Comparison of Self-Timed Ring and Inverter Ring Oscillators as Entropy Sources in FPGAs

International audienceMany True Random Numbers Generators (TRNG) use jittery clocks generated in ring oscillators as a source of entropy. This is especially the case in Field Programmable Gate Arrays (FPGA), where sources of randomness are very limited. Inverter Ring Oscillators (IRO) are relatively well characterized as entropy sources. However, it is known that they are very sensitive to working conditions. This fact makes them vulnerable to attacks. On the other hand, Self-Timed Rings (STR) are currently considered as a promising solution to generate robust clock signals. Although many studies deal with their temporal behavior and robustness in Application Specific Integrated Circuits (ASIC), equivalent study does not exist for FPGAs. Furthermore, these oscillators were not analyzed and characterized as entropy sources aimed at TRNG design. In this paper, we analyze STRs as entropy sources for TRNGs implemented in FPGAs. Next, we compare STRs and IROs when serving as sources of randomness. We show that STRs represent very interesting alternative to IROs: they are more robust to environmental fluctuations and they exhibit lower extra-device frequency variations

A Self-timed Ring Based True Random Number Generator

International audienceSelf-timed rings are oscillators in which several events can evolve evenly-spaced in time thanks to analog effects inherent to the ring stage structure. One of their interesting features is that they provide precise high-speed multiphase signals. This paper presents a true random number generator that exploits the jitter of events propagating in a self-timed ring with a high entropy. Designs implemented in Altera Cyclone III and Xilinx Virtex 5 devices provide high quality random bit sequences passing FIPS 140-1 and NIST SP 800-22 statistical tests at a high bit rate

A Very High Speed True Random Number Generator with Entropy Assessment

International audienceThe proposed true random number generator (TRNG) exploits the jitter of events propagating in a self-timed ring (STR) to generate random bit sequences at a very high bit rate. It takes advantage of a special feature of STRs that allows the time elapsed between successive events to be set as short as needed, even in the order of picoseconds. If the time interval between the events is set in concordance with the clock jitter magnitude, a simple entropy extraction scheme can be applied to generate random numbers. The proposed STR-based TRNG (STRNG) follows AIS31 recommendations: by using the proposed stochastic model, designers can compute a lower entropy bound as a function of the STR characteristics (number of stages, oscillation period and jitter magnitude). Using the resulting entropy assessment, they can then set the compression rate in the arithmetic post-processing block to reach the required security level determined by the entropy per output bit. Implementation of the generator in two FPGA families confirmed its feasibility in digital technologies and also confirmed it can provide high quality random bit sequences that pass the statistical tests required by AIS31 at rates as high as 200 Mbit/s

A Very High Speed True Random Number Generator with Entropy Assessment

International audienceThe proposed true random number generator (TRNG) exploits the jitter of events propagating in a self-timed ring (STR) to generate random bit sequences at a very high bit rate. It takes advantage of a special feature of STRs that allows the time elapsed between successive events to be set as short as needed, even in the order of picoseconds. If the time interval between the events is set in concordance with the clock jitter magnitude, a simple entropy extraction scheme can be applied to generate random numbers. The proposed STR-based TRNG (STRNG) follows AIS31 recommendations: by using the proposed stochastic model, designers can compute a lower entropy bound as a function of the STR characteristics (number of stages, oscillation period and jitter magnitude). Using the resulting entropy assessment, they can then set the compression rate in the arithmetic post-processing block to reach the required security level determined by the entropy per output bit. Implementation of the generator in two FPGA families confirmed its feasibility in digital technologies and also confirmed it can provide high quality random bit sequences that pass the statistical tests required by AIS31 at rates as high as 200 Mbit/s

D2.1 - Report on Selected TRNG and PUF Principles

This report represents the final version of Deliverable 2.1 of the HECTOR work package WP2. It is a result of discussions and work on Task 2.1 of all HECTOR partners involved in WP2. The aim of the Deliverable 2.1 is to select principles of random number generators (RNGs) and physical unclonable functions (PUFs) that fulfill strict technology, design and security criteria. For example, the selected RNGs must be suitable for implementation in logic devices according to the German AIS20/31 standard. Correspondingly, the selected PUFs must be suitable for applying similar security approach. A standard PUF evaluation approach does not exist, yet, but it should be proposed in the framework of the project. Selected RNGs and PUFs should be then thoroughly evaluated from the point of view of security and the most suitable principles should be implemented in logic devices, such as Field Programmable Logic Arrays (FPGAs) and Application Specific Integrated Circuits (ASICs) during the next phases of the project

