an embedded true random number generator for fpgas bebek, jerry paul kohlbrenner lockheed martin...
TRANSCRIPT
An Embedded True Random Number Generator for FPGAs
Bebek, Jerry
Paul KohlbrennerLockheed Martin
3201 Jermantown RoadFairfax, VA 22030, USA
Kris GajGeorge Mason University
4400 University DriveFairfax, VA 22030, USA
•Random numbers are an essential in ComS.…and, just as problematic.
•There are several methods to generate them.
•Unfortunately, all these methods are deterministic.
The Question: HOW COULD A TOTALLY LOGICAL MACHINE GENERATE
A RANDOM NUMBER?
The Answer: It Can’t.The only truly random number sources are
those related to physical phenomena such as the rate of radioactive decay of an element
or the thermal noise of a semiconductor.
BOTTOM LINERandomness is bound to natural phenomena.It is impossible to algorithmically generate
truly random numbers.
PSEUDO-VULNERABILITYPseudo-Random numbers are prone to being broken into.
`It is not an impossibletask to analyze
patterns in pseudo-random numbers. A
40-bit encryption with algorithmically
generated random numbers could be
broken in as little as 30 hours`.
..and yes, it has happened.
The Netscape 2.0 Attack Was An Example.
FPGA Advantage In The Field
• Near-ASIC encryption speeds
• Algorithm and resource efficiencies
• In service algorithm modification
• Low development costs
• Parameter and algorithm eraser on intrusion detection
The Method: Clock JitterJitter is variations in the significant instants of a clock.
Jitter is nondeterministic (random)
Jitter may have many sources:
•semiconductor noise•cross talk•Power supply variations•electro-magnetic fields
Jitter may be characterized in several ways:• Period Jitter• Amplitude Jitter
Period Jitter(clock skew)
Overall Design
The Ring Oscillators
x2
Uses Propagation Delay – 130 MHz
The Sampler
One of the clocksignals is usedto sample the other signal.
The Output From The SamplerClock Skew (jitter) in between two clock signals is used(e.g. sampled) to generate a totally random bit.
Note that clock skew will never be uniform.Note that clock skew is NOT simple out-out-phase ness.
Jitter (detail)
Good Speed Ratios Ring oscillators with closely matched frequencies
require that a desired speed ratio must be achieved.
What factors affect this achievement? Variation in CLB speed
7% difference between the slowest CLB and the fastest one Sensitive to temperature and difficult for measurement
Variation in the frequency of an oscillator with the chip temperature
Close placement To use a large number of oscillators
Evidence of Jitter Clocks with jitter lead to randomness of
output bit stream
If signal S0 has a single length, the output will be deterministic (all 0s, or 1s or 0s and 1s with a repeating pattern)
Evidence: Variation in the cycle lengths of Oscillators Variation in the cycle length of the signal S0
Evidence of Jitter (details)
Frequency 130MHz
Bias in the Output Ideal Output: 1s and 0s are evenly and
randomly distributed. Output with bias: 1s more likely than 0s,
or vice versa
The sources of bias: The limited number of difference bit length
of S0 signal Occasional meta-stable output from the
sampling flip-flop, (using a buffer can alleviate this problem)
Reduction of Bias XOR of successive pairs of bits
Example:P(X=1)=2*p(1-p),P(X=0)=p^2+(1-p)^2(p is the probability of 1s)
A von Neumann corrector
NOTE: Limitation: no correlations in the output bit stream Disadvantage: reduction of the output bit rate
Output Bit generation speed
Experimental Environment
SLAAC-1V board with three Xilinx Virtex XCV1000 FPGA
Synplify V7.2 Xilinx ISE 4.2 NIST Statistical Test Suite for Random
and Pseudorandom Number Generator for Cryptographic Applications
Experimental Results
P-value: the probability that a perfect random number generator would have produced a sequence less random than the sequence that was tested; The larger, the better.
Future Work Increasing output bit rate by
Increasing the speed of ring oscillators Generating S0 signal from both rising and falling
edge of the clock Increasing the number of oscillators to solve
problems in finding matched CLBS Adding a counter to S0 signal for real time
“noise-failure” alarm
Conclusion
The implementation is useful addition to the cryptographic systems using FPGA
No special requirement within FPGA increases the universal of the design
Questions
???