Data remanence effects on memory-based entropy collection for RFID systems

Random number generation is a fundamental security primitive. This relatively simple requirement is beyond the capacity of passive RFID (radio frequency identification) tags, however. A recent proposal, fingerprint extraction and random number generation in SRAM (FERNS), uses onboard RAM as a randomness source. Unfortunately, practical considerations prevent this approach from reaching its full potential. First, the amount of RAM available for utilization as a randomness generator may be severely restricted due to competition with other system functionalities. Second, RAM is subject to data remanence; there is a period after losing power during which stored data remains intact in memory. Thus, after memory has been used for entropy collection once it will require time without power before it can be reused. This may lead to unacceptable delays in a usable security application. In this paper, the practical considerations that must be taken into account when using RAM as an entropy source are demonstrated. The implementation of a true random number generator on Intel’s WISP (wireless identification and sensing platform) RFID tag is also presented, which is the first to the authors’ best knowledge. By relating this to the requirements of some popular RFID authentication protocols, the practicality of utilizing memory-based randomness techniques on resource-constrained devices is assessed.

[1]  Berk Sunar,et al.  Universal Hash Functions for Emerging Ultra-Low-Power Networks , 2004 .

[2]  Berk Sunar,et al.  PUF-HB: A Tamper-Resilient HB Based Authentication Protocol , 2008, ACNS.

[3]  Joshua R. Smith,et al.  Design of a Passively-Powered, Programmable Sensing Platform for UHF RFID Systems , 2007, 2007 IEEE International Conference on RFID.

[4]  David A. Wagner,et al.  Privacy and security in library RFID: issues, practices, and architectures , 2004, CCS '04.

[5]  Daniel E. Holcomb,et al.  Initial SRAM State as a Fingerprint and Source of True Random Numbers for RFID Tags , 2007 .

[6]  Ari Juels,et al.  Authenticating Pervasive Devices with Human Protocols , 2005, CRYPTO.

[7]  Daniel E. Holcomb,et al.  Power-Up SRAM State as an Identifying Fingerprint and Source of True Random Numbers , 2009, IEEE Transactions on Computers.

[8]  Hugo Krawczyk,et al.  UMAC: Fast and Secure Message Authentication , 1999, CRYPTO.

[9]  Julien Bringer,et al.  HB^+^+: a Lightweight Authentication Protocol Secure against Some Attacks , 2006, Second International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing (SecPerU'06).

[10]  Sergei Skorobogatov Low temperature data remanence in static RAM , 2002 .

[11]  Peter Gutmann,et al.  Data Remanence in Semiconductor Devices , 2001, USENIX Security Symposium.

[12]  V. Rich Personal communication , 1989, Nature.

[13]  Nitesh Saxena,et al.  We Can Remember It for You Wholesale: Implications of Data Remanence on the Use of RAM for True Random Number Generation on RFID Tags (RFIDSec 2009) , 2009, ArXiv.

[14]  Yannick Seurin,et al.  HB#: Increasing the Security and Efficiency of HB+ , 2008, EUROCRYPT.

[15]  Alanson P. Sample,et al.  A Wirelessly-Powered Platform for Sensing and Computation , 2006, UbiComp.

[16]  Jonathan Katzand,et al.  Parallel and Concurrent Security of the HB and HB + Protocols , 2006 .

[17]  Takuji Nishimura,et al.  Mersenne twister: a 623-dimensionally equidistributed uniform pseudo-random number generator , 1998, TOMC.

[18]  Julien Bringer,et al.  Trusted-HB: A Low-Cost Version of HB $^+$ Secure Against Man-in-the-Middle Attacks , 2008, IEEE Transactions on Information Theory.

[19]  Jonathan Katz,et al.  Parallel and Concurrent Security of the HB and HB+ Protocols , 2006, EUROCRYPT.

[20]  Tadayoshi Kohno,et al.  RFIDs and secret handshakes: defending against ghost-and-leech attacks and unauthorized reads with context-aware communications , 2008, CCS.

[21]  Nitesh Saxena Accelerometer Based Random Number Generation on RFID Tags , 2009 .

[22]  David Peerla,et al.  We Can Remember It for You , 2009 .

[23]  Manuel Blum,et al.  Secure Human Identification Protocols , 2001, ASIACRYPT.

[24]  Ariel J. Feldman,et al.  Lest we remember: cold-boot attacks on encryption keys , 2008, CACM.