion of jitter from uncorrelated and correlated noise sources on the overall period jitter depends on the number of delay elements (inverters). We also propose a new and precise method of the jitter measurement outside the device based on the use of the differential device outputs in conjunction with a differential oscilloscope probe. The measured standard deviation of the clock period is more than two times smaller than the one obtained using traditional methods. Employing the proposed measurement method we show that the jitter profile of the RO-generated clock and its sensitivity to global jitter sources (e. g. deterministic jitter) is strongly dependent on the architecture and topology of the oscillator.

True-Randomness and Pseudo-Randomness in Ring Oscillator-Based True Random Number Generators

The paper deals with true random number generators employing oscillator rings, namely, with the one proposed by Sunar et al. in 2007 and enhanced by Wold and Tan in 2009. Our mathematical analysis shows that both architectures behave identically when composed of the same number of rings and ideal logic components. However, the reduction of the number of rings, as proposed by Wold and Tan, would inevitably cause the loss of entropy. Unfortunately, this entropy insufficiency is masked by the pseudo-randomness caused by XOR-ing clock signals having different frequencies. Our simulation model shows that the generator, using more than 18 ideal jitter-free rings having slightly different frequencies and producing only pseudo-randomness, will let the statistical tests pass. We conclude that a smaller number of rings reduce the security if the entropy reduction is not taken into account in post-processing. Moreover, the designer cannot avoid that some of rings will have the same frequency, which will cause another loss of entropy. In order to confirm this, we show how the attacker can reach a state where over 25% of the rings are locked and thus completely dependent. This effect can have disastrous consequences on the system security.

Enhancing security of ring oscillator-based trng implemented in FPGA

Random number generators are one of basic cryptographic primitives used in cryptographic protocols. Most of true random number generators in field programmable gate arrays (FPGAs) employ the timing jitter from ring oscillator clocks as a source of randomness. The paper analyses the jitter generated in ring oscillators and it uses a simple physical model of jitter sources to show that the random jitter accumulates slower than the global and manipulable deterministic jitter. This fact, which can be used to attack generators, is not considered even in most recent designs considered to be secure. The paper proposes simple but efficient countermeasure against these attacks. The method is validated using the proposed behavioral VHDL model and it is shown to be efficient also in hardware.

MATHEMATICAL MODEL OF PHYSICAL RNGS BASED ON COHERENT SAMPLING

ABSTRACT Random number generators represent one of basic cryptographic primitives used in creating cryptographic protocols. Their security evaluation represents very important part in the design, implementation and employment phase of the generator. One of important security requirements is the existence of a mathematical model describing the physical noise source and the statistical properties of the digitized noise derived from it. The aim of this paper is to propose the model of a class of generators using two jittery clocks with rationally related frequencies. The clock signals with related frequencies can be obtained using phase-locked loops, delay-locked loops or ring oscillators with adjusted oscillation periods. The proposed mathematical model is used to provide entropy per bit estimators and expected bias on the generated sequence. The model is validated by hardware experiments.

HCrypt: A Novel Concept of Crypto-processor with Secured Key Management

The paper presents a novel concept of processor aimed at symmetric-key cryptographic applications. Its architecture is optimized for implementation of common cryptography tasks. The processor has 128-bit separated data and key registers, dedicated instruction set optimized for key generation and management, embedded cipher, and embedded random number generator. From an architectural point of view, the most important characteristic of the proposed crypto-processor is the physical separation of data and key registers and buses, insuring that confidential keys will never leave the system in clear. This way, the processor enables to separate protected and unprotected security zones easily and also achieve complete physical isolation of key management and data zones inside the single FPGA. The first version of the processor implemented in Xilinx Virtex 5 FPGA device achieves the frequency of 160 MHz and it occupies 1343 configurable logic blocks and 21 embedded memory blocks.

Analysis and Enhancement of Ring Oscillators Based Physical Unclonable Functions in FPGAs

The paper analyzes and proposes some enhancements of Ring Oscillator based Physical Unclonable Functions (PUFs) that are used to extract a unique signature of an integrated circuit in order to be used for device authentication purposes and/or key generation. We analyze in more details the concept developed by Suh et al. in 2007. Contrary to what authors claim, we show that the designer of the Ring Oscillator PUFs implemented in FPGAs needs precise control of placement and routing in order to get unique responses and repeatable results for each individual device, especially when the rest of the reconfigurable device should remain up gradable. One main disadvantage of the original design is its high power consumption. We propose a simple improvement that reduces the consumption of the PUF published by Suh et al. by up to 96.6\%. Last but not least, we point out that ring oscillators significantly influence one another and can even be locked. This questions the reliability of the PUF and should be taken into account during the design.

On the assumption of mutual independence of jitter realizations in P-TRNG stochastic models

Security in true random number generation in cryptography is based on entropy per bit at the generator output. The entropy is evaluated using stochastic models. Several recent works propose stochastic models based on assumptions related to selected physical analog phenomena such as noise or jittery signal and on the knowledge of the principle of randomness extraction from the obtained analog signal. However, these assumptions simplify often considerably the underlying analog processes, which include several noise sources. In this paper, we present a new comprehensive multilevel approach, which enables to build the stochastic model based on detailed analysis of noise sources starting at transistor level and on conversion of the noise to the clock jitter exploited at the generator level. Using this approach, we can estimate proportion of the jitter coming only from the thermal noise, which is included in the total clock jitter.

A Physical Approach for Stochastic Modeling of TERO-Based TRNG

Security in random number generation for cryptography is closely related to the entropy rate at the generator output. This rate has to be evaluated using an appropriate stochastic model. The stochastic model proposed in this paper is dedicated to the transition effect ring oscillator (TERO) based true random number generator (TRNG) proposed by Varchola and Drutarovsky in 2010. The advantage and originality of this model is that it is derived from a physical model based on a detailed study and on the precise electrical description of the noisy physical phenomena that contribute to the generation of random numbers. We compare the proposed electrical description with data generated in a 28 nm CMOS ASIC implementation. Our experimental results are in very good agreement with those obtained with both the physical model of TERO’s noisy behavior and with the stochastic model of the TERO TRNG, which we also confirmed using the AIS 31 test suites.