D2.1 - Report on Selected TRNG and PUF Principles

This report represents the final version of Deliverable 2.1 of the HECTOR work package WP2. It is a result of discussions and work on Task 2.1 of all HECTOR partners involved in WP2. The aim of the Deliverable 2.1 is to select principles of random number generators (RNGs) and physical unclonable functions (PUFs) that fulfill strict technology, design and security criteria. For example, the selected RNGs must be suitable for implementation in logic devices according to the German AIS20/31 standard. Correspondingly, the selected PUFs must be suitable for applying similar security approach. A standard PUF evaluation approach does not exist, yet, but it should be proposed in the framework of the project. Selected RNGs and PUFs should be then thoroughly evaluated from the point of view of security and the most suitable principles should be implemented in logic devices, such as Field Programmable Logic Arrays (FPGAs) and Application Specific Integrated Circuits (ASICs) during the next phases of the project

Générateurs de nombres aléatoires pour la cryptographie : Conception, sécurisation et évaluation

Random numbers are essential for modern cryptographic systems. They are used as cryptographic keys, nonces, initialization vectors and random masks for protection against side channel attacks. In this thesis, we deal with random number generators in logic devices (Field Programmable Gate Arrays – FPGAs and Application Specific Integrated Circuits – ASICs). We present fundamental methods of generation of random numbers in logic devices. Then, we discuss different types of TRNGs using clock jitter as a source of randomness. We provide a rigorous evaluation of various AIS-20/31 compliant TRNG cores implemented in three different FPGA families : Intel Cyclone V, Xilinx Spartan-6 and Microsemi SmartFusion2. We then present the implementation of selected TRNG cores in custom ASIC and we evaluate them. Next, we study PLL-TRNG in depth in order to provide a secure design of this TRNG together with embedded tests. Finally, we study oscillator based TRNGs. We compare different randomness extraction methods as well as different oscillator types and the behavior of the clock jitter inside each of them. We also propose methods of embedded jitter measurement for online testing of oscillator based TRNGs.Les nombres aléatoires sont essentiels pour les systèmes cryptographiques modernes. Ils servent de clés cryptographiques, de nonces, de vecteurs d’initialisation et de masques aléatoires pour la protection contre les attaques par canaux cachés. Dans cette thèse, nous traitons des générateurs de nombres aléatoires dans les circuits logiques (FPGA et ASIC). Nous présentons les méthodes fondamentales de génération de nombres aléatoires dans des circuits logiques. Ensuite, nous discutons de différents types de TRNG en utilisant le jitter d’horloge comme source d’aléa. Nous faisons une évaluation rigoureuse de divers noyaux TRNG conformes à la norme AIS-20/31 et mis en œuvre dans trois familles de FPGA différentes: Intel Cyclone V, Xilinx Spartan-6 et Microsemi SmartFusion2. Puis, nous présentons l’implémentation des noyaux TRNG sélectionnés dans des ASIC et leur évaluation. Ensuite, nous étudions en profondeur PLL-TRNG afin de fournir une conception sécurisée de ce TRNG ainsi que des tests intégrés. Enfin, nous étudions les TRNG basés sur les oscillateurs. Nous comparons de différentes méthodes d'extraction d’aléa ainsi que de différents types d'oscillateurs et le comportement du jitter d'horloge à l'intérieur de chacun d'eux. Nous proposons également des méthodes de mesure du jitter intégrée pour le test en ligne des TRNG basés sur les oscillateurs

Optimization of the PLL Based TRNG Design Using the Genetic Algorithm.

International audiencePhase-locked loop (PLL) based true random number generator (TRNG) is very well suited for security applications using field programmable gate arrays (FPGAs) because most of FPGAs feature hardwired PLL blocks. PLL based TRNGs (PLL-TRNGs) are easy to implement and do not require manual placement or routing. The design of such TRNGs is also highly portable within the same device family. This is not the case in many other TRNG designs. However, the design of a PLL-TRNGs is not a trivial task. Due to many PLL parameters, which need to be fine tuned to achieve required security and speed requirements, an exhaustive design space exploration is practically not feasible. Thus, the designers are required to go through many trial and error cycles of manual parameter tweaking and the results are still not guaranteed to be optimal. In this paper, we use a genetic algorithm (GA) based optimization to generate a suitable configuration of the PLL-TRNG, such that it is secure and reaches high output bit rate. GA optimization allows to take into account physical limits of the PLL, such as input/output frequency, and maximum voltage controlled oscillator (VCO) frequency, which avoids invalid configurations and reduces the development time. The method has proven to be very efficient and it significantly reduces the design time without compromising the security. All the presented configurations were tested on recent FPGA families and the statistical quality of the resulting TRNG configurations was verified using the AIS 31 test suite

