Revisiting Multiple Ring Oscillator-Based True Random Generators to Achieve Compact Implementations on FPGAs for Cryptographic Applications

FEDER/Junta de Andalucía-Consejería de Transformación Económica, Industria, Conocimiento y Universidades/Proyecto B-TIC-588-UGR2

On the unbearable lightness of FIPS 140-2 randomness tests

Random number generation is critical to many applications. Gaming, gambling, and particularly cryptography all require random numbers that are uniform and unpredictable. For testing whether supposedly random sources feature particular characteristics commonly found in random sequences, batteries of statistical tests are used. These are fundamental tools in the evaluation of random number generators and form part of the pathway to certification of secure systems implementing them. Although there have been previous studies into this subject becker2013stealthy, RNG manufacturers and vendors continue to use statistical tests known to be of dubious reliability, in their RNG verification processes. Our research shows that FIPS-140-2 cannot identify adversarial biases effectively, even very primitive ones. Concretely, this work illustrates the inability of the FIPS 140 family of tests to detect bias in three obviously flawed PRNGs. Deprecated by official standards, these tests are nevertheless still widely used, for example in hardware-level self-test schemes incorporated into the design of many True RNGs (TRNGs). They are also popular with engineers and cryptographers for quickly assessing the randomness characteristics of security primitives and protocols, and even with manufacturers aiming to market the randomness features of their products to potential customers. In the following, we present three biased-by-design RNGs to show in explicit detail how simple, glaringly obvious biases are not detected by any of the FIPS 140-2 tests. One of these RNGs is backdoored, leaking key material, while others suffer from significantly reduced unpredictability in their output sequences. To make our point even more straightforward, we show how files containing images can also fool the FIPS 140 family of tests. We end with a discussion on the security issues affecting an interesting and active project to create a randomness beacon. Their authors only tested the quality of their randomness with the FIPS 140 family of tests, and we will show how this has led them to produce predictable output that, albeit passing FIPS fails other randomness tests quite catastrophically

5G RF Spectrum-based Cryptographic Pseudo Random Number Generation for IoT Security

This thesis presents a novel approach for generating truly random num- bers in 5G wireless communication systems using the radio frequency (RF) spectrum. The proposed method leverages variations in the RF spectrum to create entropy, which is then used to generate truly random numbers. This approach is based on channel state information (CSI) measured at the receiver in 5G systems and utilize the variability of the CSI to extract entropy for random number generation. The proposed method has several advantages over traditional random number generators, including the use of a natural source of entropy in 5G wireless communication systems, min- imal hardware and computational resource requirements, and a high level of security due to the use of physical characteristics of the wireless chan- nel that are difficult for attackers to predict or manipulate. Simulation re- sults demonstrate that the proposed method generates high-entropy random numbers, passes statistical randomness tests, and outperforms traditional random number generators regarding energy consumption and computa- tional complexity. This approach has the potential to improve the security of cryptographic protocols in 5G networks

Random bits, true and unbiased, from atmospheric turbulence

Random numbers represent a fundamental ingredient for numerical simulation, games, informa- tion science and secure communication. Algorithmic and deterministic generators are affected by insufficient information entropy. On the other hand, suitable physical processes manifest intrinsic unpredictability that may be exploited for generating genuine random numbers with an entropy reaching the ideal limit. In this work, we present a method to extract genuine random bits by using the atmospheric turbulence: by sending a laser beam along a 143Km free-space link, we took advantage of the chaotic behavior of air refractive index in the optical propagation. Random numbers are then obtained by converting in digital units the aberrations and distortions of the received laser wave-front. The generated numbers, obtained without any post-processing, pass the most selective randomness tests. The core of our extracting algorithm can be easily generalized for other physical processes

Microcontroller-based random number generator implementation by using discrete chaotic maps

