Contactless Electromagnetic Active Attack on Ring Oscillator Based True Random Number Generator

  • Pierre Bayon
  • Lilian Bossuet
  • Alain Aubert
  • Viktor Fischer
  • François Poucheret
  • Bruno Robisson
  • Philippe Maurine
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7275)

Abstract

True random number generators (TRNGs) are ubiquitous in data security as one of basic cryptographic primitives. They are primarily used as generators of confidential keys, to initialize vectors, to pad values, but also as random masks generators in some side channel attacks countermeasures. As such, they must have good statistical properties, be unpredictable and robust against attacks. This paper presents a contactless and local active attack on ring oscillators (ROs) based TRNGs using electromagnetic fields. Experiments show that in a TRNG featuring fifty ROs, the impact of a local electromagnetic emanation on the ROs is so strong, that it is possible to lock them on the injected signal and thus to control the monobit bias of the TRNG output even when low power electromagnetic fields are exploited. These results confirm practically that the electromagnetic waves used for harmonic signal injection may represent a serious security threat for secure circuits that embed RO-based TRNG.

Keywords

Active attacks EM injections IEMI Ring oscillators TRNGs 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Markettos, A.T., Moore, S.W.: The Frequency Injection Attack on Ring-Oscillator-Based True Random Number Generators. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 317–331. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  2. 2.
    Wold, K., Tan, C.H.: Analysis and Enhancement of Random Number Generator in FPGA Based on Oscillator Rings. In: International Conference on Reconfigurable Computing and FPGAs (ReConFig 2008), pp. 385–390 (2008)Google Scholar
  3. 3.
    Sunar, B., Martin, W.J., Stinson, D.R.: A Provably Secure True Random Number Generator with Built-In Tolerance to Active Attacks. IEEE Transactions on Computers 56(1), 109–119 (2007)MathSciNetCrossRefGoogle Scholar
  4. 4.
    AIST, Side-channel Attack Standard Evaluation Board (SASEBO), http://staff.aist.go.jp/akashi.satoh/SASEBO/en/index.html
  5. 5.
    Dubois, T., Jarrix, S., Penarier, A., Nouvel, P., Gasquet, D., Chusseau, L., Azais, B.: Near-field electromagnetic characterization and perturbation of logic circuits. In: Proc. 3rd Intern. Conf. on Near-Field Characterization and Imaging (ICONIC 2007), pp. 308–313 (2007)Google Scholar
  6. 6.
    Poucheret, F., Tobich, K., Lisart, M., Robisson, B., Chusseau, L., Maurine, P.: Local and Direct EM Injection of Power into CMOS Integrated Circuits. In: Fault Diagnosis and Tolerance in Cryptography, FDTC 2011 (2011)Google Scholar
  7. 7.
    Poucheret, F., Robisson, B., Chusseau, L., Maurine, P.: Local ElectroMagnetic Coupling with CMOS Integrated Circuits. In: International Workshop on Electromagnetic Compatibility of Integrated Circuits, EMC COMPO 2011 (2011)Google Scholar
  8. 8.
    Batina, L., Gierlichs, B., Prouff, E., Rivain, M., Standaert, F.X., Veyrat-Charvillon, N.: Mutual Information Analysis: A Comprehensive Study. Journal of Cryptology, 1–23 (2010)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Pierre Bayon
    • 1
  • Lilian Bossuet
    • 1
  • Alain Aubert
    • 1
  • Viktor Fischer
    • 1
  • François Poucheret
    • 2
    • 3
  • Bruno Robisson
    • 3
  • Philippe Maurine
    • 2
  1. 1.Hubert Curien Laboratory, CNRS 5516University of LyonSaint-EtienneFrance
  2. 2.LIRMM Laboratory, CRNS 5506University of Montpellier 2MontpellierFrance
  3. 3.CEA-LETI, SESAM LaboratoryCentre Microélectronique de ProvenceGardanneFrance

Personalised recommendations