Special Session: Security Verification & Testing for SR-Latch TRNGs
Abstract
Secure chips implement cryptographic algorithms and protocols to ensure self-protection (e.g., firmware authenticity) as well as user data protection (e.g., encrypted data storage). In turn, cryptography needs to defer to incorruptible sources of entropy to implement their functions according to their mandatory usage guidance. Typically, keys, nonces, initialization vectors, tweaks, etc. shall not be guessed by attackers. In practice, True Random Number Generators (TRNGs) are in charge of producing such sensitive elements. Fully aware of the central role of TRNGs in the proper implementation of security in chips, stakeholders have been formalizing the requirements recently. The methods to strengthen such requirements are manifold. In this paper, we discuss and apply three of them by targeting the Set-Reset Latch TRNG which is an alternative to Ring-Oscillator (RO) TRNGs as it provides faster throughputs. The first method concerns the confidence in the TRNG being random enough. It explores how the TRNG properties can be reliably predicted by simulation, compared to real silicon experiments. The second aspect dealt with in this paper is the assessment of the TRNG properties over time, i.e., considering the impact of aging in the TRNG properties. Such knowledge is important as secure chips are expected to be in service for a long period, and it would be detrimental to the service they render if the quality of the entropy they deliver would be declining over time. Eventually, the third aspect of this paper is the timely detection of unforeseen failures or malevolent attacks. The mitigation lies in leveraging "health tests" launched prior to using random numbers. This paper focuses on a particular type of TRNG that is not prone to biasing by attackers: it is the so-called Set-Reset Latch (SR-latch) TRNG and exploits a race condition in an arbitration gate. Such kind of TRNG is of great practical interest as an alternative design compared to the mainstream "Ring Oscillator" TRNG, and it is also very amenable to analyses by various sorts of simulations aiming at properly characterizing its security in various operational environments.
Domains
Engineering Sciences [physics]Origin | Files produced by the author(s) |
---|