Nathalie Bochard

High Performance True Random Number Generator in Altera Stratix FPLDs

The paper presents a high performance True Random Number Generator (TRNG) embedded in Altera Stratix Field Programmable Logic Devices (FPLDs). As a source of randomness, an on-chip noise generated in the internal analog Phase-Locked Loop (PLL) circuitry is used. In contrast with traditionally used free running oscillators, it uses and extends a recently developed method of randomness extraction based on two rationally related clock signals. Although it was developed for the Stratix family, the principle can be easily employed in other digital devices containing analog PLLs. We use the large flexibility of PLLs embedded in Stratix family to demonstrate the relationship between PLL and TRNG configuration, the quality of output random bit-stream, and the speed of the generator. The quality of TRNG output is confirmed by applying statistical tests, which pass also for a high-speed version of the generator giving up to 1M random bits per second. The generator developed for cryptographic applications helps to increase the system security, but it can also be used in a wide range of other applications.

Observing the Randomness in RO-Based TRNG

The paper deals with true random number generators using a set of ring oscillators as proposed by Sunar et al. in 2007. The original generator has been recently enhanced by Wold and Tan by introducing flip-flops at the output of each ring. We show in the first part of the paper that both original and enhanced architectures have exactly the same behavior when composed of ideal components (they have the same mathematical model), but they have very different behavior in physical devices, as observed by Wold and Tan. However, while reducing the number of rings as they have proposed, the security proof of Sunar et al. does not hold any more. In order to demonstrate that, we will show that the proportion of the pseudo-randomness compared to the true-randomness in the generated random raw signal is much bigger than expected. Our simulation model shows that the generator using more than 18 ideal jitter-free rings having slightly different frequencies and producing thus only pseudo-randomness, will always let the tests pass. We conclude that reducing the number of rings not only makes the security proof of Sunar et al. not hold, but it makes the generator more vulnerable, since the pseudo-randomness is easy to manipulate.

True-Randomness and Pseudo-Randomness in Ring Oscillator-Based True Random Number Generators

The paper deals with true random number generators employing oscillator rings, namely, with the one proposed by Sunar et al. in 2007 and enhanced by Wold and Tan in 2009. Our mathematical analysis shows that both architectures behave identically when composed of the same number of rings and ideal logic components. However, the reduction of the number of rings, as proposed by Wold and Tan, would inevitably cause the loss of entropy. Unfortunately, this entropy insufficiency is masked by the pseudo-randomness caused by XOR-ing clock signals having different frequencies. Our simulation model shows that the generator, using more than 18 ideal jitter-free rings having slightly different frequencies and producing only pseudo-randomness, will let the statistical tests pass. We conclude that a smaller number of rings reduce the security if the entropy reduction is not taken into account in post-processing. Moreover, the designer cannot avoid that some of rings will have the same frequency, which will cause another loss of entropy. In order to confirm this, we show how the attacker can reach a state where over 25% of the rings are locked and thus completely dependent. This effect can have disastrous consequences on the system security.

Enhancing security of ring oscillator-based trng implemented in FPGA

Random number generators are one of basic cryptographic primitives used in cryptographic protocols. Most of true random number generators in field programmable gate arrays (FPGAs) employ the timing jitter from ring oscillator clocks as a source of randomness. The paper analyses the jitter generated in ring oscillators and it uses a simple physical model of jitter sources to show that the random jitter accumulates slower than the global and manipulable deterministic jitter. This fact, which can be used to attack generators, is not considered even in most recent designs considered to be secure. The paper proposes simple but efficient countermeasure against these attacks. The method is validated using the proposed behavioral VHDL model and it is shown to be efficient also in hardware.

A predictive NoC architecture for vision systems dedicated to image analysis

The aim of this paper is to describe an adaptive and predictive FPGA embedded architecture for vision systems dedicated to image analysis. A large panel of image analysis algorithms with some common characteristics must be mapped onto this architecture. Major characteristics of such algorithms are extracted to define the architecture. This architecture must easily adapt its structure to algorithm modifications. According to required modifications, few parts must be either changed or adapted. An NoC approach is used to break the hardware resources down as stand-alone blocks and to improve predictability and reuse aspects. Moreover, this architecture is designed using a globally asynchronous locally synchronous approach so that each local part can be optimized separately to run at its best frequency. Timing and resource prediction models are presented. With these models, the designer defines and evaluates the appropriate structure before the implementation process. The implementation of a particle image velocimetry algorithm illustrates this adaptation. Experimental results and predicted results are close enough to validate our prediction models for PIV algorithms.

