Presentation is loading. Please wait.

Presentation is loading. Please wait.

Daniel E. Holcomb, Wayne P. Burleson and Kevin Fu

Published byMelina Wilkerson Modified over 9 years ago

Similar presentations

Presentation on theme: "Daniel E. Holcomb, Wayne P. Burleson and Kevin Fu"— Presentation transcript:

1 Initial SRAM State as a Fingerprint and Source of True Random Number for RFID Tags
Daniel E. Holcomb, Wayne P. Burleson and Kevin Fu University of Massachusetts, USA. Slides by Oded Argon

2 FERNS - InfoSec Seminar TAU 2009
Overview What is RFID? RFID Identification Schemes Random numbers What is FERNS? SRAM cell FERNS experimental work Conclusion Questions FERNS - InfoSec Seminar TAU 2009

3 FERNS - InfoSec Seminar TAU 2009
What is RFID? Small ID tag Has no power source – Low power Even ultra low – the ‘RF’ part of RFID Powered up by the reader for every “ID request” Different applications ID card Digital cash card Inventory management FERNS - InfoSec Seminar TAU 2009

4 FERNS - InfoSec Seminar TAU 2009
What is RFID? – cont. Need an ID The ‘ID’ part of RFID Need Random numbers For security reasons Need a new random number for every power up Need to be low cost Billions of RFID tags FERNS - InfoSec Seminar TAU 2009

5 RFID Identification Schemes
Non volatile memories Static and reliable Complicated CMOS process Programming is needed Fingerprint Using some process variations Need dedicated circuitry (?) Impacted by noise FERNS - InfoSec Seminar TAU 2009

6 FERNS - InfoSec Seminar TAU 2009
Random Numbers PRNGs Pseudo Random Noise Generator Using some mathematical function Fully deterministic TRNGs True Random Noise Generator Using some physical random process Unpredictable FERNS - InfoSec Seminar TAU 2009

7 FERNS - InfoSec Seminar TAU 2009
Random Numbers – cont. Needed by almost every cryptographic algorithm And thus by RFID tags Needs to be unpredictable to be “strong” – TRNGs FERNS - InfoSec Seminar TAU 2009

8 FERNS - InfoSec Seminar TAU 2009
What is FERNS? Fingerprint Extraction and Random Numbers in SRAM Set out to get the ID and RNG without dedicated circuitry Using existing CMOS storage – SRAM Initial SRAM state based ID and RNG FERNS - InfoSec Seminar TAU 2009

9 FERNS - InfoSec Seminar TAU 2009
FERNS and RFID Gives the tag its ID RNG for security Matches passive tags usage model Get ID and a random number for every powerup FERNS - InfoSec Seminar TAU 2009

10 FERNS - InfoSec Seminar TAU 2009
Standard SRAM cell Made out of 6 transistors Threshold voltage mismatch sets the initial state of each cell FERNS - InfoSec Seminar TAU 2009

11 SRAM cell – Initial state
Cells with large threshold mismatch consistently stabilize to the same state These make out the fingerprint Cells with well matched thresholds are highly sensitive to noise Physically random noise will set its initial state These are used to for the RNG FERNS - InfoSec Seminar TAU 2009

12 SRAM cell – Initial state – cont.
Black bits – reliably initialize to 0 White bits – reliably initialize to 1 Gray – can initialize to either one FERNS - InfoSec Seminar TAU 2009

13 FERNS - InfoSec Seminar TAU 2009
Testing Platforms 160 Virtual tags 256Byte blocks 8 * 512KB SRAM chips Large dataset Able to test corner correlation cases FERNS - InfoSec Seminar TAU 2009

14 Testing platforms – cont.
10 TI MSP430 Chips 256Byte SRAM memory Ultra low power Not passively powered Read out through JTAG FERNS - InfoSec Seminar TAU 2009

15 Testing platforms – cont.
3 WISPs – Wireless Identification and Sensing Platform Passively powered 256Byte SRAM FERNS - InfoSec Seminar TAU 2009

16 FERNS for Identification
Latent print A single print (initial state) Is effected by noise Known print Bitwise mean of latent prints FERNS - InfoSec Seminar TAU 2009

17 FERNS for Identification – cont.
Black – ‘0’, White – ‘1’, Gray - Random FERNS - InfoSec Seminar TAU 2009

18 FERNS for Identification – cont.
Three relevant distance quantities Latent fingerprint and known fingerprint of same device Latent fingerprint and all other devices known fingerprint All distances between all known fingerprints A simple hamming distance is used for testing FERNS - InfoSec Seminar TAU 2009

19 FERNS - InfoSec Seminar TAU 2009
Test results analysis 160 Virtual tags 800 latent fingerprints Incorrect prints differ by at least 685 bits (out of 2048 bits) Comparing known prints to other known prints gives similar results Correct prints differ by less than 109 bits FERNS - InfoSec Seminar TAU 2009

20 Test results analysis – cont.
FERNS - InfoSec Seminar TAU 2009

21 Test results analysis – cont.
MSP430 – 10 known fingerprints 300 latent fingerprints 2700 incorrect matchings Less than 10 came within 600 bits 300 correct matchings Only 4 differed by more than 425 bits No fully reliable threshold available FERNS - InfoSec Seminar TAU 2009

22 Test results analysis – cont.
FERNS - InfoSec Seminar TAU 2009

23 Test results analysis – cont.
3 WISPs – 256 Byte each 15 known prints – 64 bit 150 latent fingerprints 2100 incorrect matchings None within 20 bits 150 correct mathings Only 3 differed by more than 8 bits FERNS - InfoSec Seminar TAU 2009

