Initial sram state as a fingerprint and source of true random number for rfid tags
This presentation is the property of its rightful owner.
Sponsored Links
1 / 31

Initial SRAM State as a Fingerprint and Source of True Random Number for RFID Tags PowerPoint PPT Presentation


  • 40 Views
  • Uploaded on
  • Presentation posted in: General

Initial SRAM State as a Fingerprint and Source of True Random Number for RFID Tags. Daniel E. Holcomb, Wayne P. Burleson and Kevin Fu University of Massachusetts, USA. Slides by Oded Argon. Overview. What is RFID? RFID Identification Schemes Random numbers What is FERNS? SRAM cell

Download Presentation

Initial SRAM State as a Fingerprint and Source of True Random Number for RFID Tags

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Initial sram state as a fingerprint and source of true random number for rfid tags

Initial SRAM State as a Fingerprint and Source of True Random Number for RFID Tags

Daniel E. Holcomb, Wayne P. Burleson and Kevin Fu

University of Massachusetts, USA.

Slides by Oded Argon


Overview

Overview

  • What is RFID?

  • RFID Identification Schemes

  • Random numbers

  • What is FERNS?

  • SRAM cell

  • FERNS experimental work

  • Conclusion

  • Questions

FERNS - InfoSec Seminar TAU 2009


What is rfid

What is RFID?

  • Small ID tag

  • Has no power source – Low power

    • Even ultra low – the ‘RF’ part of RFID

    • Powered up by the reader for every “ID request”

  • Different applications

    • ID card

    • Digital cash card

    • Inventory management

FERNS - InfoSec Seminar TAU 2009


What is rfid cont

What is RFID? – cont.

  • Need an ID

    • The ‘ID’ part of RFID

  • Need Random numbers

    • For security reasons

    • Need a new random number for every power up

  • Need to be low cost

    • Billions of RFID tags

FERNS - InfoSec Seminar TAU 2009


Rfid identification schemes

RFID Identification Schemes

  • Non volatile memories

    • Static and reliable

    • Complicated CMOS process

    • Programming is needed

  • Fingerprint

    • Using some process variations

    • Need dedicated circuitry (?)

    • Impacted by noise

FERNS - InfoSec Seminar TAU 2009


Random numbers

Random Numbers

  • PRNGs

    • Pseudo Random Noise Generator

    • Using some mathematical function

    • Fully deterministic

  • TRNGs

    • True Random Noise Generator

    • Using some physical random process

    • Unpredictable

FERNS - InfoSec Seminar TAU 2009


Random numbers cont

Random Numbers – cont.

  • Needed by almost every cryptographic algorithm

    • And thus by RFID tags

  • Needs to be unpredictable to be “strong” – TRNGs

FERNS - InfoSec Seminar TAU 2009


What is ferns

What is FERNS?

  • Fingerprint Extraction and Random Numbers in SRAM

  • Set out to get the ID and RNG without dedicated circuitry

    • Using existing CMOS storage – SRAM

  • Initial SRAM state based ID and RNG

FERNS - InfoSec Seminar TAU 2009


Ferns and rfid

FERNS and RFID

  • Gives the tag its ID

  • RNG for security

  • Matches passive tags usage model

    • Get ID and a random number for every powerup

FERNS - InfoSec Seminar TAU 2009


Standard sram cell

Standard SRAM cell

  • Made out of 6 transistors

  • Threshold voltage mismatch sets the initial state of each cell

FERNS - InfoSec Seminar TAU 2009


Sram cell initial state

SRAM cell – Initial state

  • Cells with large threshold mismatch consistently stabilize to the same state

    • These make out the fingerprint

  • Cells with well matched thresholds are highly sensitive to noise

    • Physically random noise will set its initial state

    • These are used to for the RNG

FERNS - InfoSec Seminar TAU 2009


Sram cell initial state cont

SRAM cell – Initial state – cont.

  • Black bits – reliably initialize to 0

  • White bits – reliably initialize to 1

  • Gray – can initialize toeither one

FERNS - InfoSec Seminar TAU 2009


Testing platforms

Testing Platforms

  • 160 Virtual tags

    • 256Byte blocks

    • 8 * 512KB SRAM chips

    • Large dataset

    • Able to test corner correlation cases

FERNS - InfoSec Seminar TAU 2009


Testing platforms cont

Testing platforms – cont.

