1 / 31

Initial SRAM State as a Fingerprint and Source of True Random Number for RFID Tags

Initial SRAM State as a Fingerprint and Source of True Random Number for RFID Tags. Daniel E. Holcomb, Wayne P. Burleson and Kevin Fu University of Massachusetts, USA. Slides by Oded Argon. Overview. What is RFID? RFID Identification Schemes Random numbers What is FERNS? SRAM cell

sierra-mcclain
Download Presentation

Initial SRAM State as a Fingerprint and Source of True Random Number for RFID Tags

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Initial SRAM State as a Fingerprint and Source of True Random Number for RFID Tags Daniel E. Holcomb, Wayne P. Burleson and Kevin Fu University of Massachusetts, USA. Slides by Oded Argon

  2. Overview • What is RFID? • RFID Identification Schemes • Random numbers • What is FERNS? • SRAM cell • FERNS experimental work • Conclusion • Questions FERNS - InfoSec Seminar TAU 2009

  3. What is RFID? • Small ID tag • Has no power source – Low power • Even ultra low – the ‘RF’ part of RFID • Powered up by the reader for every “ID request” • Different applications • ID card • Digital cash card • Inventory management FERNS - InfoSec Seminar TAU 2009

  4. What is RFID? – cont. • Need an ID • The ‘ID’ part of RFID • Need Random numbers • For security reasons • Need a new random number for every power up • Need to be low cost • Billions of RFID tags FERNS - InfoSec Seminar TAU 2009

  5. RFID Identification Schemes • Non volatile memories • Static and reliable • Complicated CMOS process • Programming is needed • Fingerprint • Using some process variations • Need dedicated circuitry (?) • Impacted by noise FERNS - InfoSec Seminar TAU 2009

  6. Random Numbers • PRNGs • Pseudo Random Noise Generator • Using some mathematical function • Fully deterministic • TRNGs • True Random Noise Generator • Using some physical random process • Unpredictable FERNS - InfoSec Seminar TAU 2009

  7. Random Numbers – cont. • Needed by almost every cryptographic algorithm • And thus by RFID tags • Needs to be unpredictable to be “strong” – TRNGs FERNS - InfoSec Seminar TAU 2009

  8. What is FERNS? • Fingerprint Extraction and Random Numbers in SRAM • Set out to get the ID and RNG without dedicated circuitry • Using existing CMOS storage – SRAM • Initial SRAM state based ID and RNG FERNS - InfoSec Seminar TAU 2009

  9. FERNS and RFID • Gives the tag its ID • RNG for security • Matches passive tags usage model • Get ID and a random number for every powerup FERNS - InfoSec Seminar TAU 2009

  10. Standard SRAM cell • Made out of 6 transistors • Threshold voltage mismatch sets the initial state of each cell FERNS - InfoSec Seminar TAU 2009

  11. SRAM cell – Initial state • Cells with large threshold mismatch consistently stabilize to the same state • These make out the fingerprint • Cells with well matched thresholds are highly sensitive to noise • Physically random noise will set its initial state • These are used to for the RNG FERNS - InfoSec Seminar TAU 2009

  12. SRAM cell – Initial state – cont. • Black bits – reliably initialize to 0 • White bits – reliably initialize to 1 • Gray – can initialize toeither one FERNS - InfoSec Seminar TAU 2009

  13. Testing Platforms • 160 Virtual tags • 256Byte blocks • 8 * 512KB SRAM chips • Large dataset • Able to test corner correlation cases FERNS - InfoSec Seminar TAU 2009

  14. Testing platforms – cont. • 10 TI MSP430 Chips • 256Byte SRAM memory • Ultra low power • Not passively powered • Read out through JTAG FERNS - InfoSec Seminar TAU 2009

  15. Testing platforms – cont. • 3 WISPs – Wireless Identification and Sensing Platform • Passively powered • 256Byte SRAM FERNS - InfoSec Seminar TAU 2009

  16. FERNS for Identification • Latent print • A single print (initial state) • Is effected by noise • Known print • Bitwise mean of latent prints FERNS - InfoSec Seminar TAU 2009

  17. FERNS for Identification – cont. • Black – ‘0’, White – ‘1’, Gray - Random FERNS - InfoSec Seminar TAU 2009

  18. FERNS for Identification – cont. • Three relevant distance quantities • Latent fingerprint and known fingerprint of same device • Latent fingerprint and all other devices known fingerprint • All distances between all known fingerprints • A simple hamming distance is used for testing FERNS - InfoSec Seminar TAU 2009

  19. Test results analysis • 160 Virtual tags • 800 latent fingerprints • Incorrect prints differ by at least 685 bits (out of 2048 bits) • Comparing known prints to other known prints gives similar results • Correct prints differ by less than 109 bits FERNS - InfoSec Seminar TAU 2009

  20. Test results analysis – cont. FERNS - InfoSec Seminar TAU 2009

  21. Test results analysis – cont. • MSP430 – 10 known fingerprints • 300 latent fingerprints • 2700 incorrect matchings • Less than 10 came within 600 bits • 300 correct matchings • Only 4 differed by more than 425 bits • No fully reliable threshold available FERNS - InfoSec Seminar TAU 2009

  22. Test results analysis – cont. FERNS - InfoSec Seminar TAU 2009

  23. Test results analysis – cont. • 3 WISPs – 256 Byte each • 15 known prints – 64 bit • 150 latent fingerprints • 2100 incorrect matchings • None within 20 bits • 150 correct mathings • Only 3 differed by more than 8 bits FERNS - InfoSec Seminar TAU 2009

  24. Test results analysis – cont. FERNS - InfoSec Seminar TAU 2009

  25. FERNS Identification – security • Randomized ID • Can be used as a large ID space for each tag • No two fingerprints of the same tag came up during testing • Can help prevent reply attacks by recording history • An adversary can still generate a randomized print FERNS - InfoSec Seminar TAU 2009

  26. FERNS for TRNG • Well matched cells capture physically random noise • Well matched cells are randomly scattered around the SRAM • Randomness is unpredictably scattered • The randomness is parallel • Contrary to most other TRNGs • Amount of entropy is unpredictable FERNS - InfoSec Seminar TAU 2009

  27. FERNS for TRNG - Security • The source of entropy is obscure • Can’t tell where are the well matched cells • Proximity of cells • Trying to influence one will likely influence others FERNS - InfoSec Seminar TAU 2009

  28. FERNS for TRNG - Analysis • Tested on the virtual tags • Least random of the three platforms • Most challenging • An average of 0.103 bits of entropy per memory bit • Around 210 bits out of 2048 raw bits • Possible to produce 128 bit “keys” FERNS - InfoSec Seminar TAU 2009

  29. FERNS for TRNG - Analysis • Raw bits fail to pass entropy tests • Tested using NIST test suite • NH polynomial (PH) universal hash function as an entropy extractor • Passes the same tests • Future work • Test the min-entropy of the raw bits • Will ensure randomness of the hashed output FERNS - InfoSec Seminar TAU 2009

  30. Conclusion • RFID tags are a challenging platform • Cost and security wise • Initial testing of FERNS seem to provide a system for fingerprints and true random numbers for RFIDS • Quality of both need to be further tested FERNS - InfoSec Seminar TAU 2009

  31. Questions?

More Related