EM Information Security Threats Against RO-Based TRNGs: The Frequency Injection Attack Based on IEMI and EM Information Leakage

True random number generators (TRNGs) based on ring oscillators (ROs) are employed in many devices because they can be constructed with a simple circuit structure. Many systems are affected if an RO-based TRNG is attacked, and its security is degraded. Conventional attacks against RO-based TRNGs red...

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on electromagnetic compatibility 2019-08, Vol.61 (4), p.1122-1128
Main Authors: Osuka, Saki, Fujimoto, Daisuke, Hayashi, Yu-ichi, Homma, Naofumi, Beckers, Arthur, Balasch, Josep, Gierlichs, Benedikt, Verbauwhede, Ingrid
Format: Article
Language:English
Subjects:
Circuits
Electromagnetic (EM) information leakage
Electromagnetic radiation
Frequency estimation
Generators
intentional electromagnetic interference (IEMI)
Jitter
Logic gates
Oscillators
Power cables
Probes
Random numbers
Randomness
true random number generator (TRNG)
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:True random number generators (TRNGs) based on ring oscillators (ROs) are employed in many devices because they can be constructed with a simple circuit structure. Many systems are affected if an RO-based TRNG is attacked, and its security is degraded. Conventional attacks against RO-based TRNGs reduce randomness using direct physical access to the target device and/or modification/invasion of the device or the equipment on which it is implemented. However, depending on the physical location of the device and its tamper resistance measures, directly accessing the device or operating/modifying the implementation may not be easy. This study introduces a noninvasive attack against RO-based TRNGs. In this attack, we intentionally induce sinusoidal electromagnetic waves in a TRNG and estimate the change in its randomness under this interference by observing the signal leaked from the TRNG from a distance. We also consider countermeasures against noninvasive attacks on TRNGs.
ISSN:0018-9375
1558-187X
DOI:10.1109/TEMC.2018.2844027