[Cryptography] A dual-use hrng suggestion

[Ryan Carboni]

10.1109/DATE.2011.5763260 : Integrated circuits (ICs) are becoming
increasingly vulnerable to malicious alterations, referred to as hardware
Trojans. Detection of these inclusions is of utmost importance, as they may
potentially be inserted into ICs bound for military, financial, or other
critical applications. A novel on-chip structure including a ring
oscillator network (RON), distributed across the entire chip, is proposed
to verify whether the chip is Trojan-free. This structure effectively
eliminates the issue of measurement noise, localizes the measurement of
dynamic power, and additionally compensates for the impact of process
variations. Combined with statistical data analysis, the separation of
process variations from the Trojan contribution to the circuit's transient
power is made possible. Simulation results featuring Trojans inserted into
a benchmark circuit using 90nm technology and experimental results on
Xilinx Spartan-3E FPGA demonstrate the efficiency and scalability of the
RON architecture for Trojan detection.

10.1109/ISCAS.2013.6572251 : Security of implementation of ciphers in
hardware has already been well studied, nevertheless ciphers are not the
only hardware block used for cryptography. True random number generators
(TRNGs) are also significant cryptography blocks since they are used to
provide secret keys, random protection masks, initial values to other
security blocks such as ciphers. The security of TRNG implementations is
thus of paramount importance. Recently, electromagnetic channel has been
used to efficiently attack ring oscillator based TRNG by fault injection.
The work presented in this paper shows that by analyzing electromagnetic
emanation of the TRNG under attack in varying conditions, it is possible to
obtain significant information on the TRNG such as its position and
oscillator frequency, in order to improve the previously published
electromagnetic attack.




A ring oscillator is useful as a random number generator (although with
it's own biases), and could apparently be used as a physical unclonable
function, this would make open source hardware more easily proven to be
secure. Obviously to avoid device fingerprinting and side channel issues,
unprivileged processes shouldn't be allowed to have direct access. Although
device fingerprinting is trivial unless you prevent access to any input
device. Even the user can be fingerprinted across devices through some
methods.

It is probably impossible to generate biased random numbers faster or
easier than the source (curious if there is a way to generate numbers
biased like RC4 but faster).

Given that virtually everything so easily analysed by side channel
(although the sheer number of multiplexers and buffer gates cause noise),
even low entropy hardware masking is probably required for some operations,
even at the cost of greater latency. Or metal shielding around the chip,
either grounded or connected to a resistor. There was some research into
using capacitors to limit power analysis success.

Ideally some of the purchase price would go into a trust for legal issues
or to support the design (as opposed to a hard EOL). (there is also the
advantage that if the trust suddenly disappears you can sue for fraud to
figure out wtf is going on, as opposed to hoping Paul Revere won't be
compelled to put up only one lantern)

Ideally jumping into the middle of an instruction should be improbable to
succeed.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20171205/29ea44ae/attachment.html>