initial sram state as a fingerprint and source of true random number for rfid tags
Download
Skip this Video
Download Presentation
Initial SRAM State as a Fingerprint and Source of True Random Number for RFID Tags

Loading in 2 Seconds...

play fullscreen
1 / 31

Initial SRAM State as a Fingerprint and Source of True Random Number for RFID Tags - PowerPoint PPT Presentation


  • 64 Views
  • Uploaded on

Initial SRAM State as a Fingerprint and Source of True Random Number for RFID Tags. Daniel E. Holcomb, Wayne P. Burleson and Kevin Fu University of Massachusetts, USA. Slides by Oded Argon. Overview. What is RFID? RFID Identification Schemes Random numbers What is FERNS? SRAM cell

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Initial SRAM State as a Fingerprint and Source of True Random Number for RFID Tags' - sierra-mcclain


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
initial sram state as a fingerprint and source of true random number for rfid tags

Initial SRAM State as a Fingerprint and Source of True Random Number for RFID Tags

Daniel E. Holcomb, Wayne P. Burleson and Kevin Fu

University of Massachusetts, USA.

Slides by Oded Argon

overview
Overview
  • What is RFID?
  • RFID Identification Schemes
  • Random numbers
  • What is FERNS?
  • SRAM cell
  • FERNS experimental work
  • Conclusion
  • Questions

FERNS - InfoSec Seminar TAU 2009

what is rfid
What is RFID?
  • Small ID tag
  • Has no power source – Low power
    • Even ultra low – the ‘RF’ part of RFID
    • Powered up by the reader for every “ID request”
  • Different applications
    • ID card
    • Digital cash card
    • Inventory management

FERNS - InfoSec Seminar TAU 2009

what is rfid cont
What is RFID? – cont.
  • Need an ID
    • The ‘ID’ part of RFID
  • Need Random numbers
    • For security reasons
    • Need a new random number for every power up
  • Need to be low cost
    • Billions of RFID tags

FERNS - InfoSec Seminar TAU 2009

rfid identification schemes
RFID Identification Schemes
  • Non volatile memories
    • Static and reliable
    • Complicated CMOS process
    • Programming is needed
  • Fingerprint
    • Using some process variations
    • Need dedicated circuitry (?)
    • Impacted by noise

FERNS - InfoSec Seminar TAU 2009

random numbers
Random Numbers
  • PRNGs
    • Pseudo Random Noise Generator
    • Using some mathematical function
    • Fully deterministic
  • TRNGs
    • True Random Noise Generator
    • Using some physical random process
    • Unpredictable

FERNS - InfoSec Seminar TAU 2009

random numbers cont
Random Numbers – cont.
  • Needed by almost every cryptographic algorithm
    • And thus by RFID tags
  • Needs to be unpredictable to be “strong” – TRNGs

FERNS - InfoSec Seminar TAU 2009

what is ferns
What is FERNS?
  • Fingerprint Extraction and Random Numbers in SRAM
  • Set out to get the ID and RNG without dedicated circuitry
    • Using existing CMOS storage – SRAM
  • Initial SRAM state based ID and RNG

FERNS - InfoSec Seminar TAU 2009

ferns and rfid
FERNS and RFID
  • Gives the tag its ID
  • RNG for security
  • Matches passive tags usage model
    • Get ID and a random number for every powerup

FERNS - InfoSec Seminar TAU 2009

standard sram cell
Standard SRAM cell
  • Made out of 6 transistors
  • Threshold voltage mismatch sets the initial state of each cell

FERNS - InfoSec Seminar TAU 2009

sram cell initial state
SRAM cell – Initial state
  • Cells with large threshold mismatch consistently stabilize to the same state
    • These make out the fingerprint
  • Cells with well matched thresholds are highly sensitive to noise
    • Physically random noise will set its initial state
    • These are used to for the RNG

FERNS - InfoSec Seminar TAU 2009

sram cell initial state cont
SRAM cell – Initial state – cont.
  • Black bits – reliably initialize to 0
  • White bits – reliably initialize to 1
  • Gray – can initialize toeither one

FERNS - InfoSec Seminar TAU 2009

testing platforms
Testing Platforms
  • 160 Virtual tags
    • 256Byte blocks
    • 8 * 512KB SRAM chips
    • Large dataset
    • Able to test corner correlation cases

