Daniel E. Holcomb, Wayne P. Burleson and Kevin Fu

Slides:



Advertisements
Similar presentations
Toward Practical Public Key Anti- Counterfeiting for Low-Cost EPC Tags Alex Arbit, Avishai Wool, Yossi Oren, IEEE RFID April
Advertisements

Trusted Symbol of the Digital Economy 1 Bill Holmes – VP Marketing ID Platform - Smart Cards.
MEMORY popo.
SMUCSE 7349 RFID Security. SMUCSE 7349 Current Applications Logistics –Military supply logistics Gulf War I: Double orders to ensure arrival Gulf War.
Gone in 360 Seconds: Hijacking with Hitag2
Entropy Extraction in Metastability-based TRNG
GOPAS TechEd 2012 PKI Design Ing. Ondřej Ševeček | GOPAS a.s. |
Evaluation Criteria for True (Physical) Random Number Generators Used in Cryptographic Applications Werner Schindler 1, Wolfgang Killmann 2 2 T-Systems.
Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.
Project Review Meeting Crolles, June 22, T2.3 Task Task T2.3: Electrical characterization of PV, software (TCAD) / hardware comparison & calibration.
International Symposium on Low Power Electronics and Design Low-Power Sub-Threshold Design of Secure Physical Unclonable Functions 1 Lang Lin, 2 Dan Holcomb,
Physical Unclonable Functions and Applications
1 U NIVERSITY OF M ICHIGAN Reliable and Efficient PUF- Based Key Generation Using Pattern Matching Srini Devadas and Zdenek Paral (MIT), HOST 2011 Thomas.
Physical Unclonable Functions
Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses Authors: Daniel Halperin, Thomas S. Heydt-Benjamin, Benjamin.
1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06.
FPGA structure and programming - Eli Kaminsky 1 FPGA structure and programming.
1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.
RFID Security CMPE 209, Spring 2009 Presented by:- Snehal Patel Hitesh Patel Submitted to:- Prof Richard Sinn.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems Stephen A. Weis, Sanjay E. Sarma, Ronald L. Rivest and Daniel W. Engels.
Yinglei Wang, Wing-kei Yu, Sarah Q. Xu, Edwin Kan, and G. Edward Suh Cornell University Tuan Tran.
RFID in Mobile Commerce and Security Concerns Chassica Braynen April 25, 2007.
EPC for Security Applications By Jacob Ammons & Joe D’Amato.
Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses Zac Chupka Jeff Signore.
CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.
Chip tag A radio-frequency identification system uses tags readers send a signal to the tag and read its response RFID tags can be either passive active.
Chapter 1 Performance of Passive UHF RFID Systems in Practice RFID Systems: Research Trends and Challenges Slides prepared by Dr. Miodrag Bolic.
Pseudorandom Number Generators. Randomness and Security Many cryptographic protocols require the parties to generate random numbers. All the hashing algorithms.
RFID – An Introduction Murari Raghavan UNC-Charlotte.
Fast and Reliable Estimation Schemes in RFID Systems Murali Kodialam and Thyaga Nandagopal Bell Labs, Lucent Technologies Presented by : Joseph Gunawan.
Using ISO tags for Authentication Eddie LaCost Embedded RF.
Secure storage of cryptographic keys within random volumetric materials Roarke Horstmeyer 1, Benjamin Judkewitz 1, Ivo Vellekoop 2 and Changhuei Yang 1.
What is RAM? Nick Sims.
Digital Crime Scene Investigative Process
Chord & CFS Presenter: Gang ZhouNov. 11th, University of Virginia.
National Institute of Science & Technology Technical Seminar Presentation-2004 Presented By: Arjun Sabat [EE ] Flash Memory By Arjun Sabat Roll.
1 UCR Hardware Security Primitives with focus on PUFs Slide credit: Srini Devedas and others.
Extracting Robust Keys from NAND Flash Physical Unclonable Functions Shijie Jia, Luning Xia, Zhan Wang, Jingqiang Lin, Guozhu Zhang and Yafei Ji Institute.
Security Analysis of a Cryptographically- Enabled RFID Device Steve Bono, Matthew Green, Adam Stubblefield, Ari Juels, Avi Rubin, Michael Szydlo Usenix.
Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.
Physical-layer Identification of UHF RFID Tags Authors: Davide Zanetti, Boris Danev and Srdjan Capkun Presented by Zhitao Yang 1.
Based on Bruce Schneier Chapter 8: Key Management Dulal C Kar.
Attacks on PRNGs - By Nupura Neurgaonkar CS-265 (Prof. Mark Stamp)
Attacks Overview Nguyen Cao Dat 1. BK TP.HCM Outline  Cryptographic Attacks ▫ Frequency analysis ▫ Brute force attack ▫ Meet-in-the-middle attack ▫ Birthday.
Game-based composition for key exchange Cristina Brzuska, Marc Fischlin (University of Darmstadt) Nigel Smart, Bogdan Warinschi, Steve Williams (University.
Department of Computer Science and Engineering Applied Research Laboratory Architecture for a Hardware Based, TCP/IP Content Scanning System David V. Schuehler.
The question Can we generate provable random numbers? …. ?
INTRODUCTION TO BIOMATRICS ACCESS CONTROL SYSTEM Prepared by: Jagruti Shrimali Guided by : Prof. Chirag Patel.
Radio Frequency Identification (RFID)
Memory Devices 1. Memory concepts 2. RAMs 3. ROMs 4. Memory expansion & address decoding applications 5. Magnetic and Optical Storage.
New Methods for Cost-Effective Side- Channel Attacks on Cryptographic RFIDs Chair for Embedded Security Ruhr University Bochum David Oswald Timo Kasper.
IDENTITY NUMBERS BY A.M.VILLAVAN M.TECH(COS). RFID Acronymn: Radio Frequency Identification Device RFID is a technology, whose origins are found in the.
======!"§==Systems= Technical Guidance for CC Evaluation Wolfgang Killmann T-Systems GEI GmbH.
CS426Fall 2010/Lecture 51 Computer Security CS 426 Lecture 5 Cryptography: Cryptographic Hash Function.
TRUSTED FLOW: Why, How and Where??? Moti Yung Columbia University.
Real-life cryptography Pfeiffer Alain.  Types of PRNG‘s  History  General Structure  User space  Entropy types  Initialization process  Building.
The Federal Information Processing Standards (FIPS) Encryption Suite Sean Smith COSC
Secure Biometric Authentication for Weak Computational Devices Mikhail Atallah (Purdue),Keith Frikken (Purdue), Michael Goodrich (UC- Irvine), Roberto.
HiTag2 RTLab 이재근.
Computer Organization
A High Speed TRNG Based on SRAM for Resource Constrained Devices
Zahra Ahmadian Recursive Linear and Differential Cryptanalysis of Ultra-lightweight Authentication Protocols Zahra Ahmadian
Combating Tag Cloning with COTS RFID Devices
William Claycomb and Dongwan Shin
Memory Organization.
Cryptography and Network Security Chapter 7
Physical Unclonable Functions and Applications
Pseudorandom Numbers Network Security.
Semiconductor memories are classified in different ways. A distinction is made between read-only (ROM) and read-write (RWM) memories. The contents RWMs.
Presentation transcript:

