nach oben

Journal of Cryptographic Engineering

Erschienen in:

01.04.2016 | Regular Paper

Fault model of electromagnetic attacks targeting ring oscillator-based true random number generators

verfasst von: Pierre Bayon, Lilian Bossuet, Alain Aubert, Viktor Fischer

Erschienen in: Journal of Cryptographic Engineering | Ausgabe 1/2016

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Many side channels including power consumption, electromagnetic emanation, optical radiation, and even sound have been studied since the first publication of a side channel attack at the end of the 1990s. Most of these channels can be relatively easily used for an overall analysis of the cryptographic system (implementation of efficient passive attacks) or for injection of faults. Until recently, only the optical channel allowed both analysis of locally leaked information and precise injection of faults (single-bit errors). Recent works showed that the near-field electromagnetic channel enables similar results to be obtained. Like the optical channel, the near-field electromagnetic channel allows both active and passive attacks, which, in addition, can be theoretically non-invasive and contactless. However, the cost of the attack bench that is needed to exploit the near-field electromagnetic channel is less than that of an optical channel. Recently, we showed that it is possible to use the near-field electromagnetic channel to perform an efficient active attack targeting the true random number generator (TRNG) based on ring oscillators. In cryptography, TRNGs are chiefly used to generate encryption keys and other critical security parameters, so the proposed active attack could have serious consequences for the security of the whole cryptographic system. Here, we present the coupling of a passive attack and an active attack. The proposed coupled attack first uses a spectral differential analysis of the TRNG electromagnetic radiation to obtain valuable information on the position of ring oscillators and their frequency range. This information is then used to tune the electromagnetic harmonic signal to temporarily synchronize the ring oscillators. In this paper, we propose a fault model of the entropy extractor which shows that the behavior of the ring oscillators changes, and that it occurs additional and unwanted “fake rising edges” of the clock signal which disturb the flip-flops involved in such TRNGs. The effectiveness of our proposed coupled attack questions the use of ring oscillators in the design of TRNGs.

Vorheriger Artikel When organized crime applies academic results: a forensic analysis of an in-card listening device

Nächster Artikel The BRUTUS automatic cryptanalytic framework

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener M. (Ed.), In the proceedings of the 19th annual international cryptology conference, CRYPTO 1999, Springer, Lecture Notes in Computer Science, vol. 1666, pp. 388–397 (1999)

Quisquater, J.J., Samyde, D.: Electromagnetic analysis (EMA): measures and counter-measures for smart cards. In: Attali, I., Jensen, T.P. (Eds.), In the proceedings of E-smart, Springer-Verlag, lecture notes in computer science, vol. 2140, pp. 200–210 (2001)

Fischer, V.: A closer look at security in random number generators design. In: Proceedings of 3rd international workshop on constructive side-channel analysis and secure design, COSADE, pp. 167–182 (2012)

Simka, M.: Active non-invasive attack on true random number generator. In: Proceedings of the 6th PhD student conference, Technical University of Koice, Slovakia, pp. 129–130 (2006)

Simka, Martin, Milo, Drutarovsk, Viktor, Fischer: Testing of PLL-based true random number generator in changing working conditions. Radioengineering 20(1), 94–101 (2011)

Sunar, B., Martin, W.J., Stinson, D.R.: A provably secure true random number generator with built-in tolerance to active attacks. IEEE Trans. Comput. 56(1), 109–119 (2007)MathSciNetCrossRef

Wold, K., Tan, C.H.: Analysis and enhancement of random number generator in FPGA based on oscillator rings. In: Proceedings of the international conference on reconfigurable computing and FPGAs, ReConFig 2008, pp. 385–390 (2008)

Bochard, N., Bernard, F., Fischer, V., Valtchanov, B.: True-randomness and pseudo-randomness in ring oscillator-based true random number generators. Int. J. Reconfig. Comput. Hindawi, Vol. 2010, ID 879281, p. 13

Markettos, A.T., Moore, S.W.: The frequency injection attack on ring-oscillator-based true random number generators. Cryptogr Hardw Embed Syst CHES, pp. 317–331 (2009)

10.

