Abstract
True random Number Generators (TRNGs) are important sources of randomness necessary in several cryptographic algorithms and protocols. We describe an attack on a practical Field Programmable Gate Array (FPGA) based TRNG that severely affects the randomness of its output bitstream. In particular, we develop, mathematically analyze and demonstrate an"in-field", post-deployment Hardware Trojan Horse (HTH) insertion technique that exploits the Dynamic Partial Reconfiguration (DPR) capability of modern FPGAs. The attack can be launched from a remote device connected to the FPGA over a standard network connection. The inserted HTH operates by adversely affecting the source of entropy of the TRNG, which results in the probability of zero in the output bitstream to increase to about 0.75 (instead of the ideal value of 0.5). Our experimental results demonstrate that the Trojan is extremely effective, with very low hardware and resource footprint, making its detection very challenging.
Original language | English |
---|---|
Title of host publication | Proceedings of the WESS'15 |
Subtitle of host publication | Workshop on Embedded Systems Security |
Publisher | Association for Computing Machinery (ACM) |
Number of pages | 6 |
ISBN (Electronic) | 9781450336673 |
DOIs | |
Publication status | Published - 4 Oct 2015 |
Externally published | Yes |
Event | 10th Workshop on Embedded Systems Security: A Workshop of the Embedded Systems Week (ESWEEK 2015) - Amsterdam, Netherlands Duration: 8 Oct 2015 → 8 Oct 2015 Conference number: 10 http://www.wess-workshop.org/ |
Workshop
Workshop | 10th Workshop on Embedded Systems Security |
---|---|
Abbreviated title | WESS 2015 |
Country/Territory | Netherlands |
City | Amsterdam |
Period | 8/10/15 → 8/10/15 |
Internet address |