A Novel Attack on a FPGA based True Random Number Generator

Anju Johnson, Rajat Subhra Chakraborty, Debdeep Mukhopadhyay

Research output: Chapter in Book/Report/Conference proceedingConference contribution

8 Citations (Scopus)

Abstract

True random Number Generators (TRNGs) are important sources of randomness necessary in several cryptographic algorithms and protocols. We describe an attack on a practical Field Programmable Gate Array (FPGA) based TRNG that severely affects the randomness of its output bitstream. In particular, we develop, mathematically analyze and demonstrate an"in-field", post-deployment Hardware Trojan Horse (HTH) insertion technique that exploits the Dynamic Partial Reconfiguration (DPR) capability of modern FPGAs. The attack can be launched from a remote device connected to the FPGA over a standard network connection. The inserted HTH operates by adversely affecting the source of entropy of the TRNG, which results in the probability of zero in the output bitstream to increase to about 0.75 (instead of the ideal value of 0.5). Our experimental results demonstrate that the Trojan is extremely effective, with very low hardware and resource footprint, making its detection very challenging.
Original languageEnglish
Title of host publicationProceedings of the WESS'15
Subtitle of host publicationWorkshop on Embedded Systems Security
PublisherAssociation for Computing Machinery (ACM)
Number of pages6
ISBN (Electronic)9781450336673
DOIs
Publication statusPublished - 4 Oct 2015
Externally publishedYes
Event10th Workshop on Embedded Systems Security: A Workshop of the Embedded Systems Week (ESWEEK 2015) - Amsterdam, Netherlands
Duration: 8 Oct 20158 Oct 2015
Conference number: 10
http://www.wess-workshop.org/

Workshop

Workshop10th Workshop on Embedded Systems Security
Abbreviated titleWESS 2015
CountryNetherlands
CityAmsterdam
Period8/10/158/10/15
Internet address

Fingerprint Dive into the research topics of 'A Novel Attack on a FPGA based True Random Number Generator'. Together they form a unique fingerprint.

Cite this