The Impact of Pulsed Electromagnetic Fault Injection on True Random Number Generators

Random number generation is a key function of today's secure devices. Commonly used for key generation, random number streams are more and more frequently used as the anchor of trust of several countermeasures such as masking. True Random Number Generators (TRNGs) thus become a relevant entry point for attacks that aim at lowering the security of integrated systems. Within this context, this paper investigates the robustness of TRNGs based on Ring Oscillators (focusing on the delay chain TRNG) against pulsed electromagnetic fault injection. Indeed, weaknesses in generating random bits for masking scheme degenerate the Side Channel resistance. Finally by exploiting fault results on delay chain TRNG some general guidelines to harden them are derived.

[1]  Jean-Max Dutertre,et al.  Efficiency of a glitch detector against electromagnetic fault injection , 2014, 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[2]  Michael Hutter,et al.  Optical and EM Fault-Attacks on CRT-based RSA : Concrete Results , 2007 .

[3]  Jean-Luc Danger,et al.  PLL to the rescue: A novel EM fault countermeasure , 2016, 2016 53nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[4]  Ingrid Verbauwhede,et al.  A Closer Look at the Delay-Chain based TRNG , 2018, 2018 IEEE International Symposium on Circuits and Systems (ISCAS).

[5]  Louis Goubin,et al.  DES and Differential Power Analysis (The "Duplication" Method) , 1999, CHES.

[6]  Amine Dehbaoui,et al.  Injection of transient faults using electromagnetic pulses -Practical results on a cryptographic system- , 2012, IACR Cryptol. ePrint Arch..

[7]  Ingrid Verbauwhede,et al.  Highly efficient entropy extraction for true random number generators on FPGAs , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[8]  Simon W. Moore,et al.  The Frequency Injection Attack on Ring-Oscillator-Based True Random Number Generators , 2009, CHES.

[9]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[10]  Philippe Maurine,et al.  An Embedded Digital Sensor against EM and BB Fault Injection , 2016, 2016 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[11]  Bruno Robisson,et al.  Contactless Electromagnetic Active Attack on Ring Oscillator Based True Random Number Generator , 2012, COSADE.

[12]  Berk Sunar,et al.  A Provably Secure True Random Number Generator with Built-In Tolerance to Active Attacks , 2007, IEEE Transactions on Computers.