24 Test results analysis – cont.
FERNS - InfoSec Seminar TAU 2009

25 FERNS Identification – security
Randomized ID Can be used as a large ID space for each tag No two fingerprints of the same tag came up during testing Can help prevent reply attacks by recording history An adversary can still generate a randomized print FERNS - InfoSec Seminar TAU 2009

26 FERNS - InfoSec Seminar TAU 2009
FERNS for TRNG Well matched cells capture physically random noise Well matched cells are randomly scattered around the SRAM Randomness is unpredictably scattered The randomness is parallel Contrary to most other TRNGs Amount of entropy is unpredictable FERNS - InfoSec Seminar TAU 2009

27 FERNS for TRNG - Security
The source of entropy is obscure Can’t tell where are the well matched cells Proximity of cells Trying to influence one will likely influence others FERNS - InfoSec Seminar TAU 2009

28 FERNS for TRNG - Analysis
Tested on the virtual tags Least random of the three platforms Most challenging An average of bits of entropy per memory bit Around 210 bits out of 2048 raw bits Possible to produce 128 bit “keys” FERNS - InfoSec Seminar TAU 2009

29 FERNS for TRNG - Analysis
Raw bits fail to pass entropy tests Tested using NIST test suite NH polynomial (PH) universal hash function as an entropy extractor Passes the same tests Future work Test the min-entropy of the raw bits Will ensure randomness of the hashed output FERNS - InfoSec Seminar TAU 2009

30 FERNS - InfoSec Seminar TAU 2009
Conclusion RFID tags are a challenging platform Cost and security wise Initial testing of FERNS seem to provide a system for fingerprints and true random numbers for RFIDS Quality of both need to be further tested FERNS - InfoSec Seminar TAU 2009

31 Questions?

Download ppt "Daniel E. Holcomb, Wayne P. Burleson and Kevin Fu"

Similar presentations

Toward Practical Public Key Anti- Counterfeiting for Low-Cost EPC Tags Alex Arbit, Avishai Wool, Yossi Oren, IEEE RFID April 2011 1.

Toward Practical Public Key Anti- Counterfeiting for Low-Cost EPC Tags Alex Arbit, Avishai Wool, Yossi Oren, IEEE RFID April
Trusted Symbol of the Digital Economy 1 Bill Holmes – VP Marketing ID Platform - Smart Cards.

Trusted Symbol of the Digital Economy 1 Bill Holmes – VP Marketing ID Platform - Smart Cards.
MEMORY popo.

MEMORY popo.
SMUCSE 7349 RFID Security. SMUCSE 7349 Current Applications Logistics –Military supply logistics Gulf War I: Double orders to ensure arrival Gulf War.

SMUCSE 7349 RFID Security. SMUCSE 7349 Current Applications Logistics –Military supply logistics Gulf War I: Double orders to ensure arrival Gulf War.
Gone in 360 Seconds: Hijacking with Hitag2

Gone in 360 Seconds: Hijacking with Hitag2
Entropy Extraction in Metastability-based TRNG

Entropy Extraction in Metastability-based TRNG
GOPAS TechEd 2012 PKI Design Ing. Ondřej Ševeček | GOPAS a.s. |

GOPAS TechEd 2012 PKI Design Ing. Ondřej Ševeček | GOPAS a.s. |
Evaluation Criteria for True (Physical) Random Number Generators Used in Cryptographic Applications Werner Schindler 1, Wolfgang Killmann 2 2 T-Systems.

Evaluation Criteria for True (Physical) Random Number Generators Used in Cryptographic Applications Werner Schindler 1, Wolfgang Killmann 2 2 T-Systems.
Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.
Project Review Meeting Crolles, June 22, 2009 1 T2.3 Task Task T2.3: Electrical characterization of PV, software (TCAD) / hardware comparison & calibration.

Project Review Meeting Crolles, June 22, T2.3 Task Task T2.3: Electrical characterization of PV, software (TCAD) / hardware comparison & calibration.
International Symposium on Low Power Electronics and Design Low-Power Sub-Threshold Design of Secure Physical Unclonable Functions 1 Lang Lin, 2 Dan Holcomb,

International Symposium on Low Power Electronics and Design Low-Power Sub-Threshold Design of Secure Physical Unclonable Functions 1 Lang Lin, 2 Dan Holcomb,
Physical Unclonable Functions and Applications

Physical Unclonable Functions and Applications
1 U NIVERSITY OF M ICHIGAN Reliable and Efficient PUF- Based Key Generation Using Pattern Matching Srini Devadas and Zdenek Paral (MIT), HOST 2011 Thomas.

1 U NIVERSITY OF M ICHIGAN Reliable and Efficient PUF- Based Key Generation Using Pattern Matching Srini Devadas and Zdenek Paral (MIT), HOST 2011 Thomas.
Physical Unclonable Functions

Physical Unclonable Functions
Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses Authors: Daniel Halperin, Thomas S. Heydt-Benjamin, Benjamin.

Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses Authors: Daniel Halperin, Thomas S. Heydt-Benjamin, Benjamin.
1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06.

1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06.
FPGA structure and programming - Eli Kaminsky 1 FPGA structure and programming.

FPGA structure and programming - Eli Kaminsky 1 FPGA structure and programming.
1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.

1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.
RFID Security CMPE 209, Spring 2009 Presented by:- Snehal Patel Hitesh Patel Submitted to:- Prof Richard Sinn.

RFID Security CMPE 209, Spring 2009 Presented by:- Snehal Patel Hitesh Patel Submitted to:- Prof Richard Sinn.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

Similar presentations

Ads by Google