using SRAM state as a source of randomness
Joachim Strömbergson
Joachim at Strombergson.com
Sat Sep 15 15:12:05 EDT 2007
Aloha!
Udhay Shankar N skrev:
> Sounds like an interesting idea - using SRAM state as a source of
> randomness. Any of the folks here willing to comment on this?
>
> Udhay
>
> http://prisms.cs.umass.edu/~kevinfu/papers/holcomb-FERNS-RFIDSec07.pdf
IMHO a very interesting paper.
But I have a few questions about practical aspects of this (and the paper).
First off I don't see any info in the paper about the time between power
cycling and reading the memory. Shouldn't the RNG generated by the
memory be affected by remanence problems if the power cycle is to short?
I.e if the power off state is to short, the bit pattern from one read
operation will contain more of the bit pattern from previous power on
states.
(2) How would one go about extracting the fingerprint/ID? As I see it
you would either have to do numerous read operations (with power cycling
in between) and then extract the fixed bits on a host. That is, the host
reads the whole memory (just like in the paper) and from that extract
the ID. This means that the RFID-unit will not know it's own ID.
The other way to do it (as I see it), is to do the multiple reads during
manufacturing (post production test/configuration), extract the fixed
bits and then stor the index to these bits within the RFID chip. This
would allow the RFID to assemble the bits and know it's own ID, but then
the idea (as presented in the paper) to not have to do post
manufacturing work to set the ID is gone.
(3) in the opposite situation to (2), how should the RFID unit avoid the
fixed bits when generating a key based on the random bits? Would it be
ok to simply run the power on memory state through a cryptographic hash
function, ignoring the fixed bits?
--
Med vänlig hälsning, Yours
Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
Kryptoblog - IT-säkerhet på svenska
http://www.strombergson.com/kryptoblog
========================================================================
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list