Initial SRAM State as a Fingerprint and Source of True Random Number for RFID Tags Daniel E. Holcomb, Wayne P. Burleson and Kevin Fu University of Massachusetts, USA. Slides by Oded Argon

FERNS - InfoSec Seminar TAU 2009 Overview What is RFID? RFID Identification Schemes Random numbers What is FERNS? SRAM cell FERNS experimental work Conclusion Questions FERNS - InfoSec Seminar TAU 2009

FERNS - InfoSec Seminar TAU 2009 What is RFID? Small ID tag Has no power source – Low power Even ultra low – the ‘RF’ part of RFID Powered up by the reader for every “ID request” Different applications ID card Digital cash card Inventory management FERNS - InfoSec Seminar TAU 2009

FERNS - InfoSec Seminar TAU 2009 What is RFID? – cont. Need an ID The ‘ID’ part of RFID Need Random numbers For security reasons Need a new random number for every power up Need to be low cost Billions of RFID tags FERNS - InfoSec Seminar TAU 2009

RFID Identification Schemes Non volatile memories Static and reliable Complicated CMOS process Programming is needed Fingerprint Using some process variations Need dedicated circuitry (?) Impacted by noise FERNS - InfoSec Seminar TAU 2009

FERNS - InfoSec Seminar TAU 2009 Random Numbers PRNGs Pseudo Random Noise Generator Using some mathematical function Fully deterministic TRNGs True Random Noise Generator Using some physical random process Unpredictable FERNS - InfoSec Seminar TAU 2009

FERNS - InfoSec Seminar TAU 2009 Random Numbers – cont. Needed by almost every cryptographic algorithm And thus by RFID tags Needs to be unpredictable to be “strong” – TRNGs FERNS - InfoSec Seminar TAU 2009

FERNS - InfoSec Seminar TAU 2009 What is FERNS? Fingerprint Extraction and Random Numbers in SRAM Set out to get the ID and RNG without dedicated circuitry Using existing CMOS storage – SRAM Initial SRAM state based ID and RNG FERNS - InfoSec Seminar TAU 2009