  • 10 TI MSP430 Chips

    • 256Byte SRAM memory

    • Ultra low power

    • Not passively powered

    • Read out through JTAG

FERNS - InfoSec Seminar TAU 2009


Testing platforms cont1

Testing platforms – cont.

  • 3 WISPs – Wireless Identification and Sensing Platform

    • Passively powered

    • 256Byte SRAM

FERNS - InfoSec Seminar TAU 2009


Ferns for identification

FERNS for Identification

  • Latent print

    • A single print (initial state)

    • Is effected by noise

  • Known print

    • Bitwise mean of latent prints

FERNS - InfoSec Seminar TAU 2009


Ferns for identification cont

FERNS for Identification – cont.

  • Black – ‘0’, White – ‘1’, Gray - Random

FERNS - InfoSec Seminar TAU 2009


Ferns for identification cont1

FERNS for Identification – cont.

  • Three relevant distance quantities

    • Latent fingerprint and known fingerprint of same device

    • Latent fingerprint and all other devices known fingerprint

    • All distances between all known fingerprints

  • A simple hamming distance is used for testing

FERNS - InfoSec Seminar TAU 2009


Test results analysis

Test results analysis

  • 160 Virtual tags

  • 800 latent fingerprints

  • Incorrect prints differ by at least 685 bits (out of 2048 bits)

    • Comparing known prints to other known prints gives similar results

  • Correct prints differ by less than 109 bits

FERNS - InfoSec Seminar TAU 2009


Test results analysis cont

Test results analysis – cont.

FERNS - InfoSec Seminar TAU 2009


Test results analysis cont1

Test results analysis – cont.

  • MSP430 – 10 known fingerprints

  • 300 latent fingerprints

  • 2700 incorrect matchings

    • Less than 10 came within 600 bits

  • 300 correct matchings

    • Only 4 differed by more than 425 bits

  • No fully reliable threshold available

FERNS - InfoSec Seminar TAU 2009


Test results analysis cont2

Test results analysis – cont.

FERNS - InfoSec Seminar TAU 2009


Test results analysis cont3

Test results analysis – cont.

  • 3 WISPs – 256 Byte each

    • 15 known prints – 64 bit

  • 150 latent fingerprints

  • 2100 incorrect matchings

    • None within 20 bits

  • 150 correct mathings

    • Only 3 differed by more than 8 bits

FERNS - InfoSec Seminar TAU 2009


Test results analysis cont4

Test results analysis – cont.

FERNS - InfoSec Seminar TAU 2009


Ferns identification security

FERNS Identification – security

  • Randomized ID

    • Can be used as a large ID space for each tag

    • No two fingerprints of the same tag came up during testing

    • Can help prevent reply attacks by recording history

    • An adversary can still generate a randomized print

FERNS - InfoSec Seminar TAU 2009


Ferns for trng

FERNS for TRNG

  • Well matched cells capture physically random noise

  • Well matched cells are randomly scattered around the SRAM

    • Randomness is unpredictably scattered

  • The randomness is parallel

    • Contrary to most other TRNGs

  • Amount of entropy is unpredictable

FERNS - InfoSec Seminar TAU 2009


Ferns for trng security

FERNS for TRNG - Security

  • The source of entropy is obscure

    • Can’t tell where are the well matched cells

  • Proximity of cells

    • Trying to influence one will likely influence others

FERNS - InfoSec Seminar TAU 2009


Ferns for trng analysis

FERNS for TRNG - Analysis

  • Tested on the virtual tags

    • Least random of the three platforms

    • Most challenging

  • An average of 0.103 bits of entropy per memory bit

    • Around 210 bits out of 2048 raw bits

  • Possible to produce 128 bit “keys”

FERNS - InfoSec Seminar TAU 2009


Ferns for trng analysis1

FERNS for TRNG - Analysis

  • Raw bits fail to pass entropy tests

    • Tested using NIST test suite

  • NH polynomial (PH) universal hash function as an entropy extractor

    • Passes the same tests

  • Future work

    • Test the min-entropy of the raw bits

    • Will ensure randomness of the hashed output

FERNS - InfoSec Seminar TAU 2009


Conclusion

Conclusion

  • RFID tags are a challenging platform

    • Cost and security wise

  • Initial testing of FERNS seem to provide a system for fingerprints and true random numbers for RFIDS

  • Quality of both need to be further tested

FERNS - InfoSec Seminar TAU 2009


Questions

Questions?


  • Login