Optimization of the PLL configuration in a PLL-based TRNG design

International audience—Several recent designs show that the phase locked-loops (PLLs) are well suited for building true random number generators (TRNG) in logic devices and especially in FPGAs, in which PLLs are physically isolated from the rest of the device. However, the setup of the PLL configuration for the PLL-based TRNG is a challenging task. Indeed, the designer has to take into account physical constraints of the hardwired block, when trying to achieve required performance (bit rate) and security (entropy rate per bit). In this paper, we introduce a method aimed at choosing PLL parameters (e.g. input frequency, multiplication and division factors of the PLL) that satisfy hardware constraints, while achieving the highest possible bit rate or entropy rate according to application requirements. The proposed method is fast enough to produce all possible configurations in a short time. Comparing to the previous method based on a genetic algorithm, which was able to find only a locally optimized solution and only for one PLL in tens of seconds, the new method finds exhaustive set of feasible configurations of one-or two-PLL TRNG in few seconds, while the found configurations can be ordered depending on their performance or sensitivity to jitter

Evaluation of AIS-20/31 compliant TRNG cores implemented on FPGAs

International audience—FPGAs are widely used to integrate cryptographic primitives, algorithms, and protocols in cryptographic systems-on-chip (CrySoC). As a building block of CrySoCs, True Random Number Generators (TRNGs) exploit analog noise sources in electronic devices to generate confidential keys, initialization vectors, challenges, nonces, and random masks in cryptographic protocols. TRNGs aimed at cryptographic applications must fulfill the security requirements defined in the German Federal Bureau for Information Security's (BSI) recommendations AIS-20/31, which has become a de facto standard in Europe. Many TRNG cores have already been published, only a few of which are suitable for FPGAs and even fewer comply with AIS-20/31. Here we present the results of the implementation of AIS-20/31 compliant TRNG cores in three FPGA families: Xilinx Spartan 6, Altera Cyclone V and Microsemi SmartFusion 2. In addition to common design parameters like area, bit rate and power/energy consumption, we compare and discuss the feasibility of generator cores in different FPGAs and the statistical quality of their output. These results will help designers select the best generator and the device family to match the requirements of the data security application. To ensure reproducibility of the results, the open source VHDL code of all generators adapted to individual families can be downloaded from the dedicated web page

Two Methods of the Clock Jitter Measurement Aimed at Embedded TRNG Testing

International audience—In modern cryptographic systems, security is based on quality and unpredictability of confidential keys. These keys are generated in random number generators using random physical phenomena appearing inside the cryptographic system on chip. The most frequently used source of randomness in digital devices is the jitter of clock signals generated inside the device in ring oscillators, self-timed rings, RC oscillators, phase-locked loops (PLLs), etc. The quality and unpredictability of generated numbers depends on the quality and the size of the clock jitter. It is therefore a good practice to monitor this jitter continuously using some embedded jitter measurement method. The measured jitter parameters can be then used as input parameters of the stochastic model used to estimate entropy, which characterizes unpredictability of generated numbers. In this paper, we present and compare two methods of embedded jitter assessment based on the measurement of the variance of counter values, obtained by counting the periods of the jittery clock during a time interval defined by a reference clock generated in the same device. Besides comparing obvious design results such as area, speed, and power consumption, we observe and discuss the impact of the two embedded variance measurement methods on the clock jitter itself, and compare the behavior of the two clock generators used as sources of randomness with and without clock variance measurement circuitry, and with and without additional logic such as an AES cipher, which perturbs the variance computation, as it is the case in most cryptographic embedded systems. This comparison is very important for a good estimation of the low entropy bound from the measurement results

Efficient design of Oscillator based Physical Unclonable Functions on Flash FPGAs

International audience—With the scaling down of electronic devices and the boom of wireless communications, more and more smart devices are interconnected in what we call the Internet of Things. Connecting devices of everyday use can greatly improve our comfort, but it can also introduce unprecedented security problems. With billions of devices connected there is a huge risk of unauthorized use. In this context, Physical Unclonable Functions (PUFs) are a promising solution since they extract device intrinsic fingerprint that can be used for hardware identification and authentication. Here we present the first fully functional implementation of Oscillator based PUFs on Flash based FPGA. The implementation is presented for the Ring Oscillator based PUF and the Transient Effect Ring Oscillatory based PUF. After explaining those two PUF principles, we give all the necessary design practices to follow to obtain an efficient PUF implementation on Flash FPGA. Finally, we present the characterization of the PUFs and compare it to previous work. To the best of our knowledge, it is the first work which deals with the implementation of Oscillator based PUF on Flash FPGAs. Moreover, all design files are available online to ensure repeatability

