1 Initial SRAM State as a Fingerprint and Source of True Random Number for RFID Tags Daniel E....

1

Initial SRAM State as a Fingerprint and Source of True Random Number for RFID Tags

Daniel E. Holcomb, Wayne P. Burleson and Kevin Fu

University of Massachusetts, USA.

Slides by Oded Argon

FERNS - InfoSec Seminar TAU 2009 2

Overview

What is RFID?RFID Identification SchemesRandom numbersWhat is FERNS?SRAM cellFERNS experimental workConclusionQuestions


What is RFID?

Small ID tagHas no power source – Low power

Even ultra low – the ‘RF’ part of RFIDPowered up by the reader for every “ID

request”Different applications

ID cardDigital cash card Inventory management


What is RFID? – cont.

Need an IDThe ‘ID’ part of RFID

Need Random numbers For security reasonsNeed a new random number for every

power upNeed to be low cost

Billions of RFID tags


RFID Identification Schemes

Non volatile memoriesStatic and reliableComplicated CMOS processProgramming is needed

FingerprintUsing some process variationsNeed dedicated circuitry (?) Impacted by noise


Random Numbers

PRNGsPseudo Random Noise GeneratorUsing some mathematical functionFully deterministic

TRNGsTrue Random Noise GeneratorUsing some physical random processUnpredictable


Random Numbers – cont.

Needed by almost every cryptographic algorithmAnd thus by RFID tags

Needs to be unpredictable to be “strong” – TRNGs


What is FERNS?

Fingerprint Extraction and Random Numbers in SRAM

Set out to get the ID and RNG without dedicated circuitryUsing existing CMOS storage – SRAM

Initial SRAM state based ID and RNG


FERNS and RFID

Gives the tag its IDRNG for securityMatches passive tags usage model

Get ID and a random number for every powerup


Standard SRAM cell

Made out of 6 transistors

Threshold voltage mismatch sets the initial state of each cell


SRAM cell – Initial state

Cells with large threshold mismatch consistently stabilize to the same stateThese make out the fingerprint

Cells with well matched thresholds are highly sensitive to noisePhysically random noise will set its initial

stateThese are used to for the RNG


SRAM cell – Initial state – cont.

Black bits – reliably initialize to 0White bits – reliably initialize to 1Gray – can initialize to

either one


Testing Platforms

160 Virtual tags256Byte blocks8 * 512KB SRAM chipsLarge datasetAble to test corner correlation cases


Testing platforms – cont.

10 TI MSP430 Chips256Byte SRAM memoryUltra low powerNot passively poweredRead out through JTAG


Testing platforms – cont.

3 WISPs – Wireless Identification and Sensing Platform Passively powered256Byte SRAM


FERNS for Identification

Latent printA single print (initial state) Is effected by noise

Known printBitwise mean of latent prints


FERNS for Identification – cont.

Black – ‘0’, White – ‘1’, Gray - Random


FERNS for Identification – cont.

Three relevant distance quantitiesLatent fingerprint and known fingerprint of

same deviceLatent fingerprint and all other devices

known fingerprintAll distances between all known fingerprints

A simple hamming distance is used for testing


Test results analysis

160 Virtual tags800 latent fingerprintsIncorrect prints differ by at least 685 bits

(out of 2048 bits)Comparing known prints to other known

prints gives similar resultsCorrect prints differ by less than 109 bits


Test results analysis – cont.



MSP430 – 10 known fingerprints300 latent fingerprints2700 incorrect matchings

Less than 10 came within 600 bits300 correct matchings

Only 4 differed by more than 425 bitsNo fully reliable threshold available





3 WISPs – 256 Byte each15 known prints – 64 bit

150 latent fingerprints2100 incorrect matchings

None within 20 bits150 correct mathings

Only 3 differed by more than 8 bits




FERNS Identification – security

Randomized IDCan be used as a large ID space for each

tagNo two fingerprints of the same tag came up

during testingCan help prevent reply attacks by recording

historyAn adversary can still generate a

randomized print


FERNS for TRNG

Well matched cells capture physically random noise

Well matched cells are randomly scattered around the SRAMRandomness is unpredictably scattered

The randomness is parallelContrary to most other TRNGs

Amount of entropy is unpredictable


FERNS for TRNG - Security

The source of entropy is obscureCan’t tell where are the well matched cells

Proximity of cellsTrying to influence one will likely influence

others


FERNS for TRNG - Analysis

Tested on the virtual tagsLeast random of the three platformsMost challenging

An average of 0.103 bits of entropy per memory bitAround 210 bits out of 2048 raw bits

Possible to produce 128 bit “keys”


FERNS for TRNG - Analysis

Raw bits fail to pass entropy testsTested using NIST test suite

NH polynomial (PH) universal hash function as an entropy extractorPasses the same tests

Future workTest the min-entropy of the raw bitsWill ensure randomness of the hashed

output


Conclusion

RFID tags are a challenging platformCost and security wise

Initial testing of FERNS seem to provide a system for fingerprints and true random numbers for RFIDS

Quality of both need to be further tested

31

Questions?

Date post:	18-Dec-2015
Category:	Documents
Upload:	melina-wilkerson
View:	215 times
Download:	0 times

1 Initial SRAM State as a Fingerprint and Source of True Random Number for RFID Tags Daniel E....

Documents