A Novel Attack on a FPGA based True Random Number Generator

Anju Johnson, Rajat Subhra Chakraborty, Debdeep Mukhopadhyay

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Citations (Scopus)

Abstract

True random Number Generators (TRNGs) are important sources of randomness necessary in several cryptographic algorithms and protocols. We describe an attack on a practical Field Programmable Gate Array (FPGA) based TRNG that severely affects the randomness of its output bitstream. In particular, we develop, mathematically analyze and demonstrate an"in-field", post-deployment Hardware Trojan Horse (HTH) insertion technique that exploits the Dynamic Partial Reconfiguration (DPR) capability of modern FPGAs. The attack can be launched from a remote device connected to the FPGA over a standard network connection. The inserted HTH operates by adversely affecting the source of entropy of the TRNG, which results in the probability of zero in the output bitstream to increase to about 0.75 (instead of the ideal value of 0.5). Our experimental results demonstrate that the Trojan is extremely effective, with very low hardware and resource footprint, making its detection very challenging.
LanguageEnglish
Title of host publicationProceedings of the WESS'15
Subtitle of host publicationWorkshop on Embedded Systems Security
PublisherAssociation for Computing Machinery (ACM)
Number of pages6
ISBN (Electronic)9781450336673
DOIs
Publication statusPublished - 4 Oct 2015
Externally publishedYes
Event10th Workshop on Embedded Systems Security: A Workshop of the Embedded Systems Week (ESWEEK 2015) - Amsterdam, Netherlands
Duration: 8 Oct 20158 Oct 2015
http://www.wess-workshop.org/

Workshop

Workshop10th Workshop on Embedded Systems Security
Abbreviated titleWESS 2015
CountryNetherlands
CityAmsterdam
Period8/10/158/10/15
Internet address

Fingerprint

Field programmable gate arrays (FPGA)
Entropy
Hardware
Hardware security
Malware

Cite this

Johnson, A., Chakraborty, R. S., & Mukhopadhyay, D. (2015). A Novel Attack on a FPGA based True Random Number Generator. In Proceedings of the WESS'15: Workshop on Embedded Systems Security [6] Association for Computing Machinery (ACM). https://doi.org/10.1145/2818362.2818368
Johnson, Anju ; Chakraborty, Rajat Subhra ; Mukhopadhyay, Debdeep. / A Novel Attack on a FPGA based True Random Number Generator. Proceedings of the WESS'15: Workshop on Embedded Systems Security. Association for Computing Machinery (ACM), 2015.
@inproceedings{f1e4a7db590f45ed91d62f1b16dbddbc,
title = "A Novel Attack on a FPGA based True Random Number Generator",
abstract = "True random Number Generators (TRNGs) are important sources of randomness necessary in several cryptographic algorithms and protocols. We describe an attack on a practical Field Programmable Gate Array (FPGA) based TRNG that severely affects the randomness of its output bitstream. In particular, we develop, mathematically analyze and demonstrate an{"}in-field{"}, post-deployment Hardware Trojan Horse (HTH) insertion technique that exploits the Dynamic Partial Reconfiguration (DPR) capability of modern FPGAs. The attack can be launched from a remote device connected to the FPGA over a standard network connection. The inserted HTH operates by adversely affecting the source of entropy of the TRNG, which results in the probability of zero in the output bitstream to increase to about 0.75 (instead of the ideal value of 0.5). Our experimental results demonstrate that the Trojan is extremely effective, with very low hardware and resource footprint, making its detection very challenging.",
author = "Anju Johnson and Chakraborty, {Rajat Subhra} and Debdeep Mukhopadhyay",
year = "2015",
month = "10",
day = "4",
doi = "10.1145/2818362.2818368",
language = "English",
booktitle = "Proceedings of the WESS'15",
publisher = "Association for Computing Machinery (ACM)",
address = "United States",

}

Johnson, A, Chakraborty, RS & Mukhopadhyay, D 2015, A Novel Attack on a FPGA based True Random Number Generator. in Proceedings of the WESS'15: Workshop on Embedded Systems Security., 6, Association for Computing Machinery (ACM), 10th Workshop on Embedded Systems Security, Amsterdam, Netherlands, 8/10/15. https://doi.org/10.1145/2818362.2818368

A Novel Attack on a FPGA based True Random Number Generator. / Johnson, Anju; Chakraborty, Rajat Subhra; Mukhopadhyay, Debdeep.

Proceedings of the WESS'15: Workshop on Embedded Systems Security. Association for Computing Machinery (ACM), 2015. 6.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - A Novel Attack on a FPGA based True Random Number Generator

AU - Johnson, Anju

AU - Chakraborty, Rajat Subhra

AU - Mukhopadhyay, Debdeep

PY - 2015/10/4

Y1 - 2015/10/4

N2 - True random Number Generators (TRNGs) are important sources of randomness necessary in several cryptographic algorithms and protocols. We describe an attack on a practical Field Programmable Gate Array (FPGA) based TRNG that severely affects the randomness of its output bitstream. In particular, we develop, mathematically analyze and demonstrate an"in-field", post-deployment Hardware Trojan Horse (HTH) insertion technique that exploits the Dynamic Partial Reconfiguration (DPR) capability of modern FPGAs. The attack can be launched from a remote device connected to the FPGA over a standard network connection. The inserted HTH operates by adversely affecting the source of entropy of the TRNG, which results in the probability of zero in the output bitstream to increase to about 0.75 (instead of the ideal value of 0.5). Our experimental results demonstrate that the Trojan is extremely effective, with very low hardware and resource footprint, making its detection very challenging.

AB - True random Number Generators (TRNGs) are important sources of randomness necessary in several cryptographic algorithms and protocols. We describe an attack on a practical Field Programmable Gate Array (FPGA) based TRNG that severely affects the randomness of its output bitstream. In particular, we develop, mathematically analyze and demonstrate an"in-field", post-deployment Hardware Trojan Horse (HTH) insertion technique that exploits the Dynamic Partial Reconfiguration (DPR) capability of modern FPGAs. The attack can be launched from a remote device connected to the FPGA over a standard network connection. The inserted HTH operates by adversely affecting the source of entropy of the TRNG, which results in the probability of zero in the output bitstream to increase to about 0.75 (instead of the ideal value of 0.5). Our experimental results demonstrate that the Trojan is extremely effective, with very low hardware and resource footprint, making its detection very challenging.

U2 - 10.1145/2818362.2818368

DO - 10.1145/2818362.2818368

M3 - Conference contribution

BT - Proceedings of the WESS'15

PB - Association for Computing Machinery (ACM)

ER -

Johnson A, Chakraborty RS, Mukhopadhyay D. A Novel Attack on a FPGA based True Random Number Generator. In Proceedings of the WESS'15: Workshop on Embedded Systems Security. Association for Computing Machinery (ACM). 2015. 6 https://doi.org/10.1145/2818362.2818368