FERNS - InfoSec Seminar TAU 2009 FERNS and RFID Gives the tag its ID RNG for security Matches passive tags usage model Get ID and a random number for every powerup FERNS - InfoSec Seminar TAU 2009

FERNS - InfoSec Seminar TAU 2009 Standard SRAM cell Made out of 6 transistors Threshold voltage mismatch sets the initial state of each cell FERNS - InfoSec Seminar TAU 2009

SRAM cell – Initial state Cells with large threshold mismatch consistently stabilize to the same state These make out the fingerprint Cells with well matched thresholds are highly sensitive to noise Physically random noise will set its initial state These are used to for the RNG FERNS - InfoSec Seminar TAU 2009

SRAM cell – Initial state – cont. Black bits – reliably initialize to 0 White bits – reliably initialize to 1 Gray – can initialize to either one FERNS - InfoSec Seminar TAU 2009

FERNS - InfoSec Seminar TAU 2009 Testing Platforms 160 Virtual tags 256Byte blocks 8 * 512KB SRAM chips Large dataset Able to test corner correlation cases FERNS - InfoSec Seminar TAU 2009

Testing platforms – cont. 10 TI MSP430 Chips 256Byte SRAM memory Ultra low power Not passively powered Read out through JTAG FERNS - InfoSec Seminar TAU 2009

Testing platforms – cont. 3 WISPs – Wireless Identification and Sensing Platform Passively powered 256Byte SRAM FERNS - InfoSec Seminar TAU 2009

FERNS for Identification Latent print A single print (initial state) Is effected by noise Known print Bitwise mean of latent prints FERNS - InfoSec Seminar TAU 2009

FERNS for Identification – cont. Black – ‘0’, White – ‘1’, Gray - Random FERNS - InfoSec Seminar TAU 2009

FERNS for Identification – cont. Three relevant distance quantities Latent fingerprint and known fingerprint of same device Latent fingerprint and all other devices known fingerprint All distances between all known fingerprints A simple hamming distance is used for testing FERNS - InfoSec Seminar TAU 2009

FERNS - InfoSec Seminar TAU 2009 Test results analysis 160 Virtual tags 800 latent fingerprints Incorrect prints differ by at least 685 bits (out of 2048 bits) Comparing known prints to other known prints gives similar results Correct prints differ by less than 109 bits FERNS - InfoSec Seminar TAU 2009

Test results analysis – cont. FERNS - InfoSec Seminar TAU 2009

Test results analysis – cont. MSP430 – 10 known fingerprints 300 latent fingerprints 2700 incorrect matchings Less than 10 came within 600 bits 300 correct matchings Only 4 differed by more than 425 bits No fully reliable threshold available FERNS - InfoSec Seminar TAU 2009

Test results analysis – cont. FERNS - InfoSec Seminar TAU 2009

Test results analysis – cont. 3 WISPs – 256 Byte each 15 known prints – 64 bit 150 latent fingerprints 2100 incorrect matchings None within 20 bits 150 correct mathings Only 3 differed by more than 8 bits FERNS - InfoSec Seminar TAU 2009

Test results analysis – cont. FERNS - InfoSec Seminar TAU 2009

FERNS Identification – security Randomized ID Can be used as a large ID space for each tag No two fingerprints of the same tag came up during testing Can help prevent reply attacks by recording history An adversary can still generate a randomized print FERNS - InfoSec Seminar TAU 2009

FERNS - InfoSec Seminar TAU 2009 FERNS for TRNG Well matched cells capture physically random noise Well matched cells are randomly scattered around the SRAM Randomness is unpredictably scattered The randomness is parallel Contrary to most other TRNGs Amount of entropy is unpredictable FERNS - InfoSec Seminar TAU 2009

FERNS for TRNG - Security The source of entropy is obscure Can’t tell where are the well matched cells Proximity of cells Trying to influence one will likely influence others FERNS - InfoSec Seminar TAU 2009

FERNS for TRNG - Analysis Tested on the virtual tags Least random of the three platforms Most challenging An average of 0.103 bits of entropy per memory bit Around 210 bits out of 2048 raw bits Possible to produce 128 bit “keys” FERNS - InfoSec Seminar TAU 2009

FERNS for TRNG - Analysis Raw bits fail to pass entropy tests Tested using NIST test suite NH polynomial (PH) universal hash function as an entropy extractor Passes the same tests Future work Test the min-entropy of the raw bits Will ensure randomness of the hashed output FERNS - InfoSec Seminar TAU 2009

FERNS - InfoSec Seminar TAU 2009 Conclusion RFID tags are a challenging platform Cost and security wise Initial testing of FERNS seem to provide a system for fingerprints and true random numbers for RFIDS Quality of both need to be further tested FERNS - InfoSec Seminar TAU 2009

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.