Wold, K., Petrovi, S.: Robustness of TRNG against attacks that employ superimposing signal on FPGA supply voltage. In: Proceedings of the Norwergian information security conference, NISK, pp. 81–92 (2010)

11.

Bayon, P., Bossuet, L., Aubert, A., Fischer, V., Poucheret, F., Robisson, B., Maurine, P.: Contactless electromagnetic active attack on ring oscillator based true random number generator. In: Constructive side-channel analysis and secure design, COSADE, pp. 151–166 (2012)

12.

Poucheret, F., Robisson, B., Chusseau, L., Maurine, P.: Local electromagnetic coupling with CMOS integrated circuits. In: Proceedings of international workshop on electromagnetic compatibility of integrated circuits, EMC COMPO (2011)

13.

Takahashi, J., Hayashi, Y., Homma, N., Fuji, H., Aoki, T.: Feasibility of fault analysis based on intentional electromagnetic interference. In: Proceedings of IEEE international symposium on electromagnetic compatibility, EMC, pp. 782–787 (2012)

14.

Hayashi, Y., Homma, N., Mitzuki, T., Aoki, T., Sone, H.: Precisely timed IEMI fault injection synchronized with EM information leakage. In: Proceedings of the IEEE international symposium on electromagnetic compatibility EMC, pp. 738–742 (2014)

15.

AIST, Side-channel Attack Standard Evaluation Board (SASEBO) http://staff.aist.go.jp/akashi.satoh/SASEBO/en/index.html

16.

Evariste II: a modular hardware system for development and evaluation of cryptographic functions and random number generators. http://labh-curien.univ-st-etienne.fr/wiki-evariste-ii

17.

Sauvage, L., Guilley, S., Mathieu, Y.: Electromagnetic radiations of FPGAs: high spatial resolution cartography and attack on a cryptographic module ACM transactions on reconfigurable technology and systems. Vol. 2, No. 1, Article 4 (2009)

18.

Bayon, P., Bossuet, L., Aubert, A., Fischer, V.: Electromagnetic analysis on ring oscillator-based true random number generators. In: Proceedings of the IEEE international symposium on circuits and systems, ISCAS (2013)

19.

Ben, S.D., Ramdani, M., Sicard, E.: Case studies EMC test-chips, low-emission microcontrollers. In: Electromagnetic compatibility of integrated circuits: technique for low emission and susceptibility, Springer, Chapter 6, 311–314 (2006)

20.

Dong, X., Deng, S., Hubing, T., Beetner, D.: Analysis of chip-level EMI using near-field magnetic scanning. In: Proceedings of IEEE international symposium on electromagnetic compatibility, EMC, IEEE, pp. 174–177 (2004)

21.

Bossuet, L., Fischer, V., Bayon, P.: Contactless transmission of intellectual property data to protect FPGA designs. In: Proceedings of the 23nd IFIP/IEEE international conference on very large scale integration, VLSI-SoC (2015)

22.

Bossuet, L., Ngo, X.T., Cherif, Z., Fischer, V.: A PUF based on a transient effect ring oscillator and insensitive to locking phenomenon. IEEE Trans. Emerg Top. Comput. 2(1), 30–36 (2014)CrossRef

Titel: Fault model of electromagnetic attacks targeting ring oscillator-based true random number generators
verfasst von: Pierre Bayon
Lilian Bossuet
Alain Aubert
Viktor Fischer
Publikationsdatum: 01.04.2016
Verlag: Springer Berlin Heidelberg
Erschienen in: Journal of Cryptographic Engineering / Ausgabe 1/2016
Print ISSN: 2190-8508
Elektronische ISSN: 2190-8516
DOI: https://doi.org/10.1007/s13389-015-0113-2

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 1/2016

AES T-Box tampering attack

The BRUTUS automatic cryptanalytic framework

Automated teller machines: their history and authentication protocols

When organized crime applies academic results: a forensic analysis of an in-card listening device

Premium Partner