using SRAM state as a source of randomness

Joachim Strömbergson Joachim at Strombergson.com
Sat Sep 15 15:12:05 EDT 2007


Aloha!

Udhay Shankar N skrev:
> Sounds like an interesting idea - using SRAM state as a source of 
> randomness. Any of the folks here willing to comment on this?
> 
> Udhay
> 
> http://prisms.cs.umass.edu/~kevinfu/papers/holcomb-FERNS-RFIDSec07.pdf

IMHO a very interesting paper.

But I have a few questions about practical aspects of this (and the paper).

First off I don't see any info in the paper about the time between power 
cycling and reading the memory. Shouldn't the RNG generated by the 
memory be affected by remanence problems if the power cycle is to short? 
I.e if the power off state is to short, the bit pattern from one read 
operation will contain more of the bit pattern from previous power on 
states.

(2) How would one go about extracting the fingerprint/ID? As I see it 
you would either have to do numerous read operations (with power cycling 
in between) and then extract the fixed bits on a host. That is, the host 
reads the whole memory (just like in the paper) and from that extract 
the ID. This means that the RFID-unit will not know it's own ID.

The other way to do it (as I see it), is to do the multiple reads during 
manufacturing (post production test/configuration), extract the fixed 
bits and then stor the index to these bits within the RFID chip. This 
would allow the RFID to assemble the bits and know it's own ID, but then 
the idea (as presented in the paper) to not have to do post 
manufacturing work to set the ID is gone.

(3) in the opposite situation to (2), how should the RFID unit avoid the 
fixed bits when generating a key based on the random bits? Would it be 
ok to simply run the power on memory state through a cryptographic hash 
function, ignoring the fixed bits?

-- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
Kryptoblog - IT-säkerhet på svenska
http://www.strombergson.com/kryptoblog
========================================================================

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list