A survey of AIS-20/31 compliant TRNG cores suitable for FPGA devices

FPGAs are widely used to integrate cryptographic primitives, algorithms, and protocols in cryptographic systems-on-chip (CrySoC). As a building block of CrySoCs, True Random Number Generators (TRNGs) exploit analog noise sources in electronic devices to generate confidential keys, initialization vectors, challenges, nonces, and random masks in cryptographic protocols. TRNGs aimed at cryptographic applications must fulfill the security requirements defined in the German Federal Bureau for Information Securitys (BSI) recommendations AIS-20/31, which has become a de facto standard in Europe. Many TRNG cores have already been published, only a few of which are suitable for FPGAs and even fewer comply with AIS-20/31. Here we present the results of the implementation of AIS-20/31 compliant TRNG cores in three FPGA families: Xilinx Spartan 6, Altera Cyclone V and Microsemi SmartFusion 2. In addition to common design parameters like area, bit rate and power/energy consumption, we compare and discuss the feasibility of generator cores in different FPGAs and the statistical quality of their output. These results will help designers select the best generator and the device family to match the requirements of the data security application. To ensure reproducibility of the results, the open source VHDL code of all generators adapted to individual families can be downloaded from the dedicated web page.

Implementation and Characterization of a Physical Unclonable Function for IoT: A Case Study With the TERO-PUF

Today, life is becoming increasingly connected. From TVs to smartphones, including vehicles, buildings, and household appliances, everything is interconnected in what we call the “Internet of Things” (IoT). IoT is now part of our life and we have to deal with it. More than ten billion devices are already connected and five times more are expected to be deployed in the next five years. While deployment and integration of IoT is expanding, one of the main challenge is to provide practical solutions to security, privacy, and trust issues in IoT. Protection and security mechanisms need to include features such as interoperability and scalability but also traceability, authentication, and access control while remaining lightweight. Among the most promising approaches to such security mechanisms, physical unclonable functions (PUFs) provide a unique identifier for similar but different integrated circuits using some of their physical characteristics. These types of functions can thus be used to authenticate integrated circuits, provide traceability and access control. This paper presents a comprehensive case study of the transient effect ring oscillator (RO) PUF from its implementation on FPGAs to its complete characterization. The implementation of the PUF is detailed for two different families of FPGAs: 1) Xilinx Spartan 6 and 2) Altera Cyclone V. All the metrics used for the characterization are explained in detail and the results of the characterization include robustness to environmental parameters including variations in temperature and voltage. Finally, we compare our results with those obtained for another PUF: the RO PUF. All the design files are available online to ensure repeatability and enable comparison of our contribution with other studies.

Efficient AES S-boxes implementation for non-volatile FPGAs

The paper presents a new efficient method for implementation of the AES byte substitution function (S-box). It is aimed at the AES implementation in non-volatile FPGAs featuring volatile embedded RAM blocks. The method uses a pair of linear feedback shift registers to generate substitution tables into embedded RAMs. The proposed solution requires less space and is faster than the one implementing whole S-boxes in the logic area, and it is especially suited to a power-aware AES implementation. The complete AES cipher implemented in the Actel Igloo family and employing the proposed solution consumes two times less total power and more than 150-times less static power than the same cipher implemented in a competing volatile FPGA technology.

An adaptive and predictive architecture for parameterised PIV algorithms

Particle image velocimetry (PIV) algorithms aim at flow visualisation and dynamic flow measurement. All existing PIV techniques are computing intensive and are mainly used in critical conditions. For a given experimental environment, several parameters must be set so that PIV algorithm must be parameterised. A dedicated architecture is therefore unsuitable unless it is adaptive. The aim of this work is to prove that our generic and adaptive FPGA-based system for real-time PIV applications previously designed can easily be modified when some parameters vary. From a unique structure and library of resources, the designer adapts the architecture according to the parameters. Time and resource prediction models help the designer to find the most suitable structure before the implementation process and ensure only one implementation without feedback. As a result, the design flow is fast and reliable

System on chip FPGA designs of a parameterized particle image velocimetry algorithm

In this paper, an efficient architecture for particle image velocimetry algorithm is proposed. The aim of this work is the design of a system of chip FPGA that can be adapted to application characteristics (size of image, pixel clock frequency...). From these specifications, the designer defines the suitable number of processing modules. Required resources and execution time can also be predicted before the implementation process that makes the design flow faster and more secure