FERNS - InfoSec Seminar TAU 2009

testing platforms cont
Testing platforms – cont.
  • 10 TI MSP430 Chips
    • 256Byte SRAM memory
    • Ultra low power
    • Not passively powered
    • Read out through JTAG

FERNS - InfoSec Seminar TAU 2009

testing platforms cont1
Testing platforms – cont.
  • 3 WISPs – Wireless Identification and Sensing Platform
    • Passively powered
    • 256Byte SRAM

FERNS - InfoSec Seminar TAU 2009

ferns for identification
FERNS for Identification
  • Latent print
    • A single print (initial state)
    • Is effected by noise
  • Known print
    • Bitwise mean of latent prints

FERNS - InfoSec Seminar TAU 2009

ferns for identification cont
FERNS for Identification – cont.
  • Black – ‘0’, White – ‘1’, Gray - Random

FERNS - InfoSec Seminar TAU 2009

ferns for identification cont1
FERNS for Identification – cont.
  • Three relevant distance quantities
    • Latent fingerprint and known fingerprint of same device
    • Latent fingerprint and all other devices known fingerprint
    • All distances between all known fingerprints
  • A simple hamming distance is used for testing

FERNS - InfoSec Seminar TAU 2009

test results analysis
Test results analysis
  • 160 Virtual tags
  • 800 latent fingerprints
  • Incorrect prints differ by at least 685 bits (out of 2048 bits)
    • Comparing known prints to other known prints gives similar results
  • Correct prints differ by less than 109 bits

FERNS - InfoSec Seminar TAU 2009

test results analysis cont
Test results analysis – cont.

FERNS - InfoSec Seminar TAU 2009

test results analysis cont1
Test results analysis – cont.
  • MSP430 – 10 known fingerprints
  • 300 latent fingerprints
  • 2700 incorrect matchings
    • Less than 10 came within 600 bits
  • 300 correct matchings
    • Only 4 differed by more than 425 bits
  • No fully reliable threshold available

FERNS - InfoSec Seminar TAU 2009

test results analysis cont2
Test results analysis – cont.

FERNS - InfoSec Seminar TAU 2009

test results analysis cont3
Test results analysis – cont.
  • 3 WISPs – 256 Byte each
    • 15 known prints – 64 bit
  • 150 latent fingerprints
  • 2100 incorrect matchings
    • None within 20 bits
  • 150 correct mathings
    • Only 3 differed by more than 8 bits

FERNS - InfoSec Seminar TAU 2009

test results analysis cont4
Test results analysis – cont.

FERNS - InfoSec Seminar TAU 2009

ferns identification security
FERNS Identification – security
  • Randomized ID
    • Can be used as a large ID space for each tag
    • No two fingerprints of the same tag came up during testing
    • Can help prevent reply attacks by recording history
    • An adversary can still generate a randomized print

FERNS - InfoSec Seminar TAU 2009

ferns for trng
FERNS for TRNG
  • Well matched cells capture physically random noise
  • Well matched cells are randomly scattered around the SRAM
    • Randomness is unpredictably scattered
  • The randomness is parallel
    • Contrary to most other TRNGs
  • Amount of entropy is unpredictable

FERNS - InfoSec Seminar TAU 2009

ferns for trng security
FERNS for TRNG - Security
  • The source of entropy is obscure
    • Can’t tell where are the well matched cells
  • Proximity of cells
    • Trying to influence one will likely influence others

FERNS - InfoSec Seminar TAU 2009

ferns for trng analysis
FERNS for TRNG - Analysis
  • Tested on the virtual tags
    • Least random of the three platforms
    • Most challenging
  • An average of 0.103 bits of entropy per memory bit
    • Around 210 bits out of 2048 raw bits
  • Possible to produce 128 bit “keys”

FERNS - InfoSec Seminar TAU 2009

ferns for trng analysis1
FERNS for TRNG - Analysis
  • Raw bits fail to pass entropy tests
    • Tested using NIST test suite
  • NH polynomial (PH) universal hash function as an entropy extractor
    • Passes the same tests
  • Future work
    • Test the min-entropy of the raw bits
    • Will ensure randomness of the hashed output

FERNS - InfoSec Seminar TAU 2009

conclusion
Conclusion
  • RFID tags are a challenging platform
    • Cost and security wise
  • Initial testing of FERNS seem to provide a system for fingerprints and true random numbers for RFIDS
  • Quality of both need to be further tested

FERNS - InfoSec Seminar TAU 2009

ad