A survey of AIS-20/31 compliant TRNG cores suitable for FPGA devices

International audience—FPGAs are widely used to integrate cryptographic primitives, algorithms, and protocols in cryptographic systems-on-chip (CrySoC). As a building block of CrySoCs, True Random Number Generators (TRNGs) exploit analog noise sources in electronic devices to generate confidential keys, initialization vectors, challenges, nonces, and random masks in cryptographic protocols. TRNGs aimed at cryptographic applications must fulfill the security requirements defined in the German Federal Bureau for Information Security's (BSI) recommendations AIS-20/31, which has become a de facto standard in Europe. Many TRNG cores have already been published, only a few of which are suitable for FPGAs and even fewer comply with AIS-20/31. Here we present the results of the implementation of AIS-20/31 compliant TRNG cores in three FPGA families: Xilinx Spartan 6, Altera Cyclone V and Microsemi SmartFusion 2. In addition to common design parameters like area, bit rate and power/energy consumption, we compare and discuss the feasibility of generator cores in different FPGAs and the statistical quality of their output. These results will help designers select the best generator and the device family to match the requirements of the data security application. To ensure reproducibility of the results, the open source VHDL code of all generators adapted to individual families can be downloaded from the dedicated web page

Complete activation scheme for FPGA-oriented IP cores design protection

International audienceIntellectual Property (IP) illegal copying is a major threat in today's integrated circuits industry which is massively based on a design-and-reuse paradigm. In order to fight this threat, a designer must track how many times an IP has been instantiated. Moreover, illegal copies of an IP must be unusable. We propose a hardware/software scheme which allows a designer to remotely activate an IP with minimal area overhead. The software modifies the IP efficiently and can handle very large netlists. Unique identification of hardware instances is achieved by integrating a TERO-PUF along with a lightweight key reconciliation module. A cryptographic core guarantees security and triggers a logic locking/masking module which makes the IP unusable unless the correct encrypted activation word is applied. I. GRAPHICAL USER INTERFACE A user interface allows one to perform the following actions: • Modify the IP, using logic masking [1] or logic locking [2] to make it controllably unusable. Several parameters can be tuned, as well as the area overhead. • Obtain the reference response from the TERO-PUF [3]. • Reconcile the key with CASCADE [4] and activate the IP. II. DEMO SCENARIO AND OBSERVABLES The typical demo scenario is the following. First, an IP in the form of a netlist is modified and the associated activation word (AW) is stored. The motherboard is then connected to the PC and the daughterboard is enrolled by obtaining a response from a PUF instantiated at a known location. This response is used to encrypt AW. The protected IP is instantiated on the enrolled daughterboard. Before activation, the IP does not operate correctly. When the activation phase starts, the key reconciliation procedure is conducted to ensure that the PUF response generated on the daughterboard is identical to the one obtained during enrollment. Then, AW is encrypted and sent to the board. It is then internally decrypted and sent to the logic masking/locking module, to make the IP fully operational. If the IP is instantiated on a different daughterboard, it does not operate correctly since the PUF response is different. Each IP is securely bound to a trusted hardware target. ACKNOWLEDGMENT

Evaluation and monitoring of free running oscillators serving as source of randomness

International audienceIn this paper, we evaluate clock signals generated in ring oscillators and self-timed rings and the way their jitter can be transformed into random numbers. We show that counting the periods of the jittery clock signal produces random numbers of significantly better quality than the methods in which the jittery signal is simply sampled (the case in almost all current methods). Moreover, we use the counter values to characterize and continuously monitor the source of randomness. However, instead of using the widely used statistical variance, we propose to use Allan variance to do so. There are two main advantages: Allan variance is insensitive to low frequency noises such as flicker noise that are known to be autocorrelated and significantly less circuitry is required for its computation than that used to compute commonly used variance. We also show that it is essential to use a differential principle of randomness extraction from the jitter based on the use of two identical oscillators to avoid autocorrelations originating from external and internal global jitter sources and that this fact is valid for both kinds of rings. Last but not least, we propose a method of statistical testing based on high order Markov model to show the reduced dependencies when the proposed randomness extraction is applied