In recent decades, chaos theory has been used in different engineering applications of different disciplines. Discrete chaotic maps can be used in encryption applications for digital applications. In this study, firstly, Lozi, Tinkerbell and Barnsley Fern discrete chaotic maps are implemented based on microcontroller. Then, microcontroller based random number generator is implemented by using the three different two-dimensional discrete chaotic maps. The designed random number generator outputs are applied to NIST (National Institute of Standards and Technology) 800-22 and FIPS (Federal Information Processing Standard) tests for randomness validity. The random numbers are successful in all tests

Delay-based true random number generator in sub-nanomillimeter IoT devices

True Random Number Generators (TRNGs) use physical phenomenon as their source of randomness. In electronics, one of the most popular structures to build a TRNG is constructed based on the circuits that form propagation delays, such as a ring oscillator, shift register, and routing paths. This type of TRNG has been well-researched within the current technology of electronics. However, in the future, where electronics will use sub-nano millimeter (nm) technology, the components become smaller and work on near-threshold voltage (NTV). This condition has an effect on the timing-critical circuit, as the distribution of the process variation becomes non-gaussian. Therefore, there is an urge to assess the behavior of the current delay-based TRNG system in sub-nm technology. In this paper, a model of TRNG implementation in sub-nm technology was created through the use of a specific Look-Up Table (LUT) in the Field-Programmable Gate Array (FPGA), known as SRL16E. The characterization of the TRNG was presented and it shows a promising result, in that the delay-based TRNG will work properly, with some constraints in sub-nm technolog

From Chaos to Pseudorandomness: A Case Study on the 2-D Coupled Map Lattice

Applying the chaos theory for secure digital communications is promising and it is well acknowledged that in such applications the underlying chaotic systems should be carefully chosen. However, the requirements imposed on the chaotic systems are usually heuristic, without theoretic guarantee for the resultant communication scheme. Among all the primitives for secure communications, it is well accepted that (pseudo) random numbers are most essential. Taking the well-studied 2-D coupled map lattice (2D CML) as an example, this article performs a theoretical study toward pseudorandom number generation with the 2D CML. In so doing, an analytical expression of the Lyapunov exponent (LE) spectrum of the 2D CML is first derived. Using the LEs, one can configure system parameters to ensure the 2D CML only exhibits complex dynamic behavior, and then collect pseudorandom numbers from the system orbits. Moreover, based on the observation that least significant bit distributes more evenly in the (pseudo) random distribution, an extraction algorithm E is developed with the property that when applied to the orbits of the 2D CML, it can squeeze uniform bits. In implementation, if fixed-point arithmetic is used in binary format with a precision of z bits after the radix point, E can ensure that the deviation of the squeezed bits is bounded by 2(-z) . Further simulation results demonstrate that the new method not only guides the 2D CML model to exhibit complex dynamic behavior but also generates uniformly distributed independent bits with good efficiency. In particular, the squeezed pseudorandom bits can pass both NIST 800-22 and TestU01 test suites in various settings. This study thereby provides a theoretical basis for effectively applying the 2D CML to secure communications

More Powerful and Reliable Second-level Statistical Randomness Tests for NIST SP 800-22

Random number generators (RNGs) are essential for cryptographic systems, and statistical tests are usually employed to assess the randomness of their outputs. As the most commonly used statistical test suite, the NIST SP 800-22 suite includes 15 test items, each of which contains two-level tests. For the test items based on the binomial distribution, we find that their second-level tests are flawed due to the inconsistency between the assessed distribution and the assumed one. That is, the sequence that passes the test could still have statistical flaws in the assessed aspect. For this reason, we propose Q-value as the metric for these second-level tests to replace the original P-value without any extra modification, and the first-level tests are kept unchanged. We provide the correctness proof of the proposed Q-value based second-level tests. We perform the theoretical analysis to demonstrate that the modification improves not only the detectability, but also the reliability. That is, the tested sequence that dissatisfies the randomness hypothesis has a higher probability to be rejected by the improved test, and the sequence that satisfies the hypothesis has a higher probability to pass it. The experimental results on several deterministic RNGs indicate that, the Q-value based method is able to detect some statistical flaws that the original SP 800-22 suite cannot realize under the same test parameters