Data remanence effects on memory-based entropy collection for RFID systems

Regular Contribution


Random number generation is a fundamental security primitive. This relatively simple requirement is beyond the capacity of passive RFID (radio frequency identification) tags, however. A recent proposal, fingerprint extraction and random number generation in SRAM (FERNS), uses onboard RAM as a randomness source. Unfortunately, practical considerations prevent this approach from reaching its full potential. First, the amount of RAM available for utilization as a randomness generator may be severely restricted due to competition with other system functionalities. Second, RAM is subject to data remanence; there is a period after losing power during which stored data remains intact in memory. Thus, after memory has been used for entropy collection once it will require time without power before it can be reused. This may lead to unacceptable delays in a usable security application. In this paper, the practical considerations that must be taken into account when using RAM as an entropy source are demonstrated. The implementation of a true random number generator on Intel’s WISP (wireless identification and sensing platform) RFID tag is also presented, which is the first to the authors’ best knowledge. By relating this to the requirements of some popular RFID authentication protocols, the practicality of utilizing memory-based randomness techniques on resource-constrained devices is assessed.


RFID True Random Number Generation Memory Authentication Protocols 


  1. 1.
    EPC Global Class 1 Generation 2 UHF Air Interface Protocol Standard “Gen 2”. Available at (2008)
  2. 2.
    IAR Embedded Workbench. Available at (2009)
  3. 3.
    Iminj’s UHF Gen 2 RFID Speedway Reader. Available at (2009)
  4. 4.
    MSP430 USB Debugging Interface—MSP-FET430UIF. Available at (2009)
  5. 5.
    Black, J., Halevi, S., Krawczyk, H., Krovetz, T., Rogaway, P.: UMAC: Fast and Secure Message Authentication. In: CRYPTO (1999)Google Scholar
  6. 6.
    Bringer, J., Chabanne, H.: Trusted-HB: a low-cost version of HB+ secure against man-in-the-middle attacks. In: IEEE Transactions on Information Theory (2008)Google Scholar
  7. 7.
    Bringer, J., Chabanne, H., Dottax, E.: HB++: a lightweight authentication protocol secure against some attacks. In: Security, Privacy and Trust in Pervasive and Ubiquitous Computing (2006)Google Scholar
  8. 8.
    Czeskis, A., Koscher, K., Smith, J., Kohno, T.: RFIDs and secret handshakes: Defending against ghost-and-leech attacks and unauthorized reads with context-aware communications. In: ACM Conference on Computer and Communications Security (2008)Google Scholar
  9. 9.
    Gutmann, P.: Data remanence in semiconductor devices. In: USENIX Security Symposium (2001)Google Scholar
  10. 10.
    Gilbert, Y.S.H., Robshaw, M.: HB#: Increasing the security and efficiency of HB+. In: EuroCrypt (2008)Google Scholar
  11. 11.
    Halderman, J., Schoen, S., Heninger, N., Clarkson, W., Paul, W., Calandrino, J., Feldman, A., Apelbaum, J., Felten, E.: Least we remember: cold boot attacks on encryption keys. In: USENIX Security Symposium (2008)Google Scholar
  12. 12.
    Hammouri, G., Sunar, B.: PUF-HB: A tamper-resilient HB based authentication protocol. In: ACNS (2008)Google Scholar
  13. 13.
    Holcomb, D.: Personal communication (April 2009)Google Scholar
  14. 14.
    Holcomb, D., Burleson, W., Fu, K.: Initial SRAM state as a fingerprint and source of true random numbers for RFID Tags. In: Conference on RFID Security (2007)Google Scholar
  15. 15.
    Holcomb, D.E., Burleson, W.P., Fu, K.: Power-up SRAM state as an identifying fingerprint and source of true random numbers. IEEE Trans. Comput. (2009) (to appear)Google Scholar
  16. 16.
    Hopper, N., Blum, M.: Secure human identification protocols. In: Asiacrypt (2001)Google Scholar
  17. 17.
    Juels, A., Weis, S.: Authenticating pervasive devices with human protocols. In: CRYPTO (2005)Google Scholar
  18. 18.
    Katz, J., Shin, J.: Parallel and concurrent security of the HB and HB+ protocols. In: EUROCRYPT (2006)Google Scholar
  19. 19.
    Matsumoto M., NishimuraT.: Mersenne twister: A 623-dimensionally equidistributed uniform pseudorandom number generator. ACM Trans. Model. Comput. Simul. 8(1), 3–30 (1998)MATHCrossRefGoogle Scholar
  20. 20.
    Molnar, D., Wagner, D.: Privacy and security in library RFID: issues, practices, and architectures. In: ACM Computer and Communications Security (2004)Google Scholar
  21. 21.
    Sample, A., Yeager, D., Powledge, P., Smith, J.: Design of a passively-powered, programmable sensing platform for UHF RFID systems. In: IEEE International Conference on RFID (2007)Google Scholar
  22. 22.
    Saxena, N., Voris, J.: Accelerometer based random number generation on RFID tags. In: WISP Summit (2009)Google Scholar
  23. 23.
    Saxena, N., Voris, J.: We can remember it for you wholesale: implications of data remanence on the use of RAM for true random number generation on RFID tags. In: Workshop on RFID Security (2009)Google Scholar
  24. 24.
    Skorobogatov, S.: Low Temperature Data Remanence in Static RAM. Available at (2002)
  25. 25.
    Smith, J., Sample, A., Powledge, P., Mamishev, A., Roy, S.: A wirelessly-powered platform for sensing and computation. In: Proceedings of 8th international conference on ubiquitous computing (2006)Google Scholar
  26. 26.
    Weimer, F.: New openssl packages fix predictable random number generator. Available at (2008)
  27. 27.
    Yuksel, K., Kaps, J., Sunar, B.: Universal hash functions for emerging ultra-low-power networks. In: Communications Networks and Distributed Systems Modeling and Simulation Conference (2004)Google Scholar

Copyright information

© Springer-Verlag 2011

Authors and Affiliations

  1. 1.Department of Computer and Information SciencesUniversity of AlabamaBirminghamUSA
  2. 2.Department of Computer Science and EngineeringPolytechnic Institute of New York UniversityBrooklynUSA

Personalised recommendations