A new TRNG based on coherent sampling with self-timed rings

Random numbers play a key role in applications such as industrial simulations, laboratory experimentation, computer games, and engineering problem solving. The design of new true random generators (TRNGs) has attracted the attention of the research community for many years. Designs with little hardware requirements and high throughput are demanded by new and powerful applications. In this paper, we introduce the design of a novel TRNG based on the coherent sampling (CS) phenomenon. Contrary to most designs based on this phenomenon, ours uses self-timed rings (STRs) instead of the commonly employed ring oscillators (ROs). Our design has two key advantages over existing proposals based on CS. It does not depend on the FPGA vendor used and does not need manual placement and routing in the manufacturing process, resulting in a highly portable generator. Our experiments show that the TRNG offers a very high throughput with a moderate cost in hardware. The results obtained with ENT, DIEHARD, and National Institute of Standards and Technology (NIST) statistical test suites evidence that the output bitstream behaves as a truly random variable.This work was supported in part by the Ministerio de Economia y Competitividad (MINECO), Security and Privacy in the Internet of You (SPINY), under Grant TIN2013-46469-R, and in part by the Comunidad de Madrid (CAM), Cybersecurity, Data, and Risks (CIBERDINE), underGrant S2013/ICE-3095

Self-timed rings as low-phase noise programmable oscillators

International audienceSelf-timed rings are promising for designing highspeed serial links and system clock generators. Indeed, their architecture is well-suited to digitally control their frequency and to easily adapt their phase noise by design. Self-timed ring oscillation frequency does not only depend on the number of stages as the usual inverter ring oscillators but also on their initial state. This feature is extremely important to make them programmable. Moreover, with such ring oscillators, it is easy to control the phase noise by design. Indeed, 3dB phase noise reduction is obtained at the cost of higher power consumption when the number of stages is doubled while keeping the same oscillation frequency, thanks to the oscillator programmability. In this paper, we completely describe the method to design selftimed rings in order to make them programmable and to generate a phase noise in accordance with the specifications. Test chips have been designed and fabricated in AMS 0.35 μm and in STMicroelectonics CMOS 65 nm technology to verify our models and theoretical claims

Implementation and study of a true random number generator

Securing information has been a concern throughout history. Especially nowadays since many user applications such as smart cards or Internet connections deal with sensible data. To protect this information dfferent cryptography protocols are used. These are algorithms that encapsulate the data by ciphering it. However, this is done by programming an application to run a digital mathematical function. This means that it is also possible to program malign applications to decode the cipher. In order to avoid this it is necessary to add unpredictability or randomness to the encoding process which can be done by employing a Random Number Generator. A RNG can be implemented in both software and hardware; however, a truly unpredictable sequence is not achieved through a digital process governed by mathematical formulae. This results in most RNGs producing a form of pseudo-randomness. A True Random Number Generator must be implemented on a technology that allows it to harvest entropy from an unpredictable or even chaotic physical process. This is why TRNGs are designed and implemented for hardware. In fact, it is possible to gather entropy through integrated circuits like ASICs or FPGAs. The objective of this project is to design and implement a TRNG on FPGA technology because its pre-defined logic blocks that only require a small amount of resources make it an appealing solution. First, an analysis of typical RNG designs is presented to understand the between a pseudo-RNG and a TRNG. Once this is stablished, the specific ways of designing TRNGs for integrated circuits are delved into. Moreover, the need for evaluation of the quality of randomness is also stated. This is ensured by a battery of tests that study the statistical properties of the output of a RNG. Secondly, the TRNG design proposals by B ohl on which this project is based on are introduced and analyzed before creating the design and implementation. Afterwards, the four experiments performed are explained. It was decided to first test the behavior of the TRNG at different frequencies to decide which provided randomness with the best quality. Afterwards, the TRNG was placed in different areas of the FPGA at the optimal frequency to test the variability of the device. A third experiment consisted of comparing these results in more devices to further study the variability. The final experiment consisted on forcing a reset of the circuit to ensure that the TRNG was resilient against this type of attacks. Last but not least, the results are summarized and several future developments are presented. After this the legal aspects and management of the project are explained.La protección de información ha sido una constante preocupación a lo largo de la historia. Especialmente hoy en día debido a las muchas aplicaciones que manejan datos confidenciales como tarjetas inteligentes o conexiones a Internet. Para proteger esta información diferentes protocolos criptográficos son usados. Estos son algoritmos que cifran los datos para encapsularlos. Sin embargo, esto se hace programando una aplicación que corre una formula matemática digital. Esto significa que también es posible programar aplicaciones maliciosas para decodificar el cifrado. Para poder evitar esto es necesario añadir aleatoriedad o un elemento impredecible al proceso de codificación. Esto puede hacerse empleando un Generador de Números Aleatorios cuyas siglas en inglés son RNG. Es posible implementar un RNG tanto en software como en hardware; sin embargo, una secuencia realmente impredecible no se puede generar a través de un proceso digital basado en la computación de fórmulas matemáticas. Esto es lo que hace que la mayoría de RNGs produzcan una especie de pseudo-aleatoriedad. Un Generador de Números Realmente Aleatorios (True Random Number Generator o TRNG) debe ser implementado en una tecnología que le permita extraer entropía de un proceso físico impredecible o caótico. Es por esto que los TRNG se implementan en hardware. De hecho, es posible obtener entropía a través de circuitos integrados como ASICs o FPGAs. El objetivo de este proyecto es diseñar e implementar un TRNG en tecnología FPGA puesto que sus bloques lógicos prede finidos que solo necesitan unos recursos reducidos la convierten en una solución atractiva. Se empieza por presentar un análisis de los diseños de RNG típicos para comprender la diferencia entre generadores pseudo aleatorios y TRNGs. Tras esto, se especifica la forma en la que los TRNGs se diseñan para circuitos integrados. Además, se expone la necesidad de evaluar la calidad de la aleatoriedad que se genera. Esta se comprueba a través de una batería de tests que estudian las propiedades estadísticas del output del TRNG. A continuación, las propuestas de diseño de TRNGs de Böhl en las que este proyecto se basa son introducidas y analizadas seguidas del diseño e implementación propios. Tras lo cual se explican los cuatro experimentos realizados. Primero se decidió comprobar el comportamiento del TRNG a diferentes frecuencias con el fin de determinar a cuál de ellas se producía la aleatoriedad de mayor calidad. Segundo, el TRNG fue posicionado en diferentes áreas de la FPGA a la frecuencia óptima para evaluar la variabilidad de la placa. El tercer experimento explora aún más la variabilidad al realizar el experimento anterior en otras placas. El último experimento consistió en forzar un reset del circuito para comprobar la resistencia TRNG ante ataque de este tipo. Finalmente, los resultados obtenidos se presentan resumidos junto con varias propuestas de mejoras futuras. Tras ello se muestran los aspectos legales del proyecto y su gestión.Ingeniería en Tecnologías de Telecomunicació

A software controlled voltage tuning system using multi-purpose ring oscillators

This paper presents a novel software driven voltage tuning method that utilises multi-purpose Ring Oscillators (ROs) to provide process variation and environment sensitive energy reductions. The proposed technique enables voltage tuning based on the observed frequency of the ROs, taken as a representation of the device speed and used to estimate a safe minimum operating voltage at a given core frequency. A conservative linear relationship between RO frequency and silicon speed is used to approximate the critical path of the processor. Using a multi-purpose RO not specifically implemented for critical path characterisation is a unique approach to voltage tuning. The parameters governing the relationship between RO and silicon speed are obtained through the testing of a sample of processors from different wafer regions. These parameters can then be used on all devices of that model. The tuning method and software control framework is demonstrated on a sample of XMOS XS1-U8A-64 embedded microprocessors, yielding a dynamic power saving of up to 25% with no performance reduction and no negative impact on the real-time constraints of the embedded software running on the processor

Revisiting Multiple Ring Oscillator-Based True Random Generators to Achieve Compact Implementations on FPGAs for Cryptographic Applications

FEDER/Junta de Andalucía-Consejería de Transformación Económica, Industria, Conocimiento y Universidades/Proyecto B-